Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
717
Views
0
Helpful
4
Replies

NAC 4.1

Go to solution
estelamathew
Level 2
Level 2

‎04-29-2010 02:40 PM - edited ‎02-21-2020 03:56 AM

Hello friends,

Pls find the flow chart design for deploying NAC

Installing NAC for the first time, I m little bit confuse what design i shld choose:It is a corporate network with access switches,core switch,asa firewall,ACS.

I have a multi vendor switches in my network HP switches as well as Cisco on acces layer and on core i have a HP 5406,i have read the NAC book from cisco press.It says that u shld choose IN-band mode when u have a multi vendor switches in ur network.So what i m thinking is IN-band mode  layer2 adjacency with real IP gateway or virtual IP.

But wherever i see the document on cisco website it is all for OOB network mode (real as well as virtual) i m not able to find any configuration example for IN-band layer2 adjacency in real ip  gateway or virtual gateway.

Is it my thinking is wrong or please guide me which mode i shld choose.and route me to the proper configuration example.

Thanks

Preview file
501 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to surcisco123

‎04-30-2010 08:53 PM

Kamran,

Not sure I understand the question completely, but I can tell for sure that VPN is supported IB with RIP and VGW both. In VGW the VLANs are different on the trusted and untrusted side and worst case scenario, if a switch misbehaves or doesn't work "right" with NAC, you can place it in true edge deployment to make it work. In short, it's possible

HTH,

Faisal

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Faisal Sehbai
Level 7
Level 7

‎04-29-2010 11:58 PM

Estela,

You're right that with multi-switch vendors IB is your only available option. Your best bet for design help with IB would be the chalk talk series. If you haven't viewed them yet, please give them a whirl.

Chalktalks can be found here: http://bit.ly/chalktalks

Look at the first and second chalk talk in particular.

HTH,

Faisal

0 Helpful

Go to solution
surcisco123
Level 1
Level 1
In response to Faisal Sehbai

‎04-30-2010 03:34 AM

Hello Faisal,

In multi vendor switches we shld use IN-BAND mode but is it In-band mode supports virtual gateway,?????  According to my knowledge In IN-band mode traffic is always flowing from NAC server than how we can configure a virtual mode in IN-BAND mode.

pls have a look in the attached file from estela,it is showing in non supported switches IN-BAND mode with layer 2 adjacent in  real ip gateway and also with virtual IP gateway.How it is possible. pls guide??

Thanks

0 Helpful

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to surcisco123

‎04-30-2010 08:53 PM

Kamran,

Not sure I understand the question completely, but I can tell for sure that VPN is supported IB with RIP and VGW both. In VGW the VLANs are different on the trusted and untrusted side and worst case scenario, if a switch misbehaves or doesn't work "right" with NAC, you can place it in true edge deployment to make it work. In short, it's possible

HTH,

Faisal

0 Helpful

Go to solution
estelamathew
Level 2
Level 2
In response to Faisal Sehbai

‎05-04-2010 11:36 AM

Thanks Faisal

u have provided a very good link to clear the picture for IB and OOB.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card