https://community.cisco.com/t5/network-access-control/radius-for-clients-behind-nat/m-p/4525594#M572005 <P>I'm tasting Dot1X / Posture / General RADIUS in my lab, and I want to have some clients with a private VLAN behind NAT, are there any considerations to keep in mind when I use ISE as the radius server?</P> Sat, 01 Jan 2022 21:44:09 GMT SMD28316 2022-01-01T21:44:09Z https://community.cisco.com/t5/network-access-control/radius-for-clients-behind-nat/m-p/4525594#M572005 <P>I'm tasting Dot1X / Posture / General RADIUS in my lab, and I want to have some clients with a private VLAN behind NAT, are there any considerations to keep in mind when I use ISE as the radius server?</P> Sat, 01 Jan 2022 21:44:09 GMT https://community.cisco.com/t5/network-access-control/radius-for-clients-behind-nat/m-p/4525594#M572005 SMD28316 2022-01-01T21:44:09Z https://community.cisco.com/t5/network-access-control/radius-for-clients-behind-nat/m-p/4526164#M572025 <P>There is nothing really specific required to handle clients behind NAT, but the profiling information ISE has for these clients may be off or partial. As long as the radius authentication being sent from the network device itself isn't natted, then you will handle it like regular endpoint authentication.&nbsp;<BR /><BR />If the switch communicating with ISE is behind nat, then it's a whole different can of worms.&nbsp;</P> Tue, 04 Jan 2022 03:18:15 GMT https://community.cisco.com/t5/network-access-control/radius-for-clients-behind-nat/m-p/4526164#M572025 Damien Miller 2022-01-04T03:18:15Z