on untrusted vlan , i allow dhcp , dns , remediation server , and untrusted cas virtual ip (HA CAS) , and finally all udp for testing per puses , on trusted i forbid communicating with cas virtual ip then permit every thing,
________________________________ From: Dave Craddock <[email protected]> To: Mouhannad Alnouri <[email protected]>; Kingsley Charles <[email protected]>; Brandon Carroll <[email protected]> Cc: [email protected] Sent: Sun, March 7, 2010 7:35:44 PM Subject: RE: [OSL | CCIE_Security] NAC / OOB / L3 Question , Re: [OSL | CCIE_Security] NAC / OOB / L3 Question , What do you allow through on the untrusted vlan ? From:[email protected] [mailto:[email protected]] On Behalf Of Mouhannad Alnouri Sent: 07 March 2010 17:12 To: Kingsley Charles; Brandon Carroll Cc: [email protected] Subject: Re: [OSL | CCIE_Security] NAC / OOB / L3 Question , Dear , i've tried several time not working , even the communication between the cam and switch is ok, and the switch port is go changed to untrusted vlan , but the nac agent doesn't pop up and start communicating with remediation server , i don't know if any has tried ACL solution before and weather it working without configuring PBR, Regards, ________________________________ From:Mouhannad Alnouri <[email protected]> To: Kingsley Charles <[email protected]>; Brandon Carroll <[email protected]> Cc: [email protected] Sent: Thu, March 4, 2010 11:48:43 PM Subject: Re: [OSL | CCIE_Security] NAC / OOB / L3 Question , thanks bro , i'm going to check it out as it seems so valuable material for me . Regards, --- On Thu, 3/4/10, Brandon Carroll <[email protected]> wrote: From: Brandon Carroll <[email protected]> Subject: Re: [OSL | CCIE_Security] NAC / OOB / L3 Question , To: "Kingsley Charles" <[email protected]>, "Mouhannad Alnouri" <[email protected]> Cc: [email protected] Date: Thursday, March 4, 2010, 1:46 AM Perhaps this is something useful? http://www.cisco.com/en/US/solutions/ns340/ns394/ns171/ns466/ns617/net_design_guidance0900aecd80417226.pdf If you are using a nac appliance there is a blog here: http://cisconac.blogspot.com/ And the following has L2 OOB. http://www.ciscosystems.org.ro/application/pdf/paws/108540/nac-layer3-design-guide.pdf -- Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com. From: Kingsley Charles <[email protected]> Date: Thu, 4 Mar 2010 11:38:50 +0530 To: Mouhannad Alnouri <[email protected]> Cc: <[email protected]> Subject: Re: [OSL | CCIE_Security] NAC / OOB / L3 Question , over that the pop up windows of NAC agent doesn't appear , and there is no ref
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
