Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC L2 OOB implementation=>Quarantine Role relationship with Untrusted Network

in NAC L2 OOB per my understanding, a node coming online gets put in the untrusted network for the authentication/validation before going "out of band" or out to the regular subnet. As far as Quarantine Role for remediation, does there need to yet be a different subnet for the hosts requiring remediation, or can the remedication be done from within the Untrusted subnet(quarantine role within untrusted managed subnet)?

3 REPLIES
New Member

Re: NAC L2 OOB implementation=>Quarantine Role relationship with

Also I just set aside Subnet Information for the Untrusted Managed Subnets. I have opted for 2 /

22 subnets per Distribution Block, and 4 for the one distribution block that is substantially larger than the rest.

Is that number reasonable, from all the provided info or is it advisable to use smaller subnets or

larger ones and what's the reason for whatever the more advisable approach?

Re: NAC L2 OOB implementation=>Quarantine Role relationship with

Hi,

I've seen customers use /16's as their subnets too. Not something I'd do necessarily, but just another data point for you to consume. Think /22's would be okay.

HTH,

Faisal

Re: NAC L2 OOB implementation=>Quarantine Role relationship with

Hi,

Remediation is done in the untrusted subnets. Once they're through and clean, they'll either retain their IP addressing, or get a new one (depending on whether you use role-based VLANs or not)

HTH,

Faisal

349
Views
0
Helpful
3
Replies