Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

621

622

623

624

625

626

627

628

629

630

14-63

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 14 Administering the CAM

Backing Up the CAM Database

For high-availability pairs, Authorization settings are not automatically passed from the HA-Primary

CAM/CAS to the HA-Secondary when deployed as a high-availability pair. You can also use the

following procedure to populate the Authorization settings on an HA-Secondary CAM/CAS to ensure

both appliances in the HA-pair share exactly the same Authorization and certificate trust store settings

and list of Authorized Clean Access Servers (or Clean Access Managers if backing up an HA-Primary

Clean Access Server).

Note If you have a large CAS deployment managed from a single CAM, this procedure can save considerable

time when configuring the secondary CAM.

Table 14-2 lists the files typically found in the /root/.perfigo/ directory (depending on your particular

configuration).

To back up CAM/CAS Authorization and certificate trust store settings and upload them to a redundant

or HA-Secondary CAM/CAS:

Step 1 Telnet or SSH to the command line interface of the primary CAM/CAS, navigate to the /root/.perfigo/

directory, and view the contents of the /root/.perfigo/ directory:

[root@cam1]# cd /root/

[root@cam1]# cd .perfigo/

[root@cam1]# ls -l

-rw-r--r-- 1 root root 0 Jul 21 11:09 auth_nac_en.txt

-rw-r--r-- 1 root root 80 Jul 21 11:09 auth_nac.txt

-rw-r--r-- 1 root root 16 Jul 21 11:09 auth_warn_nac_en.txt

-rw-r--r-- 1 root root 1346 Jul 20 21:49 caCerts

Step 2 Create the tar file to upload. You will need to specify a file name (for example, “authorization.tar.gz”).

[root@cam1]# tar cvzf authorization.tar.gz *

auth_nac_en.txt

auth_nac.txt

auth_warn_nac_en.txt

caCerts

Table 14-2 Authorization Backup Files

File Name Description

auth_nac_en.txt If this file is present in the CAM/CAS’s /root/.perfigo/ directory, the

CAM/CAS has enabled the Authorization feature.

auth_nac.txt This file contains the actual Clean Access Manager or Clean Access Server

Authorization entries that populate the Authorized CCA Servers/Authorized

CCA Managers lists on the CAM Device Management > CCA Servers >

Authorization web console page or CAS Device Management >

Authorization web console page.

auth_warn_nac_en.txt If this file is present in the CAM/CAS’s /root/.perfigo/ directory, the

CAM/CAS has enabled the Test CCA Server Authentication option and is

logging Authorization operations as SSL Certificate events.

caCerts This file contains the collection of end entity certificates on the CAM/CAS.