We have just implemented NAC (L2 IP) and have it working on switchports assigned to a data VLAN. We are however having problems checking PC's that are hooked into a phone. The phone is on a voice vlan and the pc is on the data vlan. I would really appreciate if someone could post a working config that uses NAC L2 IP on either a 3550 or 3560 with IP phones on seperate VLAN's then PC's but plugged into a single port. Also, anyone know if Cisco plan's on rolling out L3 IP NAC to 3550's and 3560's with the IP services and above image, and if so when?
Thanks, and I will award points for any helpful answers.
Hello - Which version of the Clean Access NAC software are you running?
I would assume that you've got the voice vlan not being managed by the CAS; therefore, it would just be a matter of adding each mac address for all of your phones to the Device Management->Filters list with the ignore action. Then you will need to go to the Switch Management\Port Profile and make sure that the Change VLAN according to global device filter list option is selected and it might be a good idea to also check 'Remove out-of-band online user when SNMP linkdown trap is received.'. I would assume that you are also using SNMP linkdown traps and not just linkup notification?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...