Cisco Clean Access Users and Administrators wrote:
> This sounds like you are mixing implementation types. You do > NOT specify ports in IN-VG mode. > You only do this in OOB mode. > > In-Band mode works by having the routing interface (the > default gateway) be the CAS server. There is no VLAN switching on > the port itself. Hi Mike, and first of all thx for the reply... I'll try to be more clear in the explanation :-) - Actually we connect the access points and switches using "NAC controlled" ports (when you setup the port profile - under "Switch Management > Profiles > Port" section - you have to specify the Auth VLAN and Default Access VLAN for that port profile): is it correct that the switch port is under NAC control (on a fixed VLAN)? (I think so... If not, CAS will never intercept/manages communications on that port...) - Have the APs to be on the same VLAN (Auth VLAN) of the above managed port, defined into that port profile? You wrote: "You do NOT specify ports in IN-VG mode"; what did U mean? Do U mean that in IB-VG mode we don't have to use NAC controlled ports on switch? - Are static routes required on CAS config (Device Management > Clean Access Servers > CAS_IP > Advanced > Static Routes)? I hope this further infos help making clearer the point... :-) Diego -- Diego Cossetta ICT Security Consultant - Scouting e Sviluppo Tecnico - Business Unit I.NET | BT Global Services Tel: +39-02-328631 Fax: +39-02-328637701 e-Mail: [email protected] http://www.inet.it
