11-01-2009 09:56 PM - edited 02-21-2020 03:46 AM
how can implement nac in non dhcp environment (all users have static ip) ?
i need to use virtual GW mode?
all the useres must be in the same access vlan ?
11-01-2009 09:58 PM
Not a very good idea. You can make it work, but role-based vlans won't work, and if you use real-ip, then oob won't work since it relies on changing the ip address to access subnet.
HTH,
Faisal
11-01-2009 10:19 PM
thanks,
about role-based vlan you mean that after authenticating the users, all the users must reside on the same access vlan ?
11-02-2009 07:09 AM
Yes. You'll have to define all the access vlans manually, and cannot dynamically move them to different vlans based on their roles.
HTH,
Faisal
11-02-2009 11:41 AM
the role-based vlan wont work beacuse the cam will not bounce the port ?
i dont understand the correlation between role-based vlan and not using dhcp services ?
do you have by any chance a design overview for that situation ?
11-02-2009 11:44 AM
For role-based vlan mapping, the vlan is switched to the final vlan and then agent requests an ip refresh since if you had the access vlan IP address, and you're now in a new vlan, network access wont be there.
I don't think we have any white papers discussing setting up NAC with static IPs, but I'll look.
HTH,
Faisal
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: