Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
61626364656667686970
2-18
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 2 Device Management: Adding Clean Access Servers, Adding Filters
Global Device and Subnet Filtering
For device filter policies specifying a range of MAC addresses where two or more policies potentially
affect the same MAC address, the priority of the policy (in Device Management > Filters > Devices >
Order) determines which global or local policy to enforce. However, any device filter specifying an
individual MAC address takes precedence over a filter policy (either global or local) defining a range of
addresses that includes the individual MAC address.
See Global and Local Administration Settings, page 2-8 for more information.
This section describes the forms and the steps to add global access filter policies. See the Cisco NAC
Appliance - Clean Access Server Configuration Guide, Release 4.9(x) for how to add local access filter
policies.
Note The CAM prioritizes the global Device Filters list (not CAS-specific filters) for OOB deployments.
Global Device Filter Lists from Cisco NAC Profiler
To create and manage large numbers of non-user endpoint devices, such as network printers, IP phones,
UPS devices, HVAC sensors, and wireless access controllers, you can deploy Cisco NAC Profiler. The
Cisco NAC Profiler system enables you to automatically discover, categorize, and monitor hundreds or
even thousands of endpoints for which user authentication and/or posture assessment does not apply.
The Cisco NAC Profiler solution consists of two primary components:
Cisco NAC Profiler Server—The Cisco NAC Profiler Server manages the Cisco NAC Profiler
Collector component enabled on each Clean Access Server. The Cisco NAC Profiler Server
populates entries on the CAM’s global device filter list (Device Management > Filters > Devices
> List) for the endpoints it profiles and monitors. Clicking the Description link for a Profiler entry
brings up the NAC Profiler Server’s Endpoint Summary data right inside the CAM web console, as
shown in Figure 2-5 and Figure 2-6. The Cisco NAC Profiler Server is configured and managed via
its own web console interface, as described in the Cisco NAC Profiler Installation and Configuration
Guide.
Cisco NAC Profiler Collector—The Cisco NAC Profiler Collector is a service that can be enabled
on a NAC-3310 or NAC-3350 Clean Access Server running Release 4.1(3) or later. You must
purchase a Cisco NAC Profiler Server appliance and obtain and install Cisco NAC Profiler/Collector
licenses on the Cisco NAC Profiler Server to deploy the Cisco NAC Profiler solution. See the “CLI
Commands for Cisco NAC Profiler” section of the Cisco NAC Appliance Hardware Installation
Guide for details.
Note Refer to the Release Notes for Cisco NAC Profiler for release compatibility information.