Cisco Cisco Clean Access 3.5

The Port profile determines whether a port is controlled or uncontrolled, which authentication and access 
VLANs to use when switching the client port, and other behavior for the port (see 

). 

There are four types of port profiles for switch ports (shown in 

):

Unmanaged – For uncontrolled switch ports that are not connected to clients (such as printers, 
servers, switches, etc.). This is typically the default Port profile.

Managed with Auth VLAN/Default Access VLAN – Controls client ports using the Auth VLAN and 
Default Access VLAN defined in the Port profile.

Managed with Auth VLAN/User Role VLAN – Controls client ports using the Auth VLAN defined 
in the Port profile and the Access VLAN defined in the user role (see 

Managed with Auth VLAN/ Initial Port VLAN– Controls client ports using the Auth VLAN defined 
in the Port profile and the Access VLAN defined as the initial port VLAN of the switch port. 

Regular switch ports that are not connected to clients use the unmanaged Port profile. Client-connected 
switch ports use managed Port profiles. When a client connects to a managed port, the port is set to the 
authentication VLAN. After the client is authenticated and certified, the port is set to the access VLAN 
specified in the Port profile (Default Access VLAN, or User Role VLAN, or Initial Port VLAN). 

In OOB Real-IP/NAT gateway modes, the CAM enables port bouncing to help clients acquire a new IP 
address after successful authentication and certification. In OOB Virtual Gateway mode, port bouncing 
is not necessary as the client uses the same IP address after successful authentication and certification.