General Management Considerations
6-4 Initializing the NAC Controller
–TheNACControllerEnginemanagementIPaddressisusedformanagementtraffic
generatedfromtheNACControllerEngine,andtheNACControllerEngineremediation
IPaddressusedtoruntheremediationwebserver.
–TheNACControllerEngineremediationIPaddress,mask,anddefaultgatewaymust
belongtothesubnetthatspansthedownstreamandupstreamrouters.
–TheNACControllerEnginemanagementIPaddressalongwithamaskisassignedtothe
10/100Ethernetport.Therefore,the10/100Ethernetportmustbeconnectedintothe
topologywithaseparatephysicallinkontothemanagementVLAN.Nodefaultgateway
isassignedtothemanagementIPaddress.
–TheNACControllerEnginemanagementIPaddressandNACControllerPEPIP
addresses,masks,andgatewaymustbepartofthesamesubnet,andnotonthesubnet
thatspanstheupstreamanddownstreamrouterswhichcarriesdatatraffic.
–AmanagementVLANIDmustbespecified.Allmanagementtrafficsourcedfromthe
NACControllerPEPegressestheupstreamanddownstreamportsoftheNACController
taggedtothemanagementVLAN.Therefore,theupstreamanddownstreamrouters
mustbeconfiguredto802.1QVLANtrunkthemanagementVLANtotheNAC
Controller.
–TheNetSightmanagementserverIPaddressshouldbeconfiguredonthesamesubnetas
theNACControllerEngineandNACControllerPEPIPaddresses.Otherwise,
managementtrafficsourcedfromtheNACControllerEngineandNACControllerPEP
willtraversethedataVLANonthewaytotheNetSightmanagementserver.
SeeFigure 6‐4onpage 6‐5foradiagramoflayer2Out‐Of‐BandmanagementandFigure 6‐6on
page 6‐6foradiagramoflayer3Out‐Of‐Bandmanagement
Figure 6-3 Layer 2 In-Band Management Topology