Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC migration from L2 OOB to L3

Hello,

I have a question about a migration NAC Appliance 7.0 version in L2 OOB deployment to L3 Real-IP Gateway.

Do I need any other issue to this or I only must change settings on CAM in "Clean Access Server Type"?

I don't have a lab to test it.

Kamil,

7 REPLIES

Re: NAC migration from L2 OOB to L3

Kamil,

Is your L2 OOB deployment Real-IP also? If so, to enable L3, you just have to checkmark the box in the network settings and reboot your CAS. If it's in VGW mode, then a bit more work is required.

HTH,

Faisal

New Member

Re: NAC migration from L2 OOB to L3

Faisal,

This deployment is L2 OOB VG.

The  next question is if I changed server type from L2 OOB VG to L2 OOB  Real-IP in network setings  do I lose some settings in configuration?

What else do I need to do, what you mentioned?

Kamil

Re: NAC migration from L2 OOB to L3

Kamil,

You'll have to give different IP address to your untrusted interface for one. Going from VGW to RIP is a major design change, so you'll have to vet your design again to ensure that the NAC traffic flow is working the way you expect it to.

HTH,

Faisal

New Member

Re: NAC migration from L2 OOB to L3

Hi Faisal,

What is the procedure for a NAC in HA?

Kamil

Re: NAC migration from L2 OOB to L3

Kamil,

HA and NAC (assuming 4.7.2 version): http://tinyurl.com/yc727jl

HTH,

Faisal

New Member

Re: NAC migration from L2 OOB to L3

Hi Faisal,

It's a small a misunderstanding about NAC in HA and my question it's no asked precise.

So, what is the procedure migrating NAC in HA mode from L2 VGW to L3 RIP?

Kamil,

Re: NAC migration from L2 OOB to L3

Kamil,

That would require a major design change in your network -  something I guarantee you is not possible to handle in a forum setting :-)

If you have a Cisco account team, engage them, so they can help you get a workable design for L3 RIP.

HTH,

Faisal

369
Views
0
Helpful
7
Replies
CreatePlease to create content