Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
121122123124125126127128129130
3-39
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 3 Switch Management: Configuring Out-of-Band Deployment
Configure OOB Switch Management on the CAM
This feature enables administrators to remove other online Out-of-Band users on the switch port
when a new user is detected on the same port. It also allows for the modification of the port profile
if an existing user is seen on a different switchport.
Checking this option ensures that only one valid user is allowed on one switch port at the same time.
If an online user (e.g.”user1”) is currently on a switch port (e.g. “fa0/1” on switch “c2950”) and this
option is enabled for the Port Profile applied to that port, “user1” will be removed if another user
(e.g “user2”) signs in from the same switch port or moves to this port from another location.
Note Online user is an endpoint or a PC connected to the switch port. If another user logs in to the
same PC with different credentials, it is not detected as a different user, as the endpoint is
identified only by the MAC Address and not by the login credentials.
Remove Out-of-Band online user without bouncing the port
When any user is removed from the OOB Online User list, the port is changed from the Access
VLAN to the Authentication VLAN. Also note that users removed from the Certified Device list are
also always removed from the Online User list (IB or OOB). If the Remove Out-of-Band online
user without bouncing the port option is checked, the port will not be bounced when a user is
removed from the OOB Online User list. If this option is not checked, the port will be bounced when
a user is removed from the OOB Online User list.
This option is intended to prevent bouncing the switch port to which a client machine is connected
via an IP phone. The feature allows Cisco NAC Appliance to
authenticate/assess/quarantine/remediate a client machine (laptop/desktop) without affecting the
operation of a IP phone connected to the switch port. When this option is checked for OOB Virtual
Gateways, the client port will not be bounced when:
Users are removed from the Out-of-Band Online Users list
Devices are removed from the Certified Devices List
Instead, the port Access VLAN will be changed to the Authentication VLAN.
Step 16 Click Add to add the port profile to the OOB Management > Profiles > Port > List.
See Manage Switch Ports, page 3-54 for further details on Port profiles and the Ports config page.
See Interpreting Event Logs, page 13-4 for further details on monitoring online users.