Specifications
2-6
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 2 Device Management: Adding Clean Access Servers, Adding Filters
Working with Clean Access Servers
Note If you use the Authorization feature in a CAM HA-pair, follow the guidelines in Backing Up and
Restoring CAM/CAS Authorization Settings, page 14-62 to ensure you are able to exactly duplicate your
Authorization settings from one CAM to its high availability counterpart.
Enable Authorization and Specify Authorized Clean Access Servers
To enable authorization and specify CASs authorized to communicate with the CAM:
Step 1 Go to Device Management > Clean Access Servers > Authorization (Figure 2-3).
Figure 2-3 Device Management > Clean Access Servers > Authorization
Step 2
Click Enable CCA Server Authorization to turn on the Cisco NAC Appliance authorization feature.
Warning
Do not click the Enable CCA Server Authorization option without also entering one or more full
distinguished names of CASs you want to authorize to communicate securely with the CAM. If you
enable this feature and have not specified any CAS distinguished names, you will not be able to
communicate with any of the CASs in your network.
Step 3 Click the plus icon “+” and enter the full distinguished name of a CAS you want to authorize to
communicate securely with the CAM. For example, enter a text string like “CN=110.21.5.123, OU=cca,
O=cisco, L=sj, ST=ca, C=us” in the Distinguished Name field.
Note Distinguished names require exact syntax. Therefore, Cisco recommends copying the CAS DN from the
top of the list of entries in the Administration > SSL > X509 Certificate CAS web console page and
pasting it into the CAM’s Authorization page to ensure you specify the exact name for the CAS on the
CAM.