Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC L2/L3 in Datacenter

We have 2 NAC appliance. customer wants to cover both L2 and L3 devices for posture validation. Can we have 2 NAC appliance in DC one operating in L2 mode covering L2 segments and other running in L3 mode covering branch sites?

Are there any issues in this design. NAC appliance will be placed in DMZ zone on collapsed core 6500 switch.

Regards

Vinod

4 REPLIES
New Member

Re: NAC L2/L3 in Datacenter

Hi Vinod,

If you have only 2 appliance , you need to use one as a manager and one as server.

if you have a separate manager and 2 appliance as servers , then you can deploy one NAC appliance as L2 server and another in L3 mode.

with regards

sathappan.s

New Member

Re: NAC L2/L3 in Datacenter

Hello There,

Yes we have 2 NAC managers(CAM) and 2 NAC appliance (CAS) for our datacenter.

Bronze

Re: NAC L2/L3 in Datacenter

You can have one CAS use both L2/L3 enforcement. I would have the the other CAS enforced in L2 on the DMZ segment just so all that traffic does not have to come to the data center for authentication and posture assessment

New Member

Re: NAC L2/L3 in Datacenter

vinod,

Basically 2 CAM and 2 CAS come as a failover bundle. The 2 CAS will be a failover bundle licensed to the number of users you have brought.

If you want to deploy the NAC for Wired users, you can have the failover bundle to manage the l2 users along with l3 support.

HTH

sathappan.s

148
Views
0
Helpful
4
Replies