Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAC OUT OF BAND REAL IP GATEWAY

Hello,

I have NAC 4.8 and setup as Out of Band Real IP Gateway.

Is it possible to integrate it with WLC5508(Wireless)?

thank you

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: NAC OUT OF BAND REAL IP GATEWAY

Hello!

Currently only NAC Servers configured in Virtual  Gateway mode can support wireless OOB users:

http://www.cisco.com/en/US/customer/docs/security/nac/appliance/configuration_guide/48/cam/m_woob.html#wp1148691

I hope this answers your question.

Regards,

Federico

--

If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

Cisco Employee

Re: NAC OUT OF BAND REAL IP GATEWAY

Hello!

Yes, I'd say you just have to wait for NAC OOB Real-IP with Wireless.. :-)

In any case, it's perfectly fine to use ACS 5 to authenticate the Wireless users on the CT5508.

Just a note, if you're actually using ACS 5.0 (and not 5.1 or 5.2), make sure that you also install the latest patch.

In any case, if you're indeed on 5.0, I'd strongly recommend to go to 5.2.

If what you're looking for is 802.1x authentication, you can refer to this document for a config example with the PEAP method:

http://www.cisco.com/en/US/customer/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml

If you want to authenticate users through web-auth, then you can refer to this other document:

http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml

The above example refers to ACS 4.x, however, you can achieve the same goal on ACS 5... for that, just make sure you have good understanding of the policy model in ACS 5 .. you can find all the details on the config guide:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/policy_mod.html

I hope this helps!

Regards,

Federico

7 REPLIES
Cisco Employee

Re: NAC OUT OF BAND REAL IP GATEWAY

Hello!

Currently only NAC Servers configured in Virtual  Gateway mode can support wireless OOB users:

http://www.cisco.com/en/US/customer/docs/security/nac/appliance/configuration_guide/48/cam/m_woob.html#wp1148691

I hope this answers your question.

Regards,

Federico

--

If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

New Member

Re: NAC OUT OF BAND REAL IP GATEWAY

hello Federico,

thanks, is there any possibility the out of band real ip gateway will support the wireless?  because i already setup my nac network in out of band real ip gateway.

regards,

Edwin

Cisco Employee

Re: NAC OUT OF BAND REAL IP GATEWAY

Hi,

I'm afraid that the answer is negative.

The thing is that for the moment the WLC supports only the VLAN transition from "quarantine" (or Authentication) to Access VLAN as configured directly on the WLC dynamic interface.

This allows for the client not to change its IP address while moving from the quarantine to the access VLAN.

In OOB Real-IP the VLAN has to be pushed from the CAM, and this is only supported for wired users at this point in time.

Thanks,

Federico

New Member

Re: NAC OUT OF BAND REAL IP GATEWAY

hello,

ic,  so i think have to wait for sometime. or try to authenticate the wireless users with my acs 5.0.

ok, if its ok with you, i am also trying to integrate my wlc5508 to acs5.0, and is it  possible?am trying to find documents for the integration if this devices but  i can't find.

well this is the acs that i opened with you (active directory) 2 days ago..

thanks..

Cisco Employee

Re: NAC OUT OF BAND REAL IP GATEWAY

Hello!

Yes, I'd say you just have to wait for NAC OOB Real-IP with Wireless.. :-)

In any case, it's perfectly fine to use ACS 5 to authenticate the Wireless users on the CT5508.

Just a note, if you're actually using ACS 5.0 (and not 5.1 or 5.2), make sure that you also install the latest patch.

In any case, if you're indeed on 5.0, I'd strongly recommend to go to 5.2.

If what you're looking for is 802.1x authentication, you can refer to this document for a config example with the PEAP method:

http://www.cisco.com/en/US/customer/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml

If you want to authenticate users through web-auth, then you can refer to this other document:

http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml

The above example refers to ACS 4.x, however, you can achieve the same goal on ACS 5... for that, just make sure you have good understanding of the policy model in ACS 5 .. you can find all the details on the config guide:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/policy_mod.html

I hope this helps!

Regards,

Federico

New Member

Re: NAC OUT OF BAND REAL IP GATEWAY

hello Federico,

really a good new...for the meantime i have to use my acs5.0 for wireless authentication, and just transfer my wireless users to  nac once the out of band real ip gateway comes.

thank you and best regards....

Edwin

New Member

NAC OUT OF BAND REAL IP GATEWAY

it is possible to integrate it with WLC5508(Wireless)? with NAC out-of-band Real Ip gateway

NAC-4.9.3

971
Views
5
Helpful
7
Replies
CreatePlease to create content