Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC Appliance OOB L3

Hi everyone,

"i have a friend" ( :-) )to which i want to deploy the NAC OOB L3.

Why this one? Because he has a central location and a few branches (a few more actually) and these branches are at 2 L3 hops prom the center. More specific, there is a L3 switch as a gateway to the branch LAN users and after that, a router that connects to the center (GRE/IPSec).

The question is, and i did not manage to find or to realise by myself: it is mandatory to use a DHCP server for allocating ip-s to clients? (for all of their states: unauthenticated, authenticated, permited etc).

If not how it should be done?

Second: if is mandatory, should it work only with a centraly deployed DHCP server, or i can use the L3 switch in every branch as a dhcp server?

Thank you for your patiance.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: NAC Appliance OOB L3

DHCP is required for L3 OOB real-ip gateway since the system will need to get a new address when it is switch to the authorization VLAN and then again after the posture process when it is switched back to its "normal" VLAN.

As for the DHCP server, you can use either a central server, have a local switch provide the addresses or a combination of both.

In our install, the local switch is the DHCP server for the auth VLAN and a local server is used for the access VLAN.

Mike

3 REPLIES
New Member

Re: NAC Appliance OOB L3

DHCP is required for L3 OOB real-ip gateway since the system will need to get a new address when it is switch to the authorization VLAN and then again after the posture process when it is switched back to its "normal" VLAN.

As for the DHCP server, you can use either a central server, have a local switch provide the addresses or a combination of both.

In our install, the local switch is the DHCP server for the auth VLAN and a local server is used for the access VLAN.

Mike

New Member

Re: NAC Appliance OOB L3

Hi Mike,

thank you for your reply.

So you have this deployment in place? I mean OOB L3 with the CAS and CAM centrally and the dhcp servers on every branch?

Thanks!

New Member

Re: NAC Appliance OOB L3

We have completed the testing on our development network and moved the systems onto the production network. We are under a limited deployement as we have encountered a couple of issues that we are working through. The issues though are not related to DHCP.

154
Views
0
Helpful
3
Replies