352-001 · Question #272
You are designing an Out of Band Cisco Network Admission Control, Layer 3 Real-IP Gateway deployment for a customer. Which VLAN must be trunked back to the Clean Access Server from the access switch?
The correct answer is A. untrusted VLAN. In an Out-of-Band Cisco NAC Layer 3 Real-IP Gateway deployment, the untrusted VLAN must be trunked to the Clean Access Server so it can intercept and assess unauthenticated client traffic before granting network access.
Question
You are designing an Out of Band Cisco Network Admission Control, Layer 3 Real-IP Gateway deployment for a customer. Which VLAN must be trunked back to the Clean Access Server from the access switch?
Options
- Auntrusted VLAN
- Buser VLAN
- Cmanagement VLAN
- Dauthentication VLAN
How the community answered
(34 responses)- A91% (31)
- B6% (2)
- D3% (1)
Why each option
In an Out-of-Band Cisco NAC Layer 3 Real-IP Gateway deployment, the untrusted VLAN must be trunked to the Clean Access Server so it can intercept and assess unauthenticated client traffic before granting network access.
The untrusted VLAN is where clients are initially placed prior to posture assessment and authentication. The Clean Access Server must receive this VLAN traffic directly so it can redirect clients to the authentication portal, evaluate endpoint compliance, and enforce policy before moving users to the trusted network segment.
The user VLAN is the trusted segment where clients reside after successful authentication; the CAS does not need to intercept already-authenticated traffic on this VLAN.
The management VLAN carries device management traffic such as SSH and SNMP and is not associated with client authentication or posture assessment workflows.
There is no separate 'authentication VLAN' in Cisco NAC OOB terminology; the untrusted VLAN itself is the segment that handles pre-authentication client traffic.
Concept tested: Cisco NAC OOB Layer 3 Real-IP Gateway VLAN trunking requirements
Source: https://www.cisco.com/c/en/us/td/docs/security/nac/appliance/configuration_guide/413/cas/413_cas_book/oob.html
Topics
Community Discussion
No community discussion yet for this question.