Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

191

192

193

194

195

196

197

198

199

200

5-6

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 5 Configuring User Login Page and Guest Access

Enable Web Client for Login Page

Note When the Agent is installed, the Agent automatically sends the MAC address of all network adapters on

the client to the CAS. See the Cisco NAC Appliance - Clean Access Server Configuration Guide, Release

4.9(x) for more information.

DHCP Release/Renew with Agent/ActiveX/Java Applet

DHCP IP addresses can be refreshed for client machines using the Agent or ActiveX Control/Java Applet

without requiring port bouncing after authentication and posture assessment. This feature is intended to

facilitate Cisco NAC Appliance OOB deployment in IP phone environments.

In most OOB deployments (except L2 OOB Virtual Gateway where the Default Access VLAN is the

Access VLAN in Port profile), the client needs to acquire a different IP address from the Access VLAN

after posture assessment.

There are two approaches to enable the client to get the new IP address:

• Enabling the Bounce the port after VLAN is changed Port profile option. In this case, the switch

port connected to the client is bounced after it is assigned to the Access VLAN, and the client using

DHCP will try to refresh the IP address. This approach has the following limitations:

–

In IP phone deployments, because the port bouncing will disconnect and reconnect the IP Phone

connected to the same switch port, any ongoing communication is interrupted.

–

Some client operating systems do not automatically refresh their DHCP IP addresses even if the

switch port is bounced.

–

The process of shutting down and bringing back the switch port, and of client operating systems

detecting the port bounce and refreshing their IP addresses can take time.

• Using the Agent, ActiveX Control, or Java Applet to refresh client DHCP IP addresses without port

bouncing. This allows clients to acquire a new IP address in the Access VLAN and the Bounce the

switch port after VLAN is changed option in the Port profile can be left disabled.

Note This option can introduce unpredictable results for OOB clients if not configured correctly

for your specific network topology. For detailed information on Access to Authentication

VLAN change detection, refer to Configure Access to Authentication VLAN Change

Detection, page 3-67.

Agent Login

If the client uses the Agent to log in, the Agent automatically refreshes the DHCP IP address if the client

needs a new IP address in the Access VLAN.

Web Login

In order for the ActiveX/Java Applet to refresh the IP address for the client when necessary, use of the

web client must be enabled in the User Login Page configuration under:

• Administration > User Pages > Login Page > Edit > General

• Device Management > CCA Servers > Authentication > Login Page > Edit > General

In the Login Page configuration, two options need to be checked to use the ActiveX/Applet webclient to

refresh the client’s IP address: