Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
636
Views
0
Helpful
2
Replies

NAC Deployment Questionaire

adamgibs7
Level 7
Level 7

‎04-30-2011 03:03 AM - edited ‎02-21-2020 04:19 AM

Hello Dears,

I have a 2 No's NAC Manager and 1 No's NAC server, Our Network is Cisco three tier:  Access> Distribution >Core. Distribution switch is doing inter vlan routing and layer 3 connecting (OSPF) between the core and the distribution and amoung the Distribution. We also have wireless controllers and vpn users.

All devices are from Cisco systems and supportable by NAC..

I have  to  deploy NAC In which mode ??? Please help, i have read abt it but still i wanna clear my doubts

L3 Inband VG

L3 Inband RG

OR

L3 OOB VG

L3 OOB RG

Thanks

0 Helpful
2 Replies 2

Nicolas Darchis
Cisco Employee
Cisco Employee

‎05-02-2011 12:55 PM

In band has the advantage that the CAS does the traffic filtering (only allowing given protocols). You can assign user roles,etc ... Inconvenient is that you are limiting bandwitdth by sending all traffic through the CAS.

Out of band has the advantage of bypassing the CAS once user is authenticated. Better for bandwitdh. But CAS cannot filter traffic anymore. For wireless in out of band, you cannot assign vlans depending on roles in NAC.

difference between RIP and VGW is smaller. In RIP, the CAS will be the gateway and wil route traffic.

There is no "go for this", it's a decision you make.

0 Helpful

adamgibs7
Level 7
Level 7
In response to Nicolas Darchis

‎05-04-2011 03:09 AM

Hello Nicolas,

Thanks fo replying the post.

Question 1:

Layer 3 is deployed when CAS is hop away from users and not adjacent to CAS. When i thinking to place CAS and CAM  on Core so i shld think abt layer 3 because all users will be accessing 1 hop away from the default gateway that is (Distribution Switch),so i shld forget abt layer 2 INBAND Real IP Gateway and virtual Gateway.  Correct me if i m wrong ???????

Question 2

I m thinking to deploy in Layer 3 OOB RIP i have seen example on cisco website for this mode But there is no such configuration example for

Layer 3 OOB VG mode. Is it  I m on the right path or better than this any deployment according to ur expierience Nicolas ????

Question 3: Can NAC be deployed in the following modes. Is it such types of Modes are there????????????????????????????

Layer 3 IB VG

Layer 3 IB RIP

Layer 3 OOB VG

Question 4:

We say that users Default Gateway will be NAC when we deployed in RIP.But In Cisco Configuration Example of layer 3 OOB RIP, There is no such interface configured for gateway?????????

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card