Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC authentication mechanism


Whether it is possible to configure the NAC with the following settings:

I am establishing this in a campus LAN environment.

I have a Cisco 4510R Layer 3 switch as the Core switch.

I have Cisco 3550 Layer 3 switch as the distribution switch

I have some unmanaged and managed switch as the Access layer Switches. All Desktop computers are connected in this access swtich only.

Distribution Switch and core switch is connected in the Routed backbone (Trunking is not configured between Distribution and Core)

Since I have unmanaged switches at the access layer and Core to Distribution is Routed backbone (Layer 3) i have decided to configure the NAC appliance in the following setup:

Layer 3 Inband Virtual Gateway

I request you to provide solution and configuration steps to achieve the following:

1. How to configure NAC Appliance for Layer3 Inband VirtualGateway

2. Users/Desktop computers should authenticate by username/password & Mac Address/IP address to get into the network. If the Users/Desktop computers do not match the IP address with MAC Address combination configured in the NAC appliance they should be in quarantine role.

New Member

Re: NAC authentication mechanism

I understood that connectivity between core swich and distribution switch is through routed port.

am i right?

if this is the case then intervlan routing must be done by distribution switch and have one default route pointing toward the core switch.

in this situation, you have to easily configure your nac with L2, inband and Virtual Gateway mode by placing both CAS and CAM on distribution switch.

it is the easiest way to configure NAC in your enviornment.

New Member

Re: NAC authentication mechanism

Hi Hemant,

At the outset thankyou for the interest you have shown

You have correctly understood the scenario. Thanks again.

But i cannot keep the NAC at distribution layer (Edge Deployment) as i have multiple distribution switches connecting to core switch. Keeping in Distribution Switch will definitely work as you said

I want this it to be in Centralized Deployment. Then how the NAC (CAS) interfaces are configured. What VLAN / IP address it will be in.

No document is available in Cisco to configure Layer 3 Inband Virtual Gateway Mode.

Please help me

New Member

Re: NAC authentication mechanism

I don't think so it is possible to have L3 Inband virtual gateway