Cisco Cisco Clean Access 3.5

Almost all the CAM/CAS configuration for Cisco Clean Access Out-of-Band deployment is done 
directly in the Switch Management module of the web admin console. Apart from the Switch 
Management module configuration, OOB setup is almost exactly the same as traditional in-band setup, 
except for the following differences:

Choose an Out-of-Band gateway type when you add your Clean Access Server(s). 

When you apply an Out-of-Band (Switch Management) enabled license to a Clean Access 
deployment, three additional Server Types will appear in the dropdown menu to add a new Clean 
Access Server (see 

Out-of-Band Virtual Gateway

Out-of-Band Real-IP Gateway

Out-of-Band NAT Gateway 

The Clean Access Manager can control both in-band and out-of-band CASes in its domain. 
However, the Clean Access Server itself must be either in-band or out-of-band. 

NAT Gateway mode (In-Band or OOB) is not recommended for production deployment.

For Virtual Gateway (In-Band or OOB), it is recommended to connect the untrusted interface (eth1) 
of the CAS to the switch only after the CAS has been added to the CAM via the web console. 

For Virtual Gateway with VLAN mapping (In-Band or OOB), the untrusted interface (eth1) of the 
CAS should not be connected to the switch until VLAN mapping has been configured correctly 
under Device Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping. 
See the Cisco Clean Access Server Installation and Administration Guide for details. 

License-enabled

dropdown