I've read other similar questions about implementing a Cisco NAC Appliance in an environment where each PC needs to have a static IP, but none of the other threads seemed to provide enough clarity on why this may or may not be a good idea.
I am exploring the possibility of implementing a NAC, but the entire network is currently configured with each client PC having a static IP address. I do not believe there is a DHCP server anywhere on the network, and I would need to keep it that way.
That said, I am wondering what sort of implementation modes for the NAC Appliance this limits me to... If someone could please provide some clarity on whether or not a NAC would work properly in this environment using the following modes (and if not, what modes would I need to use), I would be very grateful.
Desired deployment for the NAC: OOB, Virtual Gateway, Layer 2 adjacent
L2 OOB VGW would work for you with the caveat that you will have to have a separate Access VLAN for each Auth VLAN.
So assume you have VLAN 100 as unauthenticated, and VLAN 10 as Access. Your clients are 192.168.10.x. You would assign your clients IPs in that range, and using the SNMP switch the switchport to VLAN 100 when a client comes up. When he's authenticated, you would move the VLAN to 10 without bouncing the port, and theoratically it should work.
This month, we're excited to bring awareness to a newly formed partnership between Cisco Secure and IBM.
Securing today's dynamic enterprise applications is critical. With hybrid and multi-cloud adoption, traditional network-based security ran into limita...
Listen: https://smarturl.it/CCRS8E42Follow us: twitter.com/CiscoChampion
APIClarity is an open source, cloud-native visibility tool for APIs. It utilizes a Service Mesh framework to capture and analyze API traffic and identify potential risks.
Hello everyone, A new video in the Cisco Secure Terraform Series has just been published. If you are interested in Infrastructure as Code, and Terraform, you don't want to miss out on this amazing series with Jason "Canadian Bacon" Maynard! Newe...
The Cisco Secure Firewall and SecureX teams are looking for feedback from active Secure Firewall users who may or may not have already activated SecureX. Your responses will help us improve the Firepower experience in SecureX. Th...