Specifications

2-8

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 2 Device Management: Adding Clean Access Servers, Adding Filters

Global and Local Administration Settings

Reboot the Clean Access Server

You can perform a graceful reboot of a Clean Access Server by clicking the Reboot icon in the List of

Servers tab. In a graceful reboot, the Clean Access Server performs all normal shutdown procedures

before restarting, such as writing logging data to disk.

Remove the Clean Access Server from the Managed Domain

Deleting a Clean Access Server in the List of Servers tab removes it from the List of Servers and the

system. To remove a Clean Access Server, click the Delete icon next to the CAS. In order to reuse a

Clean Access Server that you have deleted, you have to re-add it to the Clean Access Manager.

Note that when the Clean Access Server is removed, any secondary configuration settings specific to the

CAS are deleted. Secondary settings are settings that are not configured at installation time or through

the

service perfigo config script, and include policy filters, traffic routing, and encryption

parameters.

Settings that are configured at installation time, such as interface addresses, are kept on the Clean Access

Server and are restored if the CAS is later re-added to the CAM’s administrative domain.

Removing an active CAS has the following effect on users accessing the network through the CAS at the

time it is deleted:

• If the CAS and CAM are connected when the CAS is deleted, the network connections for active

users are immediately dropped. Users are no longer able to access the network. (This is because the

CAM is able to delete the CAS’s configuration immediately, so that the IP addresses assigned to

active users are no longer valid in relation to any security policies applicable to the CASs.) New

users will be unable to log into the network.

• If the connection between the CAS and CAM is broken at the time the CAS is deleted, active users

will be able to continue accessing the network until the connection is reestablished. This is because

the CAM cannot delete the CAS’s configuration immediately. New users will be unable to log into

the network.

Troubleshooting when Adding the Clean Access Server

See “Troubleshooting when Adding the Clean Access Server” in the Cisco NAC Appliance - Clean

Access Server Configuration Guide, Release 4.9(x) for troubleshooting details.

Global and Local Administration Settings

The CAM web admin console has the following types of settings:

• Clean Access Manager administration settings are relevant only to the CAM itself. These include

its IP address and host name, SSL certificate information, and High-Availability (failover) settings.

• Global administration settings are set in the Clean Access Manager and pushed from the CAM to

all Clean Access Servers. These include authentication server information, global device/subnet

filter policies, user roles, and Cisco NAC Appliance configuration.