Solved: Dynamic VLAN Assignment with RADIUS Server ACS 5.2 and NAC

rschwart · ‎10-14-2012

We are attempting to reduce the number of ssid's in our wireless network using dynamic vlan assignment with the acs. Our problem is we are using Cisco NAC as well and with the dymanic vlan assigment the user does not get checked by the nac. The Cisco agent sometimes will pop up and do nothing or gives a message can not locate server. We have even gotten an OOB error. Has anybody used dymanic vlans with the acs and the nac successfully? The NAC is Out of Band

Tarik Admani · ‎10-14-2012

Hi,

I have supported oob nac and wireless and your efforts to make dynamic vlan assignment will not work because of the way the quarantine and access vlan are mapped to this ssid.

This will work in inband mode, however not your design. This WLAN needs to exist because the manager sends the snmp trap to move the client from quarantine to access.

Just as a note, which I am sure you are aware is that ISE is the evolution of acs and nac. Basically this your solution for reducing skids and posturing clients.

Sent from Cisco Technical Support iPad App

View solution in original post

Tarik Admani · ‎10-14-2012

Hi,

I have supported oob nac and wireless and your efforts to make dynamic vlan assignment will not work because of the way the quarantine and access vlan are mapped to this ssid.

This will work in inband mode, however not your design. This WLAN needs to exist because the manager sends the snmp trap to move the client from quarantine to access.

Just as a note, which I am sure you are aware is that ISE is the evolution of acs and nac. Basically this your solution for reducing skids and posturing clients.

Sent from Cisco Technical Support iPad App

rschwart · ‎10-15-2012

Thank you Tarik, you did confirm my findings. ISE is somehting we will be looking at in the near future.