09-29-2008 08:38 AM - edited 02-21-2020 03:01 AM
Hi everyone,
"i have a friend" ( :-) )to which i want to deploy the NAC OOB L3.
Why this one? Because he has a central location and a few branches (a few more actually) and these branches are at 2 L3 hops prom the center. More specific, there is a L3 switch as a gateway to the branch LAN users and after that, a router that connects to the center (GRE/IPSec).
The question is, and i did not manage to find or to realise by myself: it is mandatory to use a DHCP server for allocating ip-s to clients? (for all of their states: unauthenticated, authenticated, permited etc).
If not how it should be done?
Second: if is mandatory, should it work only with a centraly deployed DHCP server, or i can use the L3 switch in every branch as a dhcp server?
Thank you for your patiance.
Solved! Go to Solution.
09-29-2008 11:42 AM
DHCP is required for L3 OOB real-ip gateway since the system will need to get a new address when it is switch to the authorization VLAN and then again after the posture process when it is switched back to its "normal" VLAN.
As for the DHCP server, you can use either a central server, have a local switch provide the addresses or a combination of both.
In our install, the local switch is the DHCP server for the auth VLAN and a local server is used for the access VLAN.
Mike
09-29-2008 11:42 AM
DHCP is required for L3 OOB real-ip gateway since the system will need to get a new address when it is switch to the authorization VLAN and then again after the posture process when it is switched back to its "normal" VLAN.
As for the DHCP server, you can use either a central server, have a local switch provide the addresses or a combination of both.
In our install, the local switch is the DHCP server for the auth VLAN and a local server is used for the access VLAN.
Mike
10-01-2008 04:15 AM
Hi Mike,
thank you for your reply.
So you have this deployment in place? I mean OOB L3 with the CAS and CAM centrally and the dhcp servers on every branch?
Thanks!
10-01-2008 04:18 AM
We have completed the testing on our development network and moved the systems onto the production network. We are under a limited deployement as we have encountered a couple of issues that we are working through. The issues though are not related to DHCP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide