NAC second Nic

  • 0
  • 1
  • Question
  • Updated 4 years ago
We are in the process of deploying multiple wifi controllers with multiple NAC appliances.
The client have two core S series switches, NOT virtually bonded.
The NAC appliances is being configured in a LSNAT group.
Can a second NIC interface on the NAC appliance be configured on the NAC to allow for connection to both S series Core switches?
This will allow me to create a LSNAT on both S series cores switches and direct the 802.1x authentication to a primary and backup LSNAT group.

Regards
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,330 Points 5k badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb
I think there is a misunderstoud of what LSNAT does in relation to the NAC Gateways....

You define a pool of Radius servers on the S Serie's switches with LSNAT, then the S-Serie's will handle the load sharing of the authentication requests to the different NAC Gateways. 1st request to the 1st NAC GW, 2nd request to the second NAC GW, 3th request to the 1st NAC GW and so on.

I mean that you thought about different Rule Matrix between your NAC Gateways and therefor you would like to create a second network interface to the GW's, right?

NAC Gateways you want to load share must be in the same NAC Appliance Group!

But in my opionion there is no real need to to this. One of my customers has more then 750 rule matrix lines within his config and currenlty uses LPA NAC Gateways, no need for more performance, the use at maximum 5% CPU (with more than 4000 concurrent users).

There IS a second NIC card in all NAC Gateways (also on the virtual GW's) but this is for Kerberos snopping, not for authentication.