Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Quick Question on NAC L3 IB VG

Is vlan mapping still needed for L3 IB deployment????? the documentation is not very clear on this.

We have a lab setup, clients are connecting properly to the NAS/NAM, but they cannot access anything on the trusted side.. we DO have vlan mapping enabled but I still feel we are missing something.

Thanks!

1 REPLY
Anonymous
N/A

Re: Quick Question on NAC L3 IB VG

I think you have to configure VLAN mapping for L3 IB deployment. When a Clean Access Server operates in Virtual Gateway mode, it passes network traffic from its eth0 interface to eth1 and from eth1 to eth0 without changing the VLAN tag.

For In-Band configurations, in order to pass traffic from both interfaces through the same Layer 2 switch without creating a loop, it is necessary to place incoming traffic to the Clean Access Server on a different VLAN from the outgoing traffic of the Clean Access Server.

For Virtual Gateway (In-Band or OOB), Cisco recommends connecting the untrusted interface (eth1) of the CAS to the switch only after the CAS has been added to the CAM via the web console.

•For Virtual Gateway with VLAN mapping (In-Band or OOB), the untrusted interface (eth1) of the CAS should not be connected to the switch until VLAN mapping has been configured correctly under Device Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/45/cas/s_addSrvr.html#wpxref95183

172
Views
0
Helpful
1
Replies
CreatePlease to create content