Cisco Cisco Clean Access 3.5
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
4-44
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 4 Switch Management and Cisco Clean Access Out-of-Band (OOB)
Out-of-Band User List Summary
Out-of-Band User List Summary
For additional details, see also
and
Table 4-3
Out-of-Band User List Summary
User List
Description
In-Band Online Users
•
The In-Band Online Users list (
) tracks the in-band users logged
into the network.
•
The CAM adds a client IP/MAC address (if available) to this list after a user logs into the
network either through web login or the Clean Access Agent.
network either through web login or the Clean Access Agent.
•
Removing a user from this Online Users list logs the user off the in-band network.
Certified List
•
The Certified List (
) lists the MAC addresses of all “certified”
client devices — whether out-of-band or in-band — that have met your Clean Access
requirements.
requirements.
•
The CAM adds a client MAC address to the Certified List after a client device goes through
the Clean Access process and meets Clean Access requirements.
the Clean Access process and meets Clean Access requirements.
•
Removing a client from the Certified List:
–
Removes an in-band user from the In-Band Online Users list
–
Removes an OOB user from the Out-of-Band Online Users list and bounces the port
(with release 3.5(7) and above, port bouncing is optional).
(with release 3.5(7) and above, port bouncing is optional).
Discovered Clients
•
The Discovered Clients list (
) records the activities of out-of-band
clients (regardless of VLAN), based on the SNMP trap information that the CAM receives.
•
The CAM adds a client’s MAC address, originating switch IP address, and switch port
number to the out-of-band Discovered Clients list after receiving SNMP trap information
for the client from the switch. The CAM updates the entry as it receives SNMP trap
information for the client.
number to the out-of-band Discovered Clients list after receiving SNMP trap information
for the client from the switch. The CAM updates the entry as it receives SNMP trap
information for the client.
•
Removing an entry from the Discovered Clients list clears this status information for the
out-of-band client from the CAM. However, note that an entry must exist in the Discovered
Clients list in order for the CAM to determine the switch port for which to change the
VLAN. If the user is logging in at the same time that an entry in the Discovered Clients list
is deleted, the CAM will not be able to detect the switch port.
out-of-band client from the CAM. However, note that an entry must exist in the Discovered
Clients list in order for the CAM to determine the switch port for which to change the
VLAN. If the user is logging in at the same time that an entry in the Discovered Clients list
is deleted, the CAM will not be able to detect the switch port.
Out-of-Band Online
Users
Users
•
The Out-of-Band Online Users list (
) tracks all authenticated
out-of-band users that are on the Access VLAN (on the trusted network).
•
The CAM adds a client MAC address to the Out-of-Band Online Users list after a client is
switched to the Access VLAN.
switched to the Access VLAN.
•
When a user is removed from the Out-of-Band Online Users list, the following occurs:
1.
The CAM bounces the switch port (off and on).
2.
The switch resends SNMP traps to the CAM.
3.
The CAM changes the VLAN of the port according to the Port Profile configuration
associated with this controlled port. The configuration options include:
associated with this controlled port. The configuration options include:
•
Switch to the specified Default Auth VLAN if the device is not certified.
•
Switch to the specified Default Access VLAN ID, user role-specified VLAN ID, or
Initial VLAN ID of the port if the device is certified and in the out-of-band user list.
Initial VLAN ID of the port if the device is certified and in the out-of-band user list.
•
Bounce the port after the VLAN is changed (Real-IP/NAT gateways)