Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1113
Views
0
Helpful
5
Replies

NAC Configurations

Go to solution
kydaniel411
Level 1
Level 1

‎08-11-2011 01:08 AM - edited ‎03-10-2019 06:18 PM

Hi Experts,

I'm new to NAC.

At the moment I have some questions regarding the installation and would seek your help:

Requirements:

1. CAM and CAS are installed in Intranet

2. When PC is plugged into the network, CAS will assign an IP with minimal access(separate VLAN)

3. When PC is passed through REGISTRY check, allow use network resources(separate VLAN)

Questions:

1. Is the Ethernet1 port is required to use in CAS?

2. Can this be called in-band configuration?

3. What configuration is needed if I need to make specific LAN port in switch “route to” another VLAN?

4. Where should I set the DHCP?

Thanks in advance!

Regards,

Daniel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee
In response to kydaniel411

‎08-14-2011 11:31 PM

the ports have to be in different vlans if you want to avoid an awful loop. One will have the trusted vlan and one the untrusted vlan.

If out of band was so much better, inband would not exist. No one can tell you "go for this", you have to decide on your own.

In band allows for traffic policies restrictions, easier logoff, etc... etc ...

View solution in original post

0 Helpful
5 Replies 5

Go to solution
kydaniel411
Level 1
Level 1

‎08-13-2011 08:29 AM

Hi Experts,

Do anyone can provide assistant on this?

Regards,

Daniel

0 Helpful

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee
In response to kydaniel411

‎08-13-2011 12:06 PM

I really strongly sugges that you read the CAM and CAS configuration guide. The deployments types for NAC are complex and you need to understand them. One cannot simply give you advises as there is not "one" way to go.

1) It's advised to have a trusted and untrusted (eth0/eth1) port on CAS.

2) Inband has nothing to do with what you mentioned. Inband means that client traffic wil always flow through the CAS. In out of band, once the client is authenticated, he's not going through the CAS anymore for his traffic

0 Helpful

Go to solution
kydaniel411
Level 1
Level 1
In response to Nicolas Darchis

‎08-13-2011 07:01 PM

Dear Nicolas,

Thanks for your advice.

For CAS eth1, is that fine if I connect to different VLAN of the same Cisco switch as the eth0?  Will the config be simple as putting the appropriate VLAN ID in Cisco switch and in CAM/CAS?

From your advice that most application should choose OUT-OF-BAND application, is that correct?

Regards,

Daniel

0 Helpful

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee
In response to kydaniel411

‎08-14-2011 11:31 PM

the ports have to be in different vlans if you want to avoid an awful loop. One will have the trusted vlan and one the untrusted vlan.

If out of band was so much better, inband would not exist. No one can tell you "go for this", you have to decide on your own.

In band allows for traffic policies restrictions, easier logoff, etc... etc ...

0 Helpful

Go to solution
kydaniel411
Level 1
Level 1
In response to Nicolas Darchis

‎08-15-2011 07:05 AM

Dear Nicolas,

Thanks for your advice.

I'm currently trying to set-up, and will consult if needed.

Many thanks!

Regards,

Daniel

0 Helpful
Customers Also Viewed These Support Documents