Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
733
Views
0
Helpful
0
Replies
David Niemann
David Niemann Participant
Participant
‎06-02-2011 01:09 PM
‎06-02-2011 01:09 PM

NAC design question

New NAC design.  Call center is currently using VMPS for dynamic VLAN assignment (6509 running hybrid CatOS and IOS, YUK!!!).  Requirements that PCs (aka users) are assigned to specific VLANs that limit what resources they have access to.  Unregistered MAC addresses go into "penalty box" Visitor VLAN with internet access only.  LAN currently spans three levels in a building with core 6509s.  Core, distribution and access are all Layer 2, with the 6509s centrally routing everything (will be updating this for them later).  NAC must not be a bottleneck for users that are authenticated or trusted.  At first I'm thinking Layer 2 OOB.  They want a NAC Guest server to control the access to the visitor vlan and possibly use with WLC for Visitor access as well.  Based on this information I would think that I would want to use layer 3 OOB with real-ip gateway and create a new authentication VLAN for the untrusted side of the NAC server and assign the trusted VLAN based on the roles (mac addresses) defined in the NAC manager to replace the VMPS functionality.  They also use non Cisco based VoIP.  I'm guessing I can address that simply by having a list of all the mac addresses of the IP phones on the ignore list on the NAC manager.  Any suggestions or pointers? They do not want to address the core, distribution and access architecture at this time.

0 Helpful
Reply
Latest Contents
Web Security - what capabilities does it provide and how can...
Created by ben.greenbaum on 03-30-2020 01:41 PM
0
0
0
0
Threat Response integrates with Cisco's Web Security Appliance (WSA) to provide visibility into web-bourne threats. By adding a Web Security or SMA Web module to Threat Response, investigators will be able to search for domains, URLs, and file hashes th... view more
VPN Load-Balancing
Created by Francesco Molino on 03-28-2020 04:45 PM
0
5
0
5
Hi everyone,   I was helping some friends and they were trying to solve a scalable VPN issues, specially these days with the pandemic situation. I recommended to implement ASA VPN Load-Balancing. This will allow to keep 1 FQDN for all RA-VPN users an... view more
Alcatel 8068S VPN configuration with FTD 6.4
Created by fthiel92 on 03-28-2020 03:48 PM
1
5
1
5
Purpose of this article is to share our experience during that Covid-19 period where we were able to successfully setup a VPN configuration for remote worker using Alcatel 8068S phones with FTD 2110 running 6.4.0.8.I would like to thank all of my colleagu... view more
Downloadable URL-Redirect ACL with ISE
Created by howon on 03-27-2020 02:33 PM
2
5
2
5
For additional advanced ISE related Tips, please visit Advanced ISE tips to make your deployment easier document   Downloadable URL-Redirect ACL If you have ever configured CWA (Central Web Authentication) with ISE you understand that it requires on... view more
What's New in CDO?
Created by Andrew Mallio on 03-27-2020 02:29 PM
0
5
0
5
Hello!   Cisco Defense Orchestrator (CDO) is a cloud-based multi-device manager that can manage security products like the Adaptive Security Appliance (ASA), the Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.&nb... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Spotlight Awards- February 2020

Follow our Social Media Channels