Specifications
14-31
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 14 Administering the CAM
Policy Import/Export
Step 2 Identify the CAM you want to designate as the Policy Sync Master.
Step 3 Make sure the following are properly configured on the designated Master CAM before you begin:
• Cisco NAC Appliance Updates
• User roles
• Traffic policies and session timers for the user roles
• Agent rules, requirements, rule-requirement mappings and requirement-role mappings
• Device filters (role/check and allow/deny/ignore)
• For OOB deployments, make sure the Master CAM is configured properly for OOB, including Port
and VLAN profile configuration. If the Master CAM is not configured for OOB, but a Receiver
CAM is, make sure not to push OOB policies from the Master CAM, or you will lose the OOB
policies on the Receiver.
• Agent Login/Distribution/Installation properties for Master CAM user roles/operating systems.
Note that these settings are not exported by Policy Sync. You will need to configure these settings
on the Receiver CAMs for any new roles added by Policy Sync.
Step 4 Verify that the policies on the CAMs you want to designate as Receivers can be overwritten by Policy
Sync.
Enable Policy Sync on the Master
Step 1 From the web console of the Clean Access Manager you want to designate as the Policy Sync Master,
go to Administration > CCA Manager > Policy Sync > Enable (Figure 14-14).
Figure 14-14 Enabling Policy Sync on the Master CAM
Step 2 Click the checkbox for Enable Policy Sync.
Step 3 Click the radio button for Master (Allow policy export).
Step 4 Click Update. This sets the current CAM as the Policy Sync Master and enables the Configure Master,
Manual Sync and Auto Sync pages for this CAM (disabling the Configure Receiver page).