Specifications
3-8
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 3 Switch Management: Configuring Out-of-Band Deployment
Deployment Modes
Figure 3-3 Out-of-Band VGW Mode: Catalyst 6500 Series Example
Flow for OOB VGW Mode
1. The unauthenticated user connects the client machine to the network through an access layer switch.
2. The switch sends MAC notification or linkup/linkdown SNMP traps for the client to the CAM.
Because the client is not on the Certified Devices List/Online Users list yet, the CAM sends an
SNMP SET trap to the switch instructing it to change the client port to the Auth VLAN specified in
the Port Profile (100), and the CAM places the client on the Out-of-Band Wired Clients list (OOB
Management > Devices > Discovered Clients > Wired Clients).
650X L2/L3
Switch/Router
Clean Access
Server
(VGW, with VLAN
mapping)
VLAN Trunk
(Access)
VLAN Trunk
(Auth)
Clean Access
Manager
VLAN Trunk
(Auth, Access)
VLAN Trunk
VLAN Trunk (Auth)
Auth VLAN
Auth VLAN port
650x (L2) forwards Auth VLAN traffic
(650x (L3) routes Access VLAN traffic)
Clean Access Server VLAN Mapping = untrusted trusted
VLAN Trunk
(Auth, Access)
Client Client
183455
Edge
Switch
Edge
Switch
VLAN 10, 100 VLAN 20, 200
VLAN 10, 20 VLAN 100, 200
Trusted Untrusted
Access VLAN: 10
Auth VLAN: 100
Access VLAN: 20
Auth VLAN: 200
e.g. 100 10