Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CCA Design Questions

I have a customer with 5 small remote locations ~ 10 users at each site. They are connected to HQ over a managed MPLS VPN solution.

HQ consists of a single 4507R which services ~ 150 users and has multiple internal segments for HR, Sales, etc.

The customer would prefer to have a single NAC server and manager located in the data center for simplified management and access. However, based on their design I have recommended a NAC server at each site and one for HQ running in OOB mode.

Can someone please provide some insight on this setup? My thinking is that running L3 inline mode for all of the remote sites and HQ would be to complex to configure and manage. By placing a NAC server at each remote site I can run OOB and simplify the configuration across the network.

I appreciate any/all comments.

New Member

Re: CCA Design Questions

This is probably not too bright, but if you can aggregate all the remote traffic in front of a CAS, you could do an out of band virtual gateway type config. I would imagine though, that there might be issues with latency across WAN links that might make a layer 3 implementation a better choice.

CreatePlease login to create content