09-26-2011 08:59 AM - edited 03-10-2019 06:26 PM
Hi Experts
We have NAC 3350 Manager , and only 1 NAC 3350 Server.
we want to install it to serve users in H.Q and in remote branches.
what is the best scenario of installation to achieve the best solution ?
regards
Reyad
09-26-2011 10:35 PM
Hello
Any Suggestions
Reyad
09-27-2011 12:33 AM
Hello Reyad,
With NAC, you need that all your user traffic is going through the clean access server for at least authentication. Since you don't probably want that traffic from remote site still need to go through the NAC Server after authentication, you may want to go for a Out Of Band (OOB) deployment, with layer 3 support, since your remote sites mighte not be all L2 adjacent to the central site (depending on your connections between your sites).
Basically, users will be put in a VLAN, let's say A, before authentication. You should find a way to direct all traffic from VLAN A through the NAC Server. it's fairly easy if you have L2 connectivity, otherwise you need to implement policy based routing (PBR).
After authentication, user will be put in VLAN B, and traffic from VLAN B shouldn't go through the clean access server.
Hope this is clear.
09-27-2011 09:50 AM
Dear Bastien
i got the idea , thank you for your cooperatin ,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide