Jim, Thanks for the response. We are a school district ( hence the 3com switches..:) ) with all of these sites connected via a 1Gig connection back to our HQ. We are planning on a centralized deployement OOB, however, is sounds like we will be forced into the centralized inline Layer3 implementation. Again, thanks for the information...
Steve McIntosh, CCSP, CCNA Network Engineer II Department of Information Technology Prince William County Public Schools [email protected] Office - 703-791-8114 Cell - 571-722-7815 >>> Jim Thomas <[email protected]> 7/6/2009 11:19 AM >>> Steve are these smaller sites such as DSL and cable sites? Or are these sites with a large amount of users? Just more curious than anything. Unfortunately yes you are stuck to the Cisco devices as the only devices being supported. However you can run in In-Band mode where the appliances will always be inline with your user traffic. If you plan it that way you will need less appliances if you design for a Central based design where the NAC Appliances are located at HQ. You can also purchase a high amount of NAC appliances and put one at each site however if you have a small amount of users at some sites you'll want to design around the Central design anyway for budget reasons. The In-band mode allows Cisco NAC devices to work with any vendors devices (since it never touches their equipment). Sticking points to watch for is the license limit (concurrent per user) and the gig bandwidth per interface on the appliance. No comment on the 3com switches .........lol Thanks Jim Jim Thomas Area Networks, Inc. CCIE Security #16674 CCSP,CCNP,CCDP [email protected] <mailto:[email protected]> Office: 650-242-8050 Cell: 916-342-2265 -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Steve McIntosh Sent: Monday, July 06, 2009 6:47 AM To: [email protected] Subject: Layer 3 OOB implementation - non-cisco access switches We are currently in the planning stages and have priced out L3 OOB for 88 sites. However, each site has approx 20-30 3Com access switches. We are being told that we have to replace each 3Com switch with a cisco 2900 series switch, which will blow the project cost out of the water. Has anyone on this listserve had any luck with implementing cisco nac with non-cisco switches? It seems that the access switch would only need to support vlans and snmp. Any info would be great!
