Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
171172173174175176177178179180
4-8
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 4 Wireless LAN Controller Management: Configuring Wireless Out-of-Band Deployment
Configure Your Wireless LAN Controllers
Authentication and Access VLANs are defined on the WLC and changes between the two are
transmitted to the CAM using SNMP traps—administrators do not assign VLANs from the CAM
via user role assignments or otherwise.
When a wireless user logs off, the WLC also sends SNMP information to the CAM to ensure the
user ID is removed from the Online Users list. Likewise, if the administrator must kick any users
out of the Online Users list, the CAM informs the WLC via SNMP and the WLC automatically
assigns the wireless client to the Authentication (Quarantine) VLAN.
If Single Sign-On (SSO) is required for wireless users, the WLC must also be configured to transmit
RADIUS accounting packets to the CAS. Cisco WLCs do not support IPSec communication with
the Cisco NAC Appliance network, so you cannot provide RADIUS SSO capability to users in your
FIPS 140-2 compliant environment.
Note The VPN Auto Logout feature does not work in a Wireless OOB deployment. If VPN Auto
Logout signs a user out of the system, the CAM will not learn of the disconnection from the
WLC.
If your wireless access network provides services for Wireless IP Phones, ensure you configure a
separate SSID for such devices so that they do not encounter the Cisco NAC Appliance
authentication process.
Example Wireless LAN Controller Configuration Steps
This section provides a configuration example for a Cisco 4400 series Wireless LAN Controller.
Create the Dynamic Interface on the Wireless LAN Controller, page 4-8
Create the WLAN on the Wireless LAN Controller and Enable Cisco NAC Appliance Integration,
page 4-9
Configure SNMP on the Wireless LAN Controller, page 4-10
Specify the CAM as the SNMP Trap Receiver, page 4-11
Create the Dynamic Interface on the Wireless LAN Controller
To create and specify settings for a new Dynamic Interface on the Wireless LAN Controller:
Step 1 In the WLC graphical user interface, click Controller > Interfaces to open the Interfaces page.
Step 2 Click New and enter an Interface Name and VLAN ID in the Interfaces > New page that appears.
Step 3 Click Apply to commit your changes. The Interfaces > Edit page appears (Figure 4-3).