Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC in-band & out-of-band CAS - Same VLAN?

Hello, I've been trying to find the answer before posting but I haven't been able to yet. I am deploying an out-of-band CAS for our Wired Network, and in-band CAS for our Wireless Network. My question is, can the CAS' be on the same VLAN for the Mgmt port? Also, can I use the same dummy 'black hole' VLAN's for both servers or will that cause a problem somehow?

It seems I should be able to use the same Mgmt VLAN for both, as the allowed VLAN's on the ports will be different, and the untrusted VLANs will also be different, but I wanted to know for sure.



Re: NAC in-band & out-of-band CAS - Same VLAN?

The two can be in the same vlan if you are using Real IP. If using virtual gateway, it would be best to use separate vlans. This has to do with the VGW arping features.

You should be able to use the same 'black hole' vlan.

New Member

Re: NAC in-band & out-of-band CAS - Same VLAN?

Thanks for the response! That makes sense, something in the back of my head was telling me to use different VLAN's, but nothing that I read was pointing it out. I am using Virtual Gateway for these, not Real IP.