cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1424
Views
5
Helpful
7
Replies

NAC OUT OF BAND REAL IP GATEWAY

ericohermoso
Level 1
Level 1

Hello,

I have NAC 4.8 and setup as Out of Band Real IP Gateway.

Is it possible to integrate it with WLC5508(Wireless)?

thank you

2 Accepted Solutions

Accepted Solutions

Federico Lovison
Cisco Employee
Cisco Employee

Hello!

Currently only NAC Servers configured in Virtual  Gateway mode can support wireless OOB users:

http://www.cisco.com/en/US/customer/docs/security/nac/appliance/configuration_guide/48/cam/m_woob.html#wp1148691

I hope this answers your question.

Regards,

Federico

--

If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

View solution in original post

Hello!

Yes, I'd say you just have to wait for NAC OOB Real-IP with Wireless.. :-)

In any case, it's perfectly fine to use ACS 5 to authenticate the Wireless users on the CT5508.

Just a note, if you're actually using ACS 5.0 (and not 5.1 or 5.2), make sure that you also install the latest patch.

In any case, if you're indeed on 5.0, I'd strongly recommend to go to 5.2.

If what you're looking for is 802.1x authentication, you can refer to this document for a config example with the PEAP method:

http://www.cisco.com/en/US/customer/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml

If you want to authenticate users through web-auth, then you can refer to this other document:

http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml

The above example refers to ACS 4.x, however, you can achieve the same goal on ACS 5... for that, just make sure you have good understanding of the policy model in ACS 5 .. you can find all the details on the config guide:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/policy_mod.html

I hope this helps!

Regards,

Federico

View solution in original post

7 Replies 7

Federico Lovison
Cisco Employee
Cisco Employee

Hello!

Currently only NAC Servers configured in Virtual  Gateway mode can support wireless OOB users:

http://www.cisco.com/en/US/customer/docs/security/nac/appliance/configuration_guide/48/cam/m_woob.html#wp1148691

I hope this answers your question.

Regards,

Federico

--

If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

hello Federico,

thanks, is there any possibility the out of band real ip gateway will support the wireless?  because i already setup my nac network in out of band real ip gateway.

regards,

Edwin

Hi,

I'm afraid that the answer is negative.

The thing is that for the moment the WLC supports only the VLAN transition from "quarantine" (or Authentication) to Access VLAN as configured directly on the WLC dynamic interface.

This allows for the client not to change its IP address while moving from the quarantine to the access VLAN.

In OOB Real-IP the VLAN has to be pushed from the CAM, and this is only supported for wired users at this point in time.

Thanks,

Federico

hello,

ic,  so i think have to wait for sometime. or try to authenticate the wireless users with my acs 5.0.

ok, if its ok with you, i am also trying to integrate my wlc5508 to acs5.0, and is it  possible?am trying to find documents for the integration if this devices but  i can't find.

well this is the acs that i opened with you (active directory) 2 days ago..

thanks..

Hello!

Yes, I'd say you just have to wait for NAC OOB Real-IP with Wireless.. :-)

In any case, it's perfectly fine to use ACS 5 to authenticate the Wireless users on the CT5508.

Just a note, if you're actually using ACS 5.0 (and not 5.1 or 5.2), make sure that you also install the latest patch.

In any case, if you're indeed on 5.0, I'd strongly recommend to go to 5.2.

If what you're looking for is 802.1x authentication, you can refer to this document for a config example with the PEAP method:

http://www.cisco.com/en/US/customer/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml

If you want to authenticate users through web-auth, then you can refer to this other document:

http://www.cisco.com/en/US/customer/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml

The above example refers to ACS 4.x, however, you can achieve the same goal on ACS 5... for that, just make sure you have good understanding of the policy model in ACS 5 .. you can find all the details on the config guide:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/policy_mod.html

I hope this helps!

Regards,

Federico

hello Federico,

really a good new...for the meantime i have to use my acs5.0 for wireless authentication, and just transfer my wireless users to  nac once the out of band real ip gateway comes.

thank you and best regards....

Edwin

it is possible to integrate it with WLC5508(Wireless)? with NAC out-of-band Real Ip gateway

NAC-4.9.3

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: