Specifications

3-41

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 3 Switch Management: Configuring Out-of-Band Deployment

Configure OOB Switch Management on the CAM

4. User1 is authenticated and the CAM instructs switch A to assign VLAN 5 to the managed port.

5. User1 achieves VPN access to the internal network.

6. Later in the day, while visiting a client, user1 again attempts to access the network, but this time

user1’s session arrives at access switch B.

7. As with switch A earlier that day, switch B allows the user authentication-level access and user1

passes authentication credentials on to the CAM, where the same user role association specifies that

the Access VLAN for user1’s session should be the VLAN name “VPN_access.”

8. The CAM queries VLAN profile assignments for the VLAN ID corresponding to “VPN_access”

and, because switch B employs a different VLAN ID assignment model addressed in the relevant

CAM switch profile mappings, the CAM discovers a VLAN profile associated with the port profile

for Switch B indicating VLAN 15.

9. The CAM instructs switch B to assign VLAN 15 to the managed switch port and grant VPN access

to user1.

As this example demonstrates, the VLAN access name is the same for both sessions, but two separate

VLAN profiles on the CAM ensure user1 receives the same level of authentication from both access

points on the network.

Figure 3-21 illustrates the VLAN Profiles List page.

Figure 3-21 VLAN Profiles

Note The Policy Sync feature allows OOB Port Profiles and VLAN Profiles to be exported from a Master

CAM to Receiver CAMs. Refer to Policy Import/Export, page 14-28 for details.