Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

l2 or l3 switch with NAC appliance

Hi,

I am planning for deploying NAC appliance in OOBVG mode. For the access layer, L2 switches are selected (2960). If I change the L2 access switches with L3 (3560 or 3750) would this add more manageability to the access layer by NAC?

Regards,

Mladen

3 REPLIES
Bronze

Re: l2 or l3 switch with NAC appliance

The L3 switch would allow you to run in Real-Gateway mode if you'd like. The benefits of that is they can act as a DHCP scope for your dirty network so you do not use another server or router.

New Member

Re: l2 or l3 switch with NAC appliance

Thanks.

The document "Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide" says:

"In out-of-band Real-IP or NAT gateway deployment, the client IP address has to change when the port is changed from the Auth VLAN to the Access VLAN."

So the clients will have to receive TCP/IP settings via DHCP twice, which I don't think is client satisfactory.

If the NAC is in OOBVG mode, are there any NAC features, which are not supported (IP filtering rules, access policies, and any other traffic handling mechanisms)?

Regards,

Mladen

Bronze

Re: l2 or l3 switch with NAC appliance

Mladen

You can create the same policies as you would in IBVG mode. This can be done globally or you can have different policies for each CAS.

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cas/s_trfpol.html

Josh

141
Views
5
Helpful
3
Replies