Steve are these smaller sites such as DSL and cable sites? Or are these sites with a large amount of users? Just more curious than anything. Unfortunately yes you are stuck to the Cisco devices as the only devices being supported. However you can run in In-Band mode where the appliances will always be inline with your user traffic. If you plan it that way you will need less appliances if you design for a Central based design where the NAC Appliances are located at HQ. You can also purchase a high amount of NAC appliances and put one at each site however if you have a small amount of users at some sites you'll want to design around the Central design anyway for budget reasons. The In-band mode allows Cisco NAC devices to work with any vendors devices (since it never touches their equipment). Sticking points to watch for is the license limit (concurrent per user) and the gig bandwidth per interface on the appliance.
No comment on the 3com switches .........lol
Thanks
Jim
Jim Thomas
Area Networks, Inc.
CCIE Security #16674
CCSP,CCNP,CCDP
[email protected] <mailto:[email protected]>
Office: 650-242-8050
Cell: 916-342-2265
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[email protected]] On Behalf Of Steve McIntosh
Sent: Monday, July 06, 2009 6:47 AM
To: [email protected]
Subject: Layer 3 OOB implementation - non-cisco access switches
We are currently in the planning stages and have priced out L3 OOB for
88
sites. However, each site has approx 20-30 3Com access switches. We
are
being told that we have to replace each 3Com switch with a cisco 2900
series
switch, which will blow the project cost out of the water. Has anyone
on
this listserve had any luck with implementing cisco nac with non-cisco
switches? It seems that the access switch would only need to support
vlans
and snmp. Any info would be great!
<<image001.gif>>
<<image002.gif>>
<<image003.jpg>>
<<image004.jpg>>
<<image005.png>>
