Re: NAC migration from L2 OOB to L3

wkamil123 · ‎05-12-2010

Hello,

I have a question about a migration NAC Appliance 7.0 version in L2 OOB deployment to L3 Real-IP Gateway.

Do I need any other issue to this or I only must change settings on CAM in "Clean Access Server Type"?

I don't have a lab to test it.

Kamil,

Faisal Sehbai · ‎05-12-2010

Kamil,

Is your L2 OOB deployment Real-IP also? If so, to enable L3, you just have to checkmark the box in the network settings and reboot your CAS. If it's in VGW mode, then a bit more work is required.

HTH,

Faisal

wkamil123 · ‎05-13-2010

Faisal,

This deployment is L2 OOB VG.

The next question is if I changed server type from L2 OOB VG to L2 OOB Real-IP in network setings do I lose some settings in configuration?

What else do I need to do, what you mentioned?

Kamil

Faisal Sehbai · ‎05-14-2010

Kamil,

You'll have to give different IP address to your untrusted interface for one. Going from VGW to RIP is a major design change, so you'll have to vet your design again to ensure that the NAC traffic flow is working the way you expect it to.

HTH,

Faisal

wkamil123 · ‎05-17-2010

Hi Faisal,

What is the procedure for a NAC in HA?

Kamil

Faisal Sehbai · ‎05-17-2010

Kamil,

HA and NAC (assuming 4.7.2 version): http://tinyurl.com/yc727jl

HTH,

Faisal

wkamil123 · ‎05-18-2010

Hi Faisal,

It's a small a misunderstanding about NAC in HA and my question it's no asked precise.

So, what is the procedure migrating NAC in HA mode from L2 VGW to L3 RIP?

Kamil,

Faisal Sehbai · ‎05-18-2010

Kamil,

That would require a major design change in your network - something I guarantee you is not possible to handle in a forum setting :-)

If you have a Cisco account team, engage them, so they can help you get a workable design for L3 RIP.

HTH,

Faisal