topic Re: NAC OOB in Network Security

NAC OOB

phamthecong — Sat, 22 Feb 2020 07:16:43 GMT

dear all,

I have this outline in my lab:

I use L3 OOB VG,

quarantine VLAn 100(172.16.100.0/24), Access VLAN 10(172.16.10.0/24).

The untrusted interface IP 172.16.100.1

The trusted interface IP 172.16.10.3

Router's interface for Access VLAN 172.16.10.1

and the CAM ip 192.168.1.1/24

When I connect a PC to a switch, the switch changes the port to VLAN 100 and the PC obtains an IP address 172.16.10.5 which is what I expected.

The problem is that the PC can not get the login page.

Could anyone help please? thanks.

Re: NAC OOB

gerardtorin — Fri, 02 Feb 2007 02:51:51 GMT

Did you configure the dns server? If the pc doesn?t resolve the name of the link the authentication page doesn?t work.

Re: NAC OOB

dominic.bilodeau — Tue, 06 Feb 2007 15:27:57 GMT

Hello,

You specified that you are OOB VG mode, if this is correct, then only VLAN ID number is translated from your untrusted auth VLAN (100) to your trusted, production VLAN (10) so the IP address obtained from your untrusted VLAN will not have to be renewed or changed when bounced to the VLAN 10 or prod VLAN. Also, make sure when in the Auth VLAN (100), that your default GW points to the IP address of the CAS, so it sees traffic go through, then the agent will trigger and ask for authentication...

Dominic

Re: NAC OOB

ROBERT WATSON — Wed, 10 Dec 2008 02:06:13 GMT

If your configured in VGW then your GW should not point to the CAS at all

Re: NAC OOB

ramkumar-b — Thu, 11 Dec 2008 06:25:51 GMT

If DNS is not configured then, can u ping the Untrust Interface IP of the CAS?

Try to browse to the Untrust Interface IP of the CAS "https://Untrust-Int-IP" and see whether re-direction happens or not?

Have u configured User pages or not?

Have u configured any user role with "Require use of clean access agent".?