Here the terms central and edge deployment refer to the physical configuration of NAC Appliance Server. Central Deployment Mode or Edge Deployment Mode A complete compatibility matrix of supported switches is at NAC Appliance In-Band mode supports most Cisco switches. NAC Appliance Out-of-Band mode works with only Cisco Catalyst switches. Wireless and virtual private network (VPN) users must use In-Band mode. Today, NAC Appliance supports Out-of-Band mode only for users on a wired LAN. When planning for an Out-of-Band mode deployment, keep in mind that the following factors will affect the design. To configure IB mode, you follow almost the same steps you would to configure OOB mode, but you leave out the switch and VLAN configuration steps.
The main reason for this is that if you know how to configure OOB mode, you also know how to configure IB mode. This book does not include a chapter on configuring In-Band mode. For detailed information explaining what OOB is and how it compares to In-Band (IB) mode, see Chapter 4, "Making Sense of All the Cisco NAC Appliance Design Options," earlier in this book. This chapter covers the configuration of the Out-of-Band (OOB) mode in both Layer 2 (where users are Layer 2 adjacent to NAC Appliance Server) and Layer 3 (where users are one or more hops away from NAC Appliance Server) scenarios.
Sample Design and Configuration for Layer 3 Out-of-Band Deployment Sample Design and Configuration for Layer 2 Out-of-Band Deployment This chapter covers the following topics: