Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
131132133134135136137138139140
3-42
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 3 Switch Management: Configuring Out-of-Band Deployment
Configure OOB Switch Management on the CAM
Add VLAN Profile
To create a new VLAN profile:
Step 1 Go to OOB Management > Profiles > VLAN > New (Figure 3-22).
Figure 3-22 New VLAN Profile
Step 2
Specify a unique Profile Name for the new VLAN profile.
Step 3 Type an optional Description for the VLAN profile.
Step 4 Choose a VLAN Name Resolution method from the dropdown list:
Local Lookup Only—Instructs the CAM to resolve the specified VLAN name using only local
mappings as the possible resolved values. If you select this option, the CAM will not attempt to
resolve the VLAN name using any data available on the access switch.
Switch Query Preferred—Instructs the CAM to resolve the specified VLAN name by first
searching data available from the access switch, then (if not found) attempting to resolve the name
in the VLAN Name-to-ID mappings found in the VLAN profile.
Local Lookup Preferred—Instructs the CAM to resolve the specified VLAN name by first
searching name in the VLAN Name-to-ID mappings found in the VLAN profile, then (if not found)
attempting to resolve the name by searching data available from the access switch.
Step 5 Enter the VLAN Name for the access VLAN (the assigned “common” name of the VLAN users can
access the network) the CAM uses to grant access to the remote user. This function allows you to use
VLAN names instead of specific VLAN numbers to identify the VLAN ID the CAM should instruct the
access switch(es) to assign to the port over which the user accesses the network. Since the user may
access the network from one of several access switches residing at different network access points, the
VLAN name-to-VLAN ID mapping function enables you to associate a specific VLAN name with a user
or group profile and grant access over a broad range of access devices all around the network, based on
a single VLAN profile definition.
Step 6 Enter the VLAN ID for the VLAN policy. This is the actual VLAN number the CAS tells the switch to
assign to the remote user’s switch port once the user logs in and has been “cleared” to access the internal
network. Because VLAN IDs from different switches may be (and probably are) different, you can grant
access to a user or group profile based on the VLAN name-to-VLAD ID mapping defined on the CAM
and/or the access switch, itself.