Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco NAC Appliance 4.1.0

Cisco Cisco NAC Appliance 4.1.0

Download
Page of 242
 
5-22
Cisco NAC Appliance - Clean Access Server Installation and Administration Guide
OL-12213-01
Chapter 5      Clean Access Server Managed Domain
Configuring Managed Subnets or Static Routes
If you need to provide an ARP entry for the managed subnet other than the one created by default, use 
the instructions in 
. For the entry, use the gateway address for the subnet and 
set the Link value to Untrusted (eth1)
Configure Static Routes for L3 Deployments
L3 deployments (and some VPN concentrators deployments) should not use Managed Subnets and 
should only use Static Routes to configure how the CAS should route packets. The Static Route form 
(
) lets you set up routing rules in the Clean Access Server. Static Routes have the form:
Network / subnet mask / send packets to interface (trusted or untrusted) / Gateway IP address (optional) 
Any packet that comes into the CAS is evaluated based on static routes, then routed appropriately to the 
router. When the CAS receives a packet, it looks through its static route table, finds the most specific 
match, and if that route has a gateway specified, the CAS sends packets through that gateway. If no 
gateway is specified, then the CAS puts packets on the interface specified for the route (eth0 or eth1). 
Note
If converting from L2 to L3 deployment, remove managed subnets and add static routes instead. 
 illustrates a Layer 3 deployment scenario that requires a static route. 
Figure 5-9
Static Route Example (Layer 3) 
Rest of the
Network
Clean Access
Server
10.1.51.1
10.1.52.1
Client
Client
10.1.51.0/24
10.1.52.0/24
Client
Client
eth0
eth1
10.1.1.1
CAS needs to have 2 static routes:
10.1.51.0 / 255.255.255.0 eth1 10.1.51.1
10.1.52.0 / 255.255.255.0 eth1 10.1.52.1