https://community.cisco.com/t5/network-security/nac-layer-3-virtual-gateway-setup/m-p/1014377#M764934 <HTML><HEAD></HEAD><BODY><P>Policy route the unauthenticated traffic so it forces the layer 3 network in question through your CAS layer 3 device. Your discovery host address should be on the other side of the clean access server trusted side. Theres a NAC Chalk talk pdf that steps this through for you </P><P>Search "NAC Chalktalk"</P></BODY></HTML> Wed, 16 Jul 2008 22:10:20 GMT ROBERT WATSON 2008-07-16T22:10:20Z https://community.cisco.com/t5/network-security/nac-layer-3-virtual-gateway-setup/m-p/1014376#M764933 <P>I am running the NAC Appliance currently in virtual gateway mode for layer 2 inband and it works great. I wanted to add layer 3 virtual gateway inband to this same NAC server, but I can't seem to find enough documentation on this. I do have layer 3 enabled and a static route to the layer 3 network in place. I don't think I understand how to get the network to go through the NAC. Do I need to run the Agent on the layer 3 network or can it still somehow go through just the web page authentication?</P><P>Thanks.</P><P></P> Fri, 21 Feb 2020 10:54:41 GMT https://community.cisco.com/t5/network-security/nac-layer-3-virtual-gateway-setup/m-p/1014376#M764933 clifton.howell 2020-02-21T10:54:41Z https://community.cisco.com/t5/network-security/nac-layer-3-virtual-gateway-setup/m-p/1014377#M764934 <HTML><HEAD></HEAD><BODY><P>Policy route the unauthenticated traffic so it forces the layer 3 network in question through your CAS layer 3 device. Your discovery host address should be on the other side of the clean access server trusted side. Theres a NAC Chalk talk pdf that steps this through for you </P><P>Search "NAC Chalktalk"</P></BODY></HTML> Wed, 16 Jul 2008 22:10:20 GMT https://community.cisco.com/t5/network-security/nac-layer-3-virtual-gateway-setup/m-p/1014377#M764934 ROBERT WATSON 2008-07-16T22:10:20Z