Network Infrastructure Overview:
-Preferred NAC Mode - L2 O-O-B Virtual Gateway Mode (DHCP Passthrough)
-Roughly 4 Layer 3 Boundary Blocks each terminated by Layer 3 Switch
-Layer 2 communication within block, layer 3 between blocks
- ~ 1500 Nodes per Block; ~10-12 Layer 2 Switches per block
-2 CAMs and Profiler centrally located at CORE tying together the 4 blocks
-1 CAS or 2 CASes per block depending on block size
-KEY QUESTION=>: For UNTRUSTED NETWORK what would be an ideal SIZE PER SUBNET/NUMBER OF SUBNETS needed for smooth operation within one Layer 3 block being served by 1 CAS(or two if significantly large)?
Additional notes:
I just need rough estimate for perspective's sake. Also looking at rules on Cisco website I don't specifically see a mention of how extra untrusted subnets per cas are defined(supposing you wanted to use more than one untrusted subnet per cas or why it would be suitable/unsuitable to use multiple untrusted subnets?)
Your input is appreciated in advance.