Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

NAC/Wireless Design


Looking for some input on some design options for NAC with a wireless deployment since OOB and IB are now both options.

In a campus environment of up to 300 wireless users, in-band seems good so that we can have one SSID, but restrict a user login to a role and apply restrictions on the appliance, but I'm concerned about the common issue of the appliance becoming a bottleneck.

My other thought too would be have multiple SSIDs (VLANs) and have multiple appliances handle certain VLANs, but this is pricey.

In wireless OOB, it appears you can only have one "access" VLAN to maps users to (I guess b/c that is all the WLC supports?), so that does not work for us as we need to have employees and guests (among others, separated).

Please correct me on any misunderstandings.

All insight appreciated. Thanks for the input!

Community Member

Re: NAC/Wireless Design

Your understanding is correct.

For 300 wireless users, you may want to go inband and do enforcement at the NAC server level.

For OOB, you need to make different SSID for different roles.

e.g. Guest, Employees and Contractor

You can look at the configuration example too for OOB Wireless NAC 4.5 here:

Community Member

Re: NAC/Wireless Design

Hey there, thanks for replying back! In-band seems to be the better way to go. Appreciate the help!!

CreatePlease to create content