Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
491492493494495496497498499500
11-16
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 11 Monitoring and Troubleshooting Agent Sessions
Manage Certified Devices
Step 11 Type a Minimum Age in days to only clear devices that have been on the Certified Devices List for the
number of days specified. Typing 0 clears all devices regardless of how long they have been on the
Certified Devices List.
Step 12 Choose a clearing Method for how much of the Certified Devices List (sorted by Criteria) this timer
should clear at one time. Options are:
a. Clear all matching certified devices.
b. Clear the oldest [] matching certified devices only. (for example, “10” clears the ten oldest
certified devices in the sort list)
c. Clear the oldest [] certified devices every [] minutes until all matching certified devices are
cleared.
Step 13 When done, click Update. This saves the Timer in the Certified Devices Timer List.
Note For additional information on terminating user sessions, see also Configure User Session and Heartbeat
Timeouts, page 8-15.
Add Floating Devices
A floating device is certified only for the duration of a user session. Once the user logs out, the next user
of the device needs to be certified again. Floating devices are useful for managing shared equipment,
such as kiosk computers or wireless cards loaned out by a library.
In addition to session-length certification, you can configure devices that are never certified. This is
useful for multi-user devices, such as dial-up routers that channel multi-user traffic from the untrusted
side of the network. In this case, the Clean Access Server will see only that device’s MAC address as the
source and destination of the network traffic. If the device is allowed to be certified, after the first user
is certified, additional users would be exempt from certification. By configuring the router’s MAC
address as a floating device that is never certified, you can ensure that each user accessing the network
through the device is individually assessed for vulnerabilities/requirements met.
In this case, the users are distinguished by IP address. Users must have different IP addresses. If the
router performs NATing services, the users are indistinguishable to the Clean Access Manager and only
the first user will be certified.
Figure 11-13 shows the Floating Devices tab.