Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
790
Views
0
Helpful
3
Replies

NAC L2 OOB implementation=>Quarantine Role relationship with Untrusted Network

Baerde1234
Level 1
Level 1

‎06-14-2010 02:08 AM - edited ‎02-21-2020 03:59 AM

in NAC L2 OOB per my understanding, a node coming online gets put in the untrusted network for the authentication/validation before going "out of band" or out to the regular subnet. As far as Quarantine Role for remediation, does there need to yet be a different subnet for the hosts requiring remediation, or can the remedication be done from within the Untrusted subnet(quarantine role within untrusted managed subnet)?

0 Helpful
3 Replies 3

Baerde1234
Level 1
Level 1

‎06-14-2010 02:17 AM

Also I just set aside Subnet Information for the Untrusted Managed Subnets. I have opted for 2 /

22 subnets per Distribution Block, and 4 for the one distribution block that is substantially larger than the rest.

Is that number reasonable, from all the provided info or is it advisable to use smaller subnets or

larger ones and what's the reason for whatever the more advisable approach?

0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to Baerde1234

‎06-14-2010 04:47 PM

Hi,

I've seen customers use /16's as their subnets too. Not something I'd do necessarily, but just another data point for you to consume. Think /22's would be okay.

HTH,

Faisal

0 Helpful

Faisal Sehbai
Level 7
Level 7

‎06-14-2010 04:46 PM

Hi,

Remediation is done in the untrusted subnets. Once they're through and clean, they'll either retain their IP addressing, or get a new one (depending on whether you use role-based VLANs or not)

HTH,

Faisal

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card