Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Switch support by Cisco NAC

We are in the beginning stages of looking to implement NAC. Our network consists of 88 locations all on the same LAN. We want to implement OOB however we have run into a snag where there are an average of 20-30 unmanaged switches at each location that will need to be replaced. Replacing them with Cisco's cheapest switch the 2900 will blow the project cost sky high. Has anyone had any luck using a cheaper non-cisco switch?

4 REPLIES
New Member

Re: Switch support by Cisco NAC

Very doubtful. The OOB option uses SNMP to control the switches, so the cheaper switches would have to support the very same SNMP MIBs (with each OID having the same functionality as a Cisco product).

To use non-Cisco switches, you have to use In-Band (IB) mode.

Without knowing how your network is designed, this question may not be relevant, but could you put an in-band NAC server (with fail-over) at the connection point of each site back to your main site or your core?

New Member

Re: Switch support by Cisco NAC

Thanks for the response, I was afraid that was going to be the answer. We considered the inband NAC server at each location, however we have 85 locations, so that gets expensive.

New Member

Re: Switch support by Cisco NAC

That would be expensive. Do all of the locations connect back to a central site? If so, what about putting the CAS, in-band, at the central site and use policy routing to route the traffic through it?

That's what we are doing and it allows us to serve multiple sites with a single in-band CAS (or failover pair of CASes).

Gold

Re: Switch support by Cisco NAC

If all the locations go through the central site for most of their network access, it doesn't matter - eg servers, Internet, WAN. InBand would be fine in that situation.

http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/switch_spt.html

288
Views
0
Helpful
4
Replies
CreatePlease login to create content