Specifications
3-47
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 3 Switch Management: Configuring Out-of-Band Deployment
Configure OOB Switch Management on the CAM
• Port-Security Delay (default is 3 seconds)—If port-security is enabled on the switch, after the
VLAN is switched, the CAM must wait the number of seconds specified in the Port-Security Delay
field before setting the port-security information on the switch.
Note To refresh the DHCP IP address, typically the Agent or ActiveX/Java Applet performs a DHCP release
before the VLAN change, followed by a DHCP renew after the VLAN change. The delays to perform
DHCP Release, VLAN Change, DHCP Renew are configurable. See DHCP Release/Renew with
Agent/ActiveX/Java Applet, page 5-6 for additional details. See also Configure Access to
Authentication VLAN Change Detection, page 3-67 if you are using DHCP release/renew instead of port
bouncing.
• DHCP Release Delay (default is 1 second)—This field configures the delay between user login and
DHCP release.
• VLAN Change Delay (default is 2 seconds)—This field configures the delay between user login
and VLAN Change. This value should be greater than the DHCP Release Delay.
Note The VLAN Change Delay setting should be greater than the DHCP Release Delay, but less than the
combined duration of the DHCP Release Delay and DHCP Renew Delay. This is to ensure that DHCP
release happens before VLAN change and DHCP renew happens after VLAN change.
• Port Bounce Interval (default is 5 seconds)—The Port Bounce Interval is the time delay between
turning off and turning on the port. This delay is inserted to help client machines issue DHCP
requests.
• DHCP Renew Delay (default is 3 seconds)—This field configures the delay between DHCP release
and DHCP renew. This value should be greater than the VLAN Change Delay minus the DHCP
Release Delay.
• Redirection Delay without Bouncing (default is 1 second)—This field configures the delay
between VLAN change and webpage redirection (after client posture assessment) for ports with no
port bouncing in the Port Profile. This allows you to minimize redirection time if no port bouncing
is required. When the Port Profile does not require bouncing the port after the VLAN is changed (e.g
Virtual Gateway), configuring this option will redirect the user page after the number of seconds
specified here (e.g. 1 second).
When the port is not bounced, the total redirection interval that the user experiences is the value of
the Redirection Delay without Bouncing field.
Note When the user continues to be redirected to the login page after login/posture assessment, this typically
means the web page redirection is occurring before the switch is able to change the VLAN of the port
(from Auth to Access). In this case, increase the Redirection Delay to 2 or 3 seconds to resolve this issue.
• Redirection Delay with Bouncing (default is 15 seconds)—This field configures the delay between
port bouncing and webpage redirection (after client posture assessment) for ports with the Bounce
the port after VLAN is changed option checked on the Port Profile. This allows you to configure
the time needed for port bouncing.
When the port is bounced, the total redirection interval that the user experiences is the sum of 2
fields: Redirection Delay with Bouncing and Port Bounce Interval.