Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
5
Helpful
3
Replies

l2 or l3 switch with NAC appliance

mladentsvetkov
Level 1
Level 1

‎02-27-2008 01:28 AM - edited ‎02-21-2020 01:55 AM

Hi,

I am planning for deploying NAC appliance in OOBVG mode. For the access layer, L2 switches are selected (2960). If I change the L2 access switches with L3 (3560 or 3750) would this add more manageability to the access layer by NAC?

Regards,

Mladen

0 Helpful
3 Replies 3

gojericho0
Level 1
Level 1

‎02-27-2008 12:48 PM

The L3 switch would allow you to run in Real-Gateway mode if you'd like. The benefits of that is they can act as a DHCP scope for your dirty network so you do not use another server or router.

mladentsvetkov
Level 1
Level 1
In response to gojericho0

‎02-28-2008 12:28 AM

Thanks.

The document "Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide" says:

"In out-of-band Real-IP or NAT gateway deployment, the client IP address has to change when the port is changed from the Auth VLAN to the Access VLAN."

So the clients will have to receive TCP/IP settings via DHCP twice, which I don't think is client satisfactory.

If the NAC is in OOBVG mode, are there any NAC features, which are not supported (IP filtering rules, access policies, and any other traffic handling mechanisms)?

Regards,

Mladen

0 Helpful

gojericho0
Level 1
Level 1
In response to mladentsvetkov

‎02-28-2008 05:13 AM

Mladen

You can create the same policies as you would in IBVG mode. This can be done globally or you can have different policies for each CAS.

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cas/s_trfpol.html

Josh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card