Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC is not ready for L3 OOB

This is what I think after spending a few weeks trying to load balance the traffic using 3 CAS servers for L3 OOB mode.

I understand the need of PBR or ACL to force the traffic from auth VLAN to the untrusted side of the CAS.

Once the CAS is selected, the CAS server should be bale to perform NAT (or PAT) to change the source address to the trusted side address so that the return traffic will come back to the right CAS and there is no need to do PBR for the return traffic from DNS or to apply class maps to the ACE etc.

Why can't Cisco make it easier by doing NAT on the trusted side and all we have to do is take care of the load balancing on the untrusted side?

Unless Cisco does this, I do not think the L3 OOB is ready for enterpises in my opinion.


Cisco Employee

Re: NAC is not ready for L3 OOB

Are you asking to do NAT on the trusted side of the CAS itself? I think this can be a good feature request please you can run this by your account Thanks

CreatePlease to create content