Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

161

162

163

164

165

166

167

168

169

170

4-5

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 4 Wireless LAN Controller Management: Configuring Wireless Out-of-Band Deployment

Wireless Out-of-Band Virtual Gateway Deployment

Summary Steps to Configure Wireless Out-of-Band

To enable Wireless OOB in you access network, you need to perform the following tasks:

1. Configure your Wireless LAN Controller:

a. Enable SNMP read and write settings on the WLC.

b. Enable SNMP trap transmission on the WLC using SNMP v2c (the SNMP v2c protocol is the

only version of SNMP traps the CAM and WLCs have in common).

c. Configure SSIDs/dynamic interfaces on the WLC with both an Authentication (Quarantine)

VLAN and a standard Access VLAN.

2. Ensure SNMP settings on the CAM match those assigned on the WLC using the guidelines in

Configure SNMP Receiver, page 4-19.

3. Create a new device profile on the CAM for the WLC using the guidelines in Add New Wireless

LAN Controller, page 4-20.

Note Unlike switch device profiles on the CAM, administrators do not configure or assign any

Port Profiles for WLCs. VLAN assignments for Authentication (Quarantine) and Access

VLANs originate form the WLC based on SNMP trap messages sent from the CAM

following client posture assessment and remediation.

4. Add the new WLC device profile to the Device List using the guidelines in Add and Manage

Wireless LAN Controllers, page 4-20.

5. Configure the CAS in your Cisco NAC Appliance network to support Wireless OOB network

functions using the appropriate sections of the “Configuring the CAS Managed Network” chapter

in the Cisco NAC Appliance - Clean Access Server Configuration Guide, Release 4.9(x):

–

Install the CAS according to the guidelines in the “Add New Server” section.

–

Ensure that the Cisco NAC Appliance system appropriately handles client traffic from the

WLC’s Authentication (Quarantine) VLAN by using the “Configuring Managed Subnets or

Static Routes” section.

–

Since the CAS acts as a bridge in Virtual Gateway mode, be sure the CAS is configured to map

the WLC’s Access VLAN to the Cisco NAC Appliance Access VLAN (both on the Trusted

VLAN) using the “Configure VLAN Mapping” section.

Wireless Out-of-Band Virtual Gateway Deployment

Figure 4-2 illustrates a typical Wireless OOB Virtual Gateway deployment. The WLC assigns two

VLANs, AUthentication (Quarantine) VLAN 110 and Access VLAN 10, to one or more SSIDs/dynamic

interfaces to support wireless client access. The WLC and the Layer 2 access switch have a VLAN trunk

assignment for both VLANs so that client traffic automatically reaches the Layer 2 switch regardless of

whether the wireless client machine has authenticated with Cisco NAC Appliance or not. The Layer 2

switch ensures that all unauthenticated traffic gets directed to the Clean Access Server via VLAN 110

and that authenticated clients remain Out-of-Band, thus bypasses the CAS and proceeding directly to the

internal network via Access VLAN 10.