Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
0
Helpful
2
Replies

Problem with NAC real IP/ layer 3/ in-band

namnt2604
Level 1
Level 1

‎01-08-2009 09:46 AM - edited ‎02-21-2020 03:12 AM

Hi,

I'm deploying a NAC realIP/in-band/layer3, users cannot ping untrusted interface e1 of NAC server, user has to pass core sw 6500 and FW before hitting e1 of NAC server. I have tried to set the gateway of this intterface e1 to itself (as Cisco document) and FW module, but in both cases, user still cannot ping e1.

Anyone can help me? Much appreciate your replying!

User -- Core sw 6500 -- FW module (on core sw) -- NAC server -- NAC manager

0 Helpful
2 Replies 2

namnt2604
Level 1
Level 1

‎01-10-2009 09:59 AM

I have pinged e1 (untrusted) of NAC server already. I have set both managed subnet and static route, something different with Cisco document (Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release 4.1(3)), this document recommends to configure static route for layer 3 deployment, not managed subnet!

Anyone has documents to deploy this scenario, pls share it to me! Thanks!

0 Helpful

Daniel Laden
Level 4
Level 4
In response to namnt2604

‎02-01-2009 12:35 PM

Managed subnets are for L2 deployments and Static routes are for L3 deployment.  Both can exist on a CAS but for a individual subnet, ti will be one or the other.

If the client and CAS can see each others broadcast, its a L2.  If not, its a L3.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card