Cisco Cisco Clean Access 3.5
3-9
Cisco Clean Access Server Installation and Administration Guide
OL-7045-01
Chapter 3 Install the Clean Access Server
Perform the Initial Configuration
A Management VLAN identifier is a default VLAN identifier that is added to a packet if it does not
have its own VLAN identifier or if the identifier was originally stripped by the adjacent interface.
The setting at the prompt applies to traffic passing from the untrusted network to the trusted
network.
have its own VLAN identifier or if the identifier was originally stripped by the adjacent interface.
The setting at the prompt applies to traffic passing from the untrusted network to the trusted
network.
Figure 3-4
Eth0 Egress Packets with Management VLAN ID Tagging
Note
•
In most cases, enabling Management VLAN tagging is not needed. You should only enable it if you
are sure it is necessary. If you choose not to enable it at this time, you can change the option later in
the console or by using the
are sure it is necessary. If you choose not to enable it at this time, you can change the option later in
the console or by using the
service perfigo config
CLI command.
•
Also note that faulty VLAN settings can render the Clean Access Server unreachable from the Clean
Access Manager, so be sure to use care when configuring VLAN settings.
Access Manager, so be sure to use care when configuring VLAN settings.
8.
Next configure the untrusted interface. This is the interface to the untrusted (managed) network. At
the prompt press enter to specify the address of the untrusted interface (eth1) and type the IP address
you want to use for the interface. Unless deploying the Clean Access Server in a bridge (Virtual
gateway) configuration, the trusted and untrusted interfaces must be on separate subnets.
the prompt press enter to specify the address of the untrusted interface (eth1) and type the IP address
you want to use for the interface. Unless deploying the Clean Access Server in a bridge (Virtual
gateway) configuration, the trusted and untrusted interfaces must be on separate subnets.
9.
Type the network mask of the IP address of the untrusted interface or confirm the default,
255.255.255.0.
255.255.255.0.
10.
Enter the default gateway address for the untrusted interface:
–
If the Clean Access Server will act as a Real-IP gateway or NAT gateway, this should be the IP
address of the CAS’s untrusted interface eth1).
address of the CAS’s untrusted interface eth1).
–
If the Clean Access Server will act as a Virtual gateway (i.e., a bridge), this can be the same
default gateway address used for the trusted side.
default gateway address used for the trusted side.
11.
Now configure the VLAN behavior for traffic passing from the untrusted to the trusted network.
Enter
Enter
y
to enable VLAN ID passthrough for traffic from the untrusted network (by default, VLAN
IDs are stripped from traffic passing through the interface).
eth0
eth1
Trusted network
Untrusted network
Mgmt
ID
Mgmt
ID
packet
Clean Access
Server