I am query regarding inband implementation of NAC server.
Is it possible to have multiple vlans to terminate on the untrusted interface of the NAS in real gateway mode?
Is this is the case, how can I add an IP address to each vlan ID on the untrusted interface.
The aim is to implement the following deployment.
The network architecture is a collapsed Core, Distribution/Core on the same 2 switchs with SVIs on the distribution switchs for all the vlans. Since the network may not have all cisco switchs, I am forced to use Inband deployment.
I wanted to trunk required vlans to the NAC untrusted interface, remove the SVIs on the Distribution Switchs forcing vlan clients onto the NAC.
The trusted NAC interface will be connected to a SVI vlan or L3 interface on the distribution switch.
Since the NAC is in real gateway mode, DHCP pool or DHCP relays need to configure on the NAC server as well.
As a summary, can you please advise if it is possible to create something like SVIs on the NAC untrusted port and define DHCP relay on those SVIs on the untrusted interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...