Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
5
Helpful
2
Replies

CISCO NAC (CAS ) IP addresses Scheme

sajid_ccna
Level 1
Level 1

‎03-15-2013 04:40 AM - edited ‎03-10-2019 08:12 PM

I want to deploy CAS inband virtual Gateway mode. My Untrusted Side has 5 vlans so it will defenately be trunk cable to eth1 (Untrusted).

My Question is that can i provide eth1 IP from any of existing vlans or should i create new managment VLAN ans assign new address to eth1 from

managment subnet.

Also help should i also define eth0 as trunk interface as client has existing gateway of firewall and then access DMZ servers. What IP address of eth1 should be assigned. Can eth0 and eth1 have IP's from same VLAN (Subnet). e.g VLAN 90.

Labels:
0 Helpful
2 Replies 2

Tarik Admani
VIP Alumni
VIP Alumni

‎03-15-2013 05:34 AM

Sajid,

When deploying CAS in virtual gateway the interface ip is the same ip as the trusted interface. However you will need to assign an unused ip address from all vlans and use that in your managed subnet configuration.

Thanks,

Tarik Admani
*Please rate helpful posts*

sajid_ccna
Level 1
Level 1
In response to Tarik Admani

‎03-18-2013 01:40 AM

for untrusted (managed) subnet, i know that. What about the eth1 (trusted) interface.  will IP be the same. what vlan it will belong. same vlan as managed subnet.

e.g      i have 3 vlans on managed subnet  10.20.1.0  (vlan 51) 10.20.2.0 (vlan52)  and 10.20.3.0 (vlan 53)  with 24 bit subnet.

         i assign  10.20.1.5  (vlan 51) 10.20.2.5 (vlan52)  and 10.20.3.5 (vlan 53)  to eth0 (managed/untrusted) interface.

can i assign       10.20.1.5 with vlan 51 (same vlan as managed one) to eth1 interface trusted/protected.

0 Helpful
Customers Also Viewed These Support Documents