I've read other similar questions about implementing a Cisco NAC Appliance in an environment where each PC needs to have a static IP, but none of the other threads seemed to provide enough clarity on why this may or may not be a good idea.
I am exploring the possibility of implementing a NAC, but the entire network is currently configured with each client PC having a static IP address. I do not believe there is a DHCP server anywhere on the network, and I would need to keep it that way.
That said, I am wondering what sort of implementation modes for the NAC Appliance this limits me to... If someone could please provide some clarity on whether or not a NAC would work properly in this environment using the following modes (and if not, what modes would I need to use), I would be very grateful.
Desired deployment for the NAC: OOB, Virtual Gateway, Layer 2 adjacent
L2 OOB VGW would work for you with the caveat that you will have to have a separate Access VLAN for each Auth VLAN.
So assume you have VLAN 100 as unauthenticated, and VLAN 10 as Access. Your clients are 192.168.10.x. You would assign your clients IPs in that range, and using the SNMP switch the switchport to VLAN 100 when a client comes up. When he's authenticated, you would move the VLAN to 10 without bouncing the port, and theoratically it should work.
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 184.108.40.206Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 220.127.116.11R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...