Cisco Cisco Clean Access 3.5
3-7
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 3 Device Management: Adding Clean Access Servers, Adding Filters
Global and Local Administration Settings
•
If the connection between the CAS and CAM is broken at the time the CAS is deleted, active users
will be able to continue accessing the network until the connection is reestablished. This is because
the CAM cannot delete the CAS’s configuration immediately. New users will be unable to log into
the network.
will be able to continue accessing the network until the connection is reestablished. This is because
the CAM cannot delete the CAS’s configuration immediately. New users will be unable to log into
the network.
Global and Local Administration Settings
The CAM web admin console has the following types of settings:
•
Clean Access Manager administration settings are relevant only to the CAM itself. These include
its IP address and host name, SSL certificate information, and High-Availability (failover) settings.
its IP address and host name, SSL certificate information, and High-Availability (failover) settings.
•
Global administration settings are set in the Clean Access Manager and pushed from the CAM to
all Clean Access Servers. These include authentication server information, global device/subnet
filter policies, user roles, and Clean Access configuration.
all Clean Access Servers. These include authentication server information, global device/subnet
filter policies, user roles, and Clean Access configuration.
•
Local administration settings are set in the CAS management pages for a Clean Access Server and
apply only to that CAS. These include CAS network settings, SSL certificates, DHCP and 1:1 NAT
configuration, VPN concentrator configuration, IPSec key changes, local traffic control policies,
and local device/subnet filter policies.
apply only to that CAS. These include CAS network settings, SSL certificates, DHCP and 1:1 NAT
configuration, VPN concentrator configuration, IPSec key changes, local traffic control policies,
and local device/subnet filter policies.
The global or local scope of a setting is indicated in the Clean Access Server column in the web admin
console, as shown in
console, as shown in
Figure 3-3
Scope of Settings
•
GLOBAL—The entry was created using a global form in the CAM web admin console and applies
to all Clean Access Servers in the CAM’s domain.
to all Clean Access Servers in the CAM’s domain.
•
<IP Address>—The entry was created using a local form from the CAS management pages and
applies only for the CAS with this IP address.
applies only for the CAS with this IP address.
In general, pages that display global settings (referenced by GLOBAL) also display local settings
(referenced by CAS IP address) for convenience. These local settings can usually be edited or deleted
from global pages; however, they can only be added from the local CAS management pages for a
particular Clean Access Server.
(referenced by CAS IP address) for convenience. These local settings can usually be edited or deleted
from global pages; however, they can only be added from the local CAS management pages for a
particular Clean Access Server.
Global and Local Settings
Global (defined in CAM for all CASes) and local (CAS-specific) settings often coexist on the same CAS.
If a global and local setting conflict, the local setting always overrides the global setting. Note the
following:
If a global and local setting conflict, the local setting always overrides the global setting. Note the
following:
•
For device/subnet filter policies (in which authentication requirements can be bypassed), local
(CAS-specific) settings override global (CAM) settings.
(CAS-specific) settings override global (CAM) settings.
scope
indicators