topic Re: NAC authentication mechanism in Network Access Control

NAC authentication mechanism

hclisschennai — Fri, 21 Feb 2020 18:22:36 GMT

Hi,

Whether it is possible to configure the NAC with the following settings:

I am establishing this in a campus LAN environment.

I have a Cisco 4510R Layer 3 switch as the Core switch.

I have Cisco 3550 Layer 3 switch as the distribution switch

I have some unmanaged and managed switch as the Access layer Switches. All Desktop computers are connected in this access swtich only.

Distribution Switch and core switch is connected in the Routed backbone (Trunking is not configured between Distribution and Core)

Since I have unmanaged switches at the access layer and Core to Distribution is Routed backbone (Layer 3) i have decided to configure the NAC appliance in the following setup:

Layer 3 Inband Virtual Gateway

I request you to provide solution and configuration steps to achieve the following:

1. How to configure NAC Appliance for Layer3 Inband VirtualGateway

2. Users/Desktop computers should authenticate by username/password & Mac Address/IP address to get into the network. If the Users/Desktop computers do not match the IP address with MAC Address combination configured in the NAC appliance they should be in quarantine role.

Re: NAC authentication mechanism

hemant1234 — Mon, 01 Dec 2008 10:31:33 GMT

I understood that connectivity between core swich and distribution switch is through routed port.

am i right?

if this is the case then intervlan routing must be done by distribution switch and have one default route pointing toward the core switch.

in this situation, you have to easily configure your nac with L2, inband and Virtual Gateway mode by placing both CAS and CAM on distribution switch.

it is the easiest way to configure NAC in your enviornment.

Re: NAC authentication mechanism

hclisschennai — Tue, 02 Dec 2008 13:24:23 GMT

Hi Hemant,

At the outset thankyou for the interest you have shown

You have correctly understood the scenario. Thanks again.

But i cannot keep the NAC at distribution layer (Edge Deployment) as i have multiple distribution switches connecting to core switch. Keeping in Distribution Switch will definitely work as you said

I want this it to be in Centralized Deployment. Then how the NAC (CAS) interfaces are configured. What VLAN / IP address it will be in.

No document is available in Cisco to configure Layer 3 Inband Virtual Gateway Mode.

Please help me

Re: NAC authentication mechanism

nasim_nasri — Sat, 13 Dec 2008 06:44:30 GMT

I don't think so it is possible to have L3 Inband virtual gateway