Cisco NAC Configuration Issue

shalvi.yadav · ‎11-14-2011

Hi,

Cisco NAC is connected to the core switch. All the access switches are L2 connected to the core switch and to the clients.

The user vlan is 101 and the access vlan is 11. The trusted and untrusted interface of Cisco Access server has same IP.NAC is configured as L2 OOB Virtual gateway mode. Please let me if this is correct in this scenario.

Also , the access switch and the the client is discovered in Cisco NAC. What should be configuration of auth vlan in Core switch and also that the user is not able to redirect to NAC agent and the user is not shown under online users in Cisco NAC. Also, the posture assessment is not happening.

Please let me know the solution for this.

Regards,

Shalvi Yadav

Tarik Admani · ‎11-16-2011

Hi,

Please explain the vlans one more time, is the vlan 101 for clients that are unauthenticated and then being mapped over to 11 once their traffic is inspected and permitted (trusted). If so, you will need to setup vlan mapping from 101 to 11 you will need to configure a managed subnet entry (an unused ip address from vlan 11 that is tagged with vlan 101).

then you will have to make sure that vlan 101 is a l2 vlan and that all switches that are connected to the clients are set to trunk vlan 101 and 11 to client. Also the port setting of all clients will need to be set to vlan 101.

As far as setting up oob there is more to it, you will need to open a TAC case if you are looking for configuration assistnace with the nac system.

I hope that gets you started or provide some help.

Tarik admani