cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

589
Views
0
Helpful
3
Replies
Reyad Safi
Beginner

NAC Installation

Hi Experts

We have  NAC 3350 Manager , and only 1 NAC 3350 Server.

we want to install it to serve users in H.Q and in remote branches.

what is the best scenario of installation to achieve the best solution ?

regards

Reyad

3 REPLIES 3
Reyad Safi
Beginner

Hello

Any Suggestions

Reyad

Hello Reyad,

With NAC, you need that all your user traffic is going through the clean access server for at least authentication. Since you don't probably want that traffic from remote site still need to go through the NAC Server after authentication, you may want to go for a Out Of Band (OOB) deployment, with layer 3 support, since your remote sites mighte not be all L2 adjacent to the central site (depending on your connections between your sites).

Basically, users will be put in a VLAN, let's say A, before authentication. You should find a way to direct all traffic from VLAN A through the NAC Server. it's fairly easy if you have L2 connectivity, otherwise you need to implement policy based routing (PBR).

After authentication, user will be put in VLAN B, and traffic from VLAN B shouldn't go through the clean access server.

Hope this is clear.

Dear Bastien

i got the idea , thank you for your cooperatin ,

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube