Thanks Charles, no i'm not using 802.1x deployment , it's Layer 3 deployment where cas is working as real gateway , cam is far one hop from the cas , and i need to deploy agent on branches which one hop or more from the cas, I've already deploy ldap and sso ,and it's working fine on different cas where i have layer 2 deployment but now we faced problem with layer 3 , as i don't want to use PBR , becuase acctually when using PBR it's working but i don't prefer to configure PBR on those hops as PBR has draw back and effect my future planing for the network , the cam controlling the network port vlan through snmp write community , and there will be an access-list to filter the traffic from none comply user .
Regards, --- On Thu, 3/4/10, Kingsley Charles <[email protected]> wrote: From: Kingsley Charles <[email protected]> Subject: Re: [OSL | CCIE_Security] NAC / OOB / L3 Question , To: "Mouhannad Alnouri" <[email protected]> Cc: [email protected] Date: Thursday, March 4, 2010, 1:08 AM Can you elloborate on the NAC deployments/components that you are using. Since you are expecting a pop up, does that mean you are using 802.1x L2 NAC? With regards Kings On Thu, Mar 4, 2010 at 12:49 AM, Mouhannad Alnouri <[email protected]> wrote: Hello everyone , I've multi hope scenario where i have to deploy NAC version 4.7 , Layer 3 and OOB , for that deployment they mentioned that there are three way to deploy : 1- Host discover . 2- VRF-Lite and GRE . 3- Policy based routing , for the policy based routing it's working fine but the problem that this solution is not scalable , and would add over head on configuration on hopes , i have problem with Host discover that the pop up windows of NAC agent doesn't appear , and there is no reference to show step by step deployment and troubleshooting host discover on L3, OOB so could any one deploy it before and if yes , is there is any draw back for it , i need configured case or scenario where i can use it for my deployment BR , _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
