Cisco Cisco Clean Access 3.5
4-27
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 4 Switch Management and Cisco Clean Access Out-of-Band (OOB)
Configure OOB Switch Management in the CAM
•
Administrator removes user
You can additionally configure the following options:
12.
Remove out-of-band online user when SNMP linkdown trap is received
Click this checkbox to ensure an Access VLAN client is removed from the OOB online user list
when disconnecting or reconnecting to same port. (See
when disconnecting or reconnecting to same port. (See
for details on linkdown
traps.)
–
If checked, and the client is on the Certified List, when the client disconnects (causing a
linkdown trap to be sent) then reconnects to the port, the client is put on the VLAN configured
in the Change to [Auth VLAN | Access VLAN] if the device is certified, but not in the
out-of-band user list setting.
linkdown trap to be sent) then reconnects to the port, the client is put on the VLAN configured
in the Change to [Auth VLAN | Access VLAN] if the device is certified, but not in the
out-of-band user list setting.
–
If unchecked, and the client is on the Certified List, the client remains on the OOB online user
list when disconnecting/reconnecting to the network and remains on the same Access VLAN.
list when disconnecting/reconnecting to the network and remains on the same Access VLAN.
–
If unchecked, and the client is not on the Certified List, the client will be switched to the Auth
VLAN the next time the client connects to the network.
VLAN the next time the client connects to the network.
13.
Remove out-of-band online user without bouncing the port (release 3.5.7+)
This option is intended to prevent bouncing of a switch port when a client machine is connected to
the switch port through a VoIP phone. The feature allows Cisco Clean Access to
authenticate/assess/quarantine/remediate a client machine (laptop/desktop) without affecting the
operation of a VoIP phone connected to the switch port. When this option is checked for OOB
Virtual Gateways, the client port will not be bounced when:
the switch port through a VoIP phone. The feature allows Cisco Clean Access to
authenticate/assess/quarantine/remediate a client machine (laptop/desktop) without affecting the
operation of a VoIP phone connected to the switch port. When this option is checked for OOB
Virtual Gateways, the client port will not be bounced when:
–
Users are removed from the Out-of-Band Online Users List, or
–
Devices are removed from the Certified Devices list
Instead, the port Access VLAN will be changed to the Auth VLAN.
14.
Click Add to add the port profile to the Switch Management > Profiles > Port > List.
Note
For release 3.5(9) and above, the following options are removed from the Port Profile page:
•
Switch to Default Auth VLAN if the device is not certified.
•
Switch to [Default Access VLAN | User Role VLAN | Initial Port VLAN] if the device is certified
and in the out-of-band user list.
and in the out-of-band user list.
See
for further details on Port profiles and the Ports config page.
See
for further details on monitoring online users.