cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
466
Views
0
Helpful
2
Replies

NAC/Wireless Design

brobinson
Level 1
Level 1

Hi!

Looking for some input on some design options for NAC with a wireless deployment since OOB and IB are now both options.

In a campus environment of up to 300 wireless users, in-band seems good so that we can have one SSID, but restrict a user login to a role and apply restrictions on the appliance, but I'm concerned about the common issue of the appliance becoming a bottleneck.

My other thought too would be have multiple SSIDs (VLANs) and have multiple appliances handle certain VLANs, but this is pricey.

In wireless OOB, it appears you can only have one "access" VLAN to maps users to (I guess b/c that is all the WLC supports?), so that does not work for us as we need to have employees and guests (among others, separated).

Please correct me on any misunderstandings.

All insight appreciated. Thanks for the input!

2 Replies 2

gghayur
Level 1
Level 1

Your understanding is correct.

For 300 wireless users, you may want to go inband and do enforcement at the NAC server level.

For OOB, you need to make different SSID for different roles.

e.g. Guest, Employees and Contractor

You can look at the configuration example too for OOB Wireless NAC 4.5 here:

http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080a138cc.shtml

Hey there, thanks for replying back! In-band seems to be the better way to go. Appreciate the help!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: