Cisco Cisco Clean Access 3.5
3-10
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 3 Device Management: Adding Clean Access Servers, Adding Filters
Global Device and Subnet Filtering
Device Filters and IPSec/L2TP/PPTP Connections to CAS
Devices allowed in the MAC filter list cannot establish IPSec/L2TP/PPTP connections to the Clean
Access Server (CAS). Only users logging in via web login or Clean Access Agent can establish
IPSec/L2TP/PPTP connections to the CAS.
Access Server (CAS). Only users logging in via web login or Clean Access Agent can establish
IPSec/L2TP/PPTP connections to the CAS.
See “User Traffic Encryption” in the Cisco Clean Access Server Installation and Administration Guide
for how to configure secure connections between the Clean Access Server and the end user device.
for how to configure secure connections between the Clean Access Server and the end user device.
Device Filters and Gaming Ports
To allow gaming services, such as Microsoft Xbox Live, it is recommended to create a gaming user role
and to add a filter for the device MAC addresses (under Device Management > Filters > Devices >
New) to place the devices into that gaming role. You can then create traffic policies for the role to allow
traffic for gaming ports. For additional details, see:
and to add a filter for the device MAC addresses (under Device Management > Filters > Devices >
New) to place the devices into that gaming role. You can then create traffic policies for the role to allow
traffic for gaming ports. For additional details, see:
•
•
•
Global vs. Local (CAS-Specific) Filters
You can add device/subnet filter policies at a global level, for all Clean Access Servers in the Clean
Access Manager Filters pages, or for a specific Clean Access Server through the CAS management
pages. The CAM stores both types of access filters and distributes the global filter policies to all Clean
Access Servers and the local filter policies to the relevant CAS.
Access Manager Filters pages, or for a specific Clean Access Server through the CAS management
pages. The CAM stores both types of access filters and distributes the global filter policies to all Clean
Access Servers and the local filter policies to the relevant CAS.
Note that for device/subnet filter policies, if a global and local setting conflict, the local setting overrides
any global settings. (Refer to
any global settings. (Refer to
This section describes the forms and the steps to add global access filter policies. See the Cisco Clean
Access Server Installation and Administration Guide for how to add a local access filter policies.
Access Server Installation and Administration Guide for how to add a local access filter policies.
Note
With 3.5(5), the CAM respects the global Device Filters list (not CAS-specific filters) for OOB
deployments.
deployments.
Configure Device Filters
This section describes the following:
•
•
•
•