Cisco Cisco NAC Appliance 4.1.0
3-6
Cisco NAC Appliance - Clean Access Server Installation and Administration Guide
OL-12213-01
Chapter 3 Configuring Layer 3 Out-of-Band (L3 OOB)
Overview
•
When the CAM changes the VLAN on the switch port from the Auth VLAN to the Access/User Role
VLAN, port bouncing is required.
VLAN, port bouncing is required.
–
In Port profiles (Switch Management > Profiles > Port > New/Edit), make sure “Bounce the
port after VLAN is changed” is checked
port after VLAN is changed” is checked
–
In Port profiles, make sure “Remove out-of-band online user without bouncing the port” is
unchecked.
unchecked.
Layer 3 OOB: Networking
•
L3 OOB will typically be used in Routed Access environments.
•
With OOB, the goal is to make user traffic flow through the CAS during Authentication, Posture
Assessment and Remediation only.
Assessment and Remediation only.
–
CAS challenges user for credentials and also acts as policy enforcement device in the
Unauthenticated and Quarantine/Temporary roles.
Unauthenticated and Quarantine/Temporary roles.
•
Once the user is certified to be compliant, it bypasses the CAS.
•
Use networking technologies (such as PBR or VRF) to achieve this goal.