I am new in to NAC and I have an implementation coming up . we have sold them 2 NAC servers , 1 NAC manager and an ACS server.
Customer has VPN users, Wireless users and 3 remote branches ,I am planing place the devices in OOB , Virtual IP and L2 mode , Is this a good practice ? will this make any complications ?
How can i place ACS server (appliance) in the network . do I need to use 802.1x ? is this a good practice to use NAC solution + 802.1x in a network ?
Kindly suggest me how place ACS .
Thanks in advance .
you can use NAC + ACS for VPN and Wireless access.
Basically you can leverage VPN Auth using RADIUS and also Wirelss authentication using RADIUS/802.1x.
Then you can enable VPN/Wireless SSO on the CAS, so to leverage the RADIUS/802.1x authentication also for NAC, and have the clients to go through posture assessment.
Although you cannot do OOB for VPN, you can do this for Wireless with the Cisco WLC.
If you use VPN and/or Wireless clients that are not L2 adjacent to the CAS, you will have to use L3 mode on the CAS.
A CAS can only be IB *OR* OOB.. Virtual-Gateway *OR* Real-IP Gateway at any given time.
So if you want to combine Wireless OOB with VPN, you will need to use separate CAS for Wireless and VPN.
Please look at the following documents for more details:
* CAS config guide:
* Wireless NAC OOB Config example:
* VPN In-Band VGW config example:
I hope this helps.
If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.