Specifications
CHAPTER
2-1
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
2
Device Management: Adding Clean Access
Servers, Adding Filters
This chapter describes how to add and manage Clean Access Servers from the Clean Access Manager
and configure device and/or subnet filters. It contains the following sections.
• Working with Clean Access Servers, page 2-2
• Global and Local Administration Settings, page 2-8
• Global Device and Subnet Filtering, page 2-10
• Integrating Cisco ISE Profiler, page 2-29
The first step in implementing Cisco NAC Appliance is configuring devices in the Clean Access
Manager (CAM)’s administrative domain. Clean Access Servers must be added to the CAM in order to
manage them directly in the web console.
By default, Cisco NAC Appliance forces user devices on the untrusted side of the CAS to authenticate
when attempting to access the network.
User roles, user authentication, user web pages, and traffic policies for In-Band user traffic must be
configured for users on the untrusted network as described in the following chapters:
• Chapter 6, “User Management: Configuring User Roles and Local Users”
• Chapter 7, “User Management: Configuring Authentication Servers”
• Chapter 8, “User Management: Traffic Control, Bandwidth, Schedule”
If deploying Cisco NAC Appliance for Out-of-Band, you will also need to configure the CAM as
described in Chapter 3, “Switch Management: Configuring Out-of-Band Deployment”.
After Cisco NAC Appliance is configured for user traffic on the unstrusted side of your network, you
may need to allow devices on the untrusted side to bypass authentication and posture assessment (for
example printers or VPN concentrators). See Global Device and Subnet Filtering, page 2-10 for how to
configure filters in the Clean Access Manager for these kinds of devices.