Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Internet access from untrusted vlan?

We are running NAC 4.7.2 in a OOB VGW configuration.

Let's say the mapping is from untrusted vlan 630 to trusted vlan 30 and that I have device that has failed it's posture check and needs to remediate to an external website. (The device that has failed stays in vlan 630 and has an same IP address it would use when it is moved into vlan 30.)

I would like to leave the device in vlan 630 but need to give it access to the Internet. Am I correct in that I should be able to do this using the proper filter?

If not what is the correct way to approach this scenario?

Thanks!

Bob   

  • Other Security Subjects
1 REPLY

Re: Internet access from untrusted vlan?

Bob,

That is correct. In this scenario the traffic policies of the Temporary Role would apply and whatever sites/ips you allow in that role, the client would be able to get to those.

HTH,

Faisal

280
Views
5
Helpful
1
Replies
This widget could not be displayed.