Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC 4.5 OOB, WLC design question

We have a centralized NAC server design with a large number of remote sites. With 4.5, I have heard you need Layer 2 adjancency for the WLC's to the NAC servers even if using OOB? Is this correct? This is a serious limitation if so. thanks

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: NAC 4.5 OOB, WLC design question

This is correct. You need to have layer 2 adjacency between the CAS Untrusted and WLC. Also, CAS needs to be in Virtual Gateway.

in next major release, we are looking into removing this limitation.

5 REPLIES
New Member

Re: NAC 4.5 OOB, WLC design question

I dont have an answer, but i am also very interested in this. We currently are planning to upgrade to NAC 4.5 for the added ability to do OOB for Wireless.

New Member

Re: NAC 4.5 OOB, WLC design question

I have found out from Cisco that L2 adjancency is required. Apparently, the un-authenticated VLAN is sent to the CAS by default. The CAS then assigns based on role after authentication, THEN goes out of band.

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/45/cam/m_woob.html#wp1148691

Wireless Out-of-band implementation of Cisco NAC Appliance requires the following to be in place:

•Cisco Wireless LAN Controllers must be supported models that use at least the minimum supported version of IOS (supporting SNMP traps). See Table 5-2.

•Cisco Wireless LAN Controllers must be Layer 2 adjacent to the Clean Access Server(s) with which they interoperate to support wireless client login.

•Clean Access Servers supporting wireless client login and authentication must be installed and configured in Virtual Gateway mode.

•Your Cisco NAC Appliance product license must enable Wireless OOB.

New Member

Re: NAC 4.5 OOB, WLC design question

This is correct. You need to have layer 2 adjacency between the CAS Untrusted and WLC. Also, CAS needs to be in Virtual Gateway.

in next major release, we are looking into removing this limitation.

New Member

Re: NAC 4.5 OOB, WLC design question

Is there a special license that is needed for wireless OOB?

New Member
335
Views
10
Helpful
5
Replies