LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

July 2009

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS July 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Layer 3 OOB implementation - non-cisco access switches
From:	Steve McIntosh <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Mon, 6 Jul 2009 11:39:41 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (90 lines)

Jim,

Thanks for the response.  We are a school district ( hence the 3com switches..:) ) with all of these sites connected via a 1Gig connection back to our HQ.  We are planning on a centralized deployement OOB, however, is sounds like we will be forced into the centralized inline Layer3 implementation.  Again, thanks for the information... 

Steve McIntosh, CCSP, CCNA
Network Engineer II
Department of Information Technology
Prince William County Public Schools

[log in to unmask]
Office - 703-791-8114
Cell - 571-722-7815


>>> Jim Thomas <[log in to unmask]> 7/6/2009 11:19 AM >>>
Steve are these smaller sites such as DSL and cable sites? Or are these
sites with a large amount of users? Just more curious than anything.
Unfortunately yes you are stuck to the Cisco devices as the only devices
being supported. However you can run in In-Band mode where the
appliances will always be inline with your user traffic. If you plan it
that way you will need less appliances if you design for a Central based
design where the NAC Appliances  are located at HQ. You can also
purchase a high amount of NAC appliances and put one at each site
however if you have a small amount of users at some sites you'll want to
design around the Central design anyway for budget reasons. The In-band
mode allows Cisco NAC devices to work with any vendors devices (since it
never touches their equipment). Sticking points to watch for is the
license limit (concurrent per user) and the gig bandwidth per interface
on the appliance.

 

No comment on the 3com switches .........lol

 

Thanks

Jim

 

Jim Thomas

Area Networks, Inc.

CCIE Security #16674

CCSP,CCNP,CCDP

     [log in to unmask] <mailto:[log in to unmask]> 

     Office: 650-242-8050

    Cell: 916-342-2265

 

  

 

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Steve McIntosh
Sent: Monday, July 06, 2009 6:47 AM
To: [log in to unmask] 
Subject: Layer 3 OOB implementation - non-cisco access switches

 

We are currently in the planning stages and have priced out L3 OOB for
88

sites.  However, each site has approx 20-30 3Com access switches.  We
are

being told that we have to replace each 3Com switch with a cisco 2900
series

switch, which will blow the project cost out of the water.  Has anyone
on

this listserve had any luck with implementing cisco nac with non-cisco

switches?  It seems that the access switch would only need to support
vlans

and snmp.  Any info would be great!

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU