Hi Chris,

Thanks for the interest. Here are my answers.

>>Are you only planning to secure unused ports with NAC...???

For now yes. The scope of the project is to get ports not identified with any particular machine secure. However, on the horizon we do want to at least have the option for all ports to go through the NAC for authentication.

>> Do you currently have specific VLANS or Subnets for the unused ports/Employees...???

No. Right now unused ports are just "on" the network. Employees are segmented into departmental VLANs.

>> Is there a reason you want to go OOB...???

Right now I guess we want to do that because of scaling. We are a fast growing company and by keeping the traffic out of band we won't overwhelm the CAM. Also if the OOB CAS fails we still want people to log on. This project is one line of defense not a primary line of defense.

Thanks for any advice. Its highly appreciated.

P.

-----Original Message-----
From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Herron, Chris
Sent: Friday, October 16, 2009 3:35 PM
To: [log in to unmask]
Subject: Re: Advice on deployment needed

Hey Pete,

A few questions:
 1: Are you only planning to secure unused ports with NAC...???
 2: Do you currently have specific VLANS or Subnets for the unused
ports/Employees...???
 3: Is there a reason you want to go OOB...???

Pending your answers I can give you some advice.

Chris