Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
591592593594595596597598599600
14-29
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 14 Administering the CAM
Policy Import/Export
VLAN Profiles
Note Cisco recommends that you configure auto update settings on the Master CAM (under Device
Management > Clean Access > Updates > Update) to ensure the Master CAM has the latest Cisco
Updates before you perform a Policy Sync.
Note Policy Sync exports all global device filters created on the Master CAM to the Receiver CAMs. Any
MAC address which is in the Master CAM’s global Device Filter list will be exported, including Cisco
NAC Profiler generated filters. Refer to Global Device and Subnet Filtering, page 2-10 for additional
details.
Note OOB policies should not be selected for Policy Sync if a Master is not configured for OOB, as this will
clear any OOB policies on the Receiver CAM. Refer to Chapter 3, “Switch Management: Configuring
Out-of-Band Deployment” for details on OOB.
Policies Excluded from Policy Sync
Policies/configurations that are not listed under Policy Sync Policies, page 14-28 are not subject to
Policy Sync and are otherwise left alone on the Receiver CAM after a Policy Sync. The following
non-exhaustive list describes the kinds of policies/configurations that are not included for Policy Sync:
Cisco NAC Appliance Agents. The Master and Receiver CAMs retain the Agent versions and Agent
download and distribution policies they already have. You will still need to require use of the Agent
for a role and operating system (e.g. Agent Login/Distribution pages) on each CAM.
Local configuration on the Receiver CAMs such as CAS-specific traffic policies or device filters.
Local policies stay the same on the Receiver CAM and are not removed after a Policy Sync.
OOB switch configurations such as Device Profiles and SNMP Receiver settings.
Agent Updates for Cisco NAC Appliance Agents, OS Detection Fingerprinting, and Switch OIDs
User Login pages, Local Users, or Bandwidth policies associated with a user role.
Subnet filters
Authentication server configurations
Certified Device List or Timers
Network Scanning (Nessus) configuration
Example Scenarios
Master is configured, Receiver is not configured:
For the Master CAM:
Role A is configured with traffic and posture assessment policies
Role A requires use of the Agent
For the Receiver CAM:
No roles are configured