NAC in non dhcp environment

aviyoshi10 · ‎11-01-2009

how can implement nac in non dhcp environment (all users have static ip) ?

i need to use virtual GW mode?

all the useres must be in the same access vlan ?

Faisal Sehbai · ‎11-01-2009

Not a very good idea. You can make it work, but role-based vlans won't work, and if you use real-ip, then oob won't work since it relies on changing the ip address to access subnet.

HTH,

Faisal

aviyoshi10 · ‎11-01-2009

thanks,

about role-based vlan you mean that after authenticating the users, all the users must reside on the same access vlan ?

Faisal Sehbai · ‎11-02-2009

Yes. You'll have to define all the access vlans manually, and cannot dynamically move them to different vlans based on their roles.

HTH,

Faisal

aviyoshi10 · ‎11-02-2009

the role-based vlan wont work beacuse the cam will not bounce the port ?

i dont understand the correlation between role-based vlan and not using dhcp services ?

do you have by any chance a design overview for that situation ?

Faisal Sehbai · ‎11-02-2009

For role-based vlan mapping, the vlan is switched to the final vlan and then agent requests an ip refresh since if you had the access vlan IP address, and you're now in a new vlan, network access wont be there.

I don't think we have any white papers discussing setting up NAC with static IPs, but I'll look.

HTH,

Faisal