cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
478
Views
0
Helpful
3
Replies

NAC Appliance OOB L3

costin.vilcu
Level 1
Level 1

Hi everyone,

"i have a friend" ( :-) )to which i want to deploy the NAC OOB L3.

Why this one? Because he has a central location and a few branches (a few more actually) and these branches are at 2 L3 hops prom the center. More specific, there is a L3 switch as a gateway to the branch LAN users and after that, a router that connects to the center (GRE/IPSec).

The question is, and i did not manage to find or to realise by myself: it is mandatory to use a DHCP server for allocating ip-s to clients? (for all of their states: unauthenticated, authenticated, permited etc).

If not how it should be done?

Second: if is mandatory, should it work only with a centraly deployed DHCP server, or i can use the L3 switch in every branch as a dhcp server?

Thank you for your patiance.

1 Accepted Solution

Accepted Solutions

michael_dean
Level 1
Level 1

DHCP is required for L3 OOB real-ip gateway since the system will need to get a new address when it is switch to the authorization VLAN and then again after the posture process when it is switched back to its "normal" VLAN.

As for the DHCP server, you can use either a central server, have a local switch provide the addresses or a combination of both.

In our install, the local switch is the DHCP server for the auth VLAN and a local server is used for the access VLAN.

Mike

View solution in original post

3 Replies 3

michael_dean
Level 1
Level 1

DHCP is required for L3 OOB real-ip gateway since the system will need to get a new address when it is switch to the authorization VLAN and then again after the posture process when it is switched back to its "normal" VLAN.

As for the DHCP server, you can use either a central server, have a local switch provide the addresses or a combination of both.

In our install, the local switch is the DHCP server for the auth VLAN and a local server is used for the access VLAN.

Mike

Hi Mike,

thank you for your reply.

So you have this deployment in place? I mean OOB L3 with the CAS and CAM centrally and the dhcp servers on every branch?

Thanks!

We have completed the testing on our development network and moved the systems onto the production network. We are under a limited deployement as we have encountered a couple of issues that we are working through. The issues though are not related to DHCP.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: