Specifications

3-26
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 3 Switch Management: Configuring Out-of-Band Deployment
Configure OOB Switch Management on the CAM
Figure 3-7 Add New OOB Server
The Out-of-Band Server Types appear in the dropdown menu to add a new Clean Access Server:
Out-of-Band Virtual Gateway
Out-of-Band Real-IP Gateway
The Clean Access Server itself must be either In-Band or Out-of-Band. The Clean Access Manager
can control both In-Band and Out-of-Band CASs in its domain.
Note For Virtual Gateway (In-Band or OOB), do not connect the untrusted interface (eth1) of the CAS to
the switch until after the CAS has been added to the CAM via the web console.
For Virtual Gateway with VLAN mapping (In-Band or OOB), do not connect the untrusted interface
(eth1) of the CAS to the switch until VLAN mapping has been configured correctly under Device
Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping. See the Cisco
NAC Appliance - Clean Access Server Configuration Guide, Release 4.9(x) for details.
Step 2 For OOB Virtual Gateways, you must enable and configure VLAN mapping (Figure 3-8) on the CAS for
each Auth/Access VLAN pair configured on the switch. This is required in order to retag an
unauthenticated client’s allowed traffic (e.g. DHCP/DNS) from the Auth VLAN to the Access VLAN
(and vice-versa). You can also enable VLAN pruning for CAS appliances operating in Virtual Gateway
mode. See the Cisco NAC Appliance - Clean Access Server Configuration Guide, Release 4.9(x) for
further details on VLAN mapping and VLAN pruning.