we are doing the L3 jig here at Utah and there are some gotchas.

This might all be different when using the heavy client which we don't
use...

For Example

No mac address in the logs or web UI about the user from when he
authenticated (at least that we can find)
I wish cisco could lookup that mac info from the DHCP lease file they
just gave that user/ip

You have to add the managed subnets and the static routes in a certain
order and cannot modify them without removing them in the proper reverse
order.

You can use the CAS as a DHCP server with iphelper config on the client
side switches.

MPLS is a headache getting vlans/VRF's to the CAS trust side for egress
vlan retagging.

I can't seem to get the active/java sctipt mac address code to work with
the auth page.



Call me sometime and we can talk if you want to

801-587-0907

Dave Packham
U of Utah

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Sidney Eaton
Sent: Tuesday, November 14, 2006 1:33 PM
To: [log in to unmask]
Subject: MultiHop L3 CCA Deployments

Is anyone doing multihop L3 deployments and would be willing to share 
their experiences in implementing.  Also want to know if anyone is only 
redirecting student outbound traffic through CCA and inbound (return 
traffic) doesn't go through CCA.  Oh and this is and inline 
implementation.  Also for those that don't do you guys run a seperate
line 
out to the edge for clean access in a mixed clean access/non clean
access 
enviroment.  Drawings are greatly appreciated.

Sincerely,
Sidney Eaton
Network Technician/Programmer
Ferris State University
205 West Building
Big Rapids, Mi 49307
(231) 591-5388
For Support Call (231) 591-4822 or www.ferris.edu/tac