Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

151

152

153

154

155

156

157

158

159

160

3-65

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 3 Switch Management: Configuring Out-of-Band Deployment

Configure OOB Switch Management on the CAM

• An OOB online user is removed and the Port Profile is configured with the Kick Out-of-Band

online user when linkdown trap is received option.

• Port Security is enabled on the switch.

Port Security

Port Security is a switch feature that restricts input to an interface by limiting and identifying MAC

addresses of the stations allowed to access the port.

When you change the SNMP control method from Mac Notification to Linkup Notification, as

described in Enabling Port Security, the Port Security checkbox will appear on the Advanced page

(Figure 3-39) if the switch supports the feature. When using linkup notification, the Port Security feature

can provide additional security by causing the port to only allow one MAC address when a user

authenticates. So even if the port is connected to a hub, only the first MAC that is authenticated is

allowed to send traffic. Note that availability of the Port Security feature is dependent on the switch

model and OS being used.

When you enable Port Security on the CAM, the switch configuration is not immediately changed.

Instead, when the next client connects to that port, the switch will add the configuration for the port

which turns on Port Security for that MAC address. The switch will add that MAC address as the only

MAC address allowed to connect to that port if other connection attempts are made.

Enabling Port Security

Step 1 Go to OOB Management > Devices > List and click the Config icon for the switch you want to control.

Step 2 From the Config tab, click the Advanced link.

Step 3 Click the option for Linkup Notification. A checkbox for Port Security appears if the switch supports

the feature.

Step 4 Click the Enable checkbox for Port Security.

Step 5 Click Update.

Step 6 A prompt (Figure 3-39) appears with the following message: “Do you want to clear the mac-notification

settings on the switch too? Press CANCEL to update without clearing the mac-notification settings on

the switch.”

• If you click OK, the CAM saves the Port Security setting and the “snmp-server enable traps

mac-notification

” line is removed from the switch configuration.

• If you click Cancel, the CAM saves the Port Security setting and the “snmp-server enable traps

mac-notification

” line is not removed from the switch configuration. This option can save some

time if the administrator is planning to change the port back later to MAC Notification control. See

Re-Enabling MAC Notification, page 3-66 for details.)