01-08-2009 09:46 AM - edited 02-21-2020 03:12 AM
Hi,
I'm deploying a NAC realIP/in-band/layer3, users cannot ping untrusted interface e1 of NAC server, user has to pass core sw 6500 and FW before hitting e1 of NAC server. I have tried to set the gateway of this intterface e1 to itself (as Cisco document) and FW module, but in both cases, user still cannot ping e1.
Anyone can help me? Much appreciate your replying!
User -- Core sw 6500 -- FW module (on core sw) -- NAC server -- NAC manager
01-10-2009 09:59 AM
I have pinged e1 (untrusted) of NAC server already. I have set both managed subnet and static route, something different with Cisco document (Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release 4.1(3)), this document recommends to configure static route for layer 3 deployment, not managed subnet!
Anyone has documents to deploy this scenario, pls share it to me! Thanks!
02-01-2009 12:35 PM
Managed subnets are for L2 deployments and Static routes are for L3 deployment. Both can exist on a CAS but for a individual subnet, ti will be one or the other.
If the client and CAS can see each others broadcast, its a L2. If not, its a L3.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide