NAC L2/L3 in Datacenter

vinod.rathi · ‎11-21-2007

We have 2 NAC appliance. customer wants to cover both L2 and L3 devices for posture validation. Can we have 2 NAC appliance in DC one operating in L2 mode covering L2 segments and other running in L3 mode covering branch sites?

Are there any issues in this design. NAC appliance will be placed in DMZ zone on collapsed core 6500 switch.

Regards

Vinod

sathappan · ‎11-21-2007

Hi Vinod,

If you have only 2 appliance , you need to use one as a manager and one as server.

if you have a separate manager and 2 appliance as servers , then you can deploy one NAC appliance as L2 server and another in L3 mode.

with regards

sathappan.s

vinod.rathi · ‎11-21-2007

Hello There,

Yes we have 2 NAC managers(CAM) and 2 NAC appliance (CAS) for our datacenter.

gojericho0 · ‎11-21-2007

You can have one CAS use both L2/L3 enforcement. I would have the the other CAS enforced in L2 on the DMZ segment just so all that traffic does not have to come to the data center for authentication and posture assessment

sathappan · ‎11-21-2007

vinod,

Basically 2 CAM and 2 CAS come as a failover bundle. The 2 CAS will be a failover bundle licensed to the number of users you have brought.

If you want to deploy the NAC for Wired users, you can have the failover bundle to manage the l2 users along with l3 support.

HTH

sathappan.s