Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
111112113114115116117118119120
3-25
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 3 Switch Management: Configuring Out-of-Band Deployment
Configure OOB Switch Management on the CAM
Configure OOB Switch Management on the CAM
This section describes the web admin console configuration steps to implement Out-of-Band. In general,
you first configure Group, Switch, and Port profiles, as well as the Clean Access Manager’s SNMP
Receiver settings, under OOB Management > Profiles. After profiles are configured, add the switches
you want to control to the Clean Access Manager’s domain under OOB Management > Devices, and
apply the profiles to the switches.
After switches are added, the ports on the switch are discovered, and the Port and Config icons and
pages for each switch appear on OOB Management > Devices > Devices > List.
Clicking the manage Ports icon brings up the Ports tab. The Ports page is where you apply a managed
Port Profile to a specific port(s) to configure how a client’s traffic is temporarily routed through the CAS
for authentication/certification before being allowed on the trusted network.
The configuration sequence is as follows:
1. Plan your settings and configure the switches to be managed, as described in previous section,
Configure Your Switches, page 3-14
2. Add Out-of-Band Clean Access Servers and Configure Environment, page 3-25
3. Configure Global Device Filters to Ignore IP Phone MAC Addresses, page 3-28
4. Configure Group Profiles, page 3-28
5. Configure Switch Profiles, page 3-30
6. Configure Port Profiles, page 3-33
7. Configure VLAN Profiles, page 3-40
8. Configure SNMP Receiver, page 3-44
9. Add and Manage Switches, page 3-48
10. Manage Switch Ports, page 3-54
Add Out-of-Band Clean Access Servers and Configure Environment
Note In order to establish the initial secure communication channel between a CAM and CAS, you must
import the root certificate from each appliance into the other appliance’s trusted store so that the CAM
can trust the CAS’s certificate and vice-versa.
Almost all the CAM/CAS configuration for Out-of-Band deployment is done directly in the OOB
Management module of the web admin console. Apart from the OOB Management module
configuration, OOB setup is almost exactly the same as traditional In-Band setup, except for the
following differences:
Step 1 Choose an Out-of-Band gateway type when you add your Clean Access Server(s) (Figure 3-7).