Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAC appliance (CAS and CAM) pros and cons - any field knowledge to share?

Has anyone implement NAC appliance (CAM and CAS) in virtual Gateway OOB mode. VLAN mapping concept is used to map a quarantined VLAN to a trusted VLAN.

Is looping an issue here?

Pls advise the pros and cons of using this as we need more information from the field to gauge the stability and ease of use of this network posture and access control method.

Any advice is highly appreciated. Thanks.

4 REPLIES

Re: NAC appliance (CAS and CAM) pros and cons - any field knowle

I'm currently deploying CAS in OOB RGW, just upgraded to v4. Found v3.6 to be ok, a few strange things, some hopefully fixed in v4.

Resources on CCA are a little scarce.

Why are you using VGW rather than RGW ?

New Member

Re: NAC appliance (CAS and CAM) pros and cons - any field knowle

Virtual gateway is the preferred method since almost no changes need to be made on the network to implement the CAS.

Can share why are you using router mode instead of bridge/gateway mode? Is your deployment stable? Any common problems to share with the forum?

Thanks

New Member

Re: NAC appliance (CAS and CAM) pros and cons - any field knowle

We are planning to deploy ccs as well, using the packages solution, could someone please tell me what would be the safest way to implement the solution(Mode?) since out network is up and running and we would want least disrupption and changes to our network.

I will rate all posts.

Thanks,

Tarun

Re: NAC appliance (CAS and CAM) pros and cons - any field knowle

Not an easy question.

For LAN users I would think OOB rather than IB.

For WAN users it used to be IB but I think L3 OOB in v4 might do the job.

For wireless/vpn users I think IB.

VGW or RGW? You tend to use VGW if you don't want to change existing IPs. This argument is true for IB but not really relevant for OOB because the CAS is only inline during authentication/assesment/remediation, for which you probably don't have VLANs yet. So for OOB I think RGW makes sense.

Hope this helps (at least a bit).

223
Views
0
Helpful
4
Replies
CreatePlease to create content