Cisco Cisco Clean Access 3.5

Devices allowed in the MAC filter list cannot establish IPSec/L2TP/PPTP connections to the Clean 
Access Server (CAS). Only users logging in via web login or Clean Access Agent can establish 
IPSec/L2TP/PPTP connections to the CAS.

See “User Traffic Encryption” in the Cisco Clean Access Server Installation and Administration Guide 
for how to configure secure connections between the Clean Access Server and the end user device.

To allow gaming services, such as Microsoft Xbox Live, it is recommended to create a gaming user role 
and to add a filter for the device MAC addresses (under Device Management > Filters > Devices > 
New) to place the devices into that gaming role. You can then create traffic policies for the role to allow 
traffic for gaming ports. For additional details, see:

 

You can add device/subnet filter policies at a global level, for all Clean Access Servers in the Clean 
Access Manager Filters pages, or for a specific Clean Access Server through the CAS management 
pages. The CAM stores both types of access filters and distributes the global filter policies to all Clean 
Access Servers and the local filter policies to the relevant CAS. 

Note that for device/subnet filter policies, if a global and local setting conflict, the local setting overrides 
any global settings. (Refer to 

This section describes the forms and the steps to add global access filter policies. See the Cisco Clean 
Access Server Installation and Administration Guide for how to add a local access filter policies. 

With 3.5(5), the CAM respects the global Device Filters list (not CAS-specific filters) for OOB 
deployments. 

This section describes the following: