New NAC design. Call center is currently using VMPS for dynamic VLAN assignment (6509 running hybrid CatOS and IOS, YUK!!!). Requirements that PCs (aka users) are assigned to specific VLANs that limit what resources they have access to. Unregistered MAC addresses go into "penalty box" Visitor VLAN with internet access only. LAN currently spans three levels in a building with core 6509s. Core, distribution and access are all Layer 2, with the 6509s centrally routing everything (will be updating this for them later). NAC must not be a bottleneck for users that are authenticated or trusted. At first I'm thinking Layer 2 OOB. They want a NAC Guest server to control the access to the visitor vlan and possibly use with WLC for Visitor access as well. Based on this information I would think that I would want to use layer 3 OOB with real-ip gateway and create a new authentication VLAN for the untrusted side of the NAC server and assign the trusted VLAN based on the roles (mac addresses) defined in the NAC manager to replace the VMPS functionality. They also use non Cisco based VoIP. I'm guessing I can address that simply by having a list of all the mac addresses of the IP phones on the ignore list on the NAC manager. Any suggestions or pointers? They do not want to address the core, distribution and access architecture at this time.
We are happy to share changes to the Cisco Threat Grid support experience! Our customers have spoken, and we have listened! You want a single, streamlined, easy to access tool to open, view, and update your cases across Cisco Services. That tool is Cisco’...
Where can I find out how to integrate my Cisco products with Threat Response?
There are quick start guides and instructional videos to help you get set up with your Cisco products and the Cisco Threat Response platform.
Inviting all Security & Networking professionals! We want you to tell us what devices you use to do your work and its screen resolution. Your response will help us improve network and security management tools.
Click here to take the 5-minute s...
This guide is intended to show some nifty and powerful use cases that a lot of customers either want or don’t know they want. There are tons of other content out there for specific knobs or capabilities, but this is looking to be a more complete...