Cisco Cisco Clean Access 3.5
10-3
Cisco Clean Access Server Installation and Administration Guide
OL-7045-01
Chapter 10 Local Clean Access Settings
Clear Certified Devices
Clear Certified Devices
Devices are added to the Certified Devices list by the Clean Access Server and are considered clean until
removed from the list.
removed from the list.
If a certified device is moved from one CAS to another, it must go through Clean Access certification
again for the new CAS unless it has been manually added as an exempt device at the global level for all
CASes. This allows for the case where one CAS has more restrictive Clean Access requirements than
another.
again for the new CAS unless it has been manually added as an exempt device at the global level for all
CASes. This allows for the case where one CAS has more restrictive Clean Access requirements than
another.
The CAM maintains the central Certified Devices list, which stores device information according to the
certifying Clean Access Server. The CAM then publishes each Clean Access Server’s certified devices
to the appropriate CAS as well as any globally exempt devices to all Clean Access Servers.
certifying Clean Access Server. The CAM then publishes each Clean Access Server’s certified devices
to the appropriate CAS as well as any globally exempt devices to all Clean Access Servers.
Though devices can only be certified and added to the list per CAS, you can remove certified devices
globally from all Clean Access Servers or locally from a particular CAS. Clearing certified devices
means you want to force the devices to repeat the Clean Access scanning/requirement checking.
globally from all Clean Access Servers or locally from a particular CAS. Clearing certified devices
means you want to force the devices to repeat the Clean Access scanning/requirement checking.
•
Global level (auto) — You can clear the list at regular intervals using the Certified Devices Timer
form (Device Management > Clean Access > Certified Devices > Timer)
form (Device Management > Clean Access > Certified Devices > Timer)
•
Global level (manual) — You can manually clear the Certified Device list using the global form
Device Management > Clean Access > Certified Devices.
Device Management > Clean Access > Certified Devices.
•
Local level (manual) — You can manually clear certified devices for a specific Clean Access Server
using the local form Device Management > CCA Servers > Manage [CAS_IP] > Filter > Clean
Access > Certified Devices
using the local form Device Management > CCA Servers > Manage [CAS_IP] > Filter > Clean
Access > Certified Devices
Note
•
Clearing the Certified Device list either manually or automatically also logs the user off the network.
•
Removing a user from Monitoring > Online Users > View Online Users does not remove the client
from the Certified Devices list. This allows the user to log in again without forcing the client device
to go through the Clean Access certification process when it is still considered clean.
from the Certified Devices list. This allows the user to log in again without forcing the client device
to go through the Clean Access certification process when it is still considered clean.
To manually clear devices from the list for a specific Clean Access Server:
1.
Go to Device Management > CCA Servers > Manage [CAS_IP] > Filter > Clean Access >
Certified Devices (see
Certified Devices (see
2.
Click Clear Exempt to remove the devices that were added manually (using Add Exempt).
3.
Click Clear Certified to remove the devices that were added to the list by meeting the Clean Access
criteria.
criteria.
4.
Click Clear All to remove both types.
5.
Remove individual users by selecting the checkbox next to the user’s MAC address and clicking the
Kick Individual User (
Kick Individual User (
) button.
Note
Only certified devices for the particular CAS will appear in the local list. To view certified devices for
all Clean Access Servers, go to Device Management > Clean Access.
all Clean Access Servers, go to Device Management > Clean Access.