Cisco Cisco NAC Appliance 4.1.0
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 4 Switch Management: Configuring Out-of-Band (OOB) Deployment
Configure OOB Switch Management in the CAM
IP— IP address of the client
Switch— IP of the originating managed switch. Clicking the IP address brings up the Switch
Management > Devices > Switch [IP] > Config > Basic page for the switch.
Management > Devices > Switch [IP] > Config > Basic page for the switch.
Switch Port—Switch port of the client. Clicking the port number brings up the Switch
Management > Devices > Switch [IP] > Ports configuration page for the switch.
Management > Devices > Switch [IP] > Ports configuration page for the switch.
Auth VLAN—Authentication (quarantine) VLAN
A value of “N/A” in this column indicates that either the port is unmanaged or the VLAN ID
for this MAC address is unavailable from the switch.
for this MAC address is unavailable from the switch.
Access VLAN—Access VLAN of the client.
A value of “N/A” in this column indicates the Access VLAN ID is unavailable for the client.
For example, if the user is switched to the Auth VLAN but has never successfully logged into
Cisco NAC Appliance (due to wrong user credentials), this machine will never have been to the
Access VLAN.
For example, if the user is switched to the Auth VLAN but has never successfully logged into
Cisco NAC Appliance (due to wrong user credentials), this machine will never have been to the
Access VLAN.
Last Update—The last time the CAM updated the information of the entry.
See
Manage Switch Ports
Switch ports that are not connected to clients typically use the unmanaged port profile. Switch ports
connected to clients use managed port profiles. After switch ports are configured and the settings are
saved by clicking the “Update” button, the switch ports need to be initialized by clicking the “Setup”
button when the switch supports mac-notification.
connected to clients use managed port profiles. After switch ports are configured and the settings are
saved by clicking the “Update” button, the switch ports need to be initialized by clicking the “Setup”
button when the switch supports mac-notification.
Cisco NAC Appliance provides OOB support for Cisco IP Phone deployments where the port is a trunk
port and the native VLAN is the data VLAN. The CAM can manage switch trunk ports in addition to
switch access ports.
port and the native VLAN is the data VLAN. The CAM can manage switch trunk ports in addition to
switch access ports.
Note
Because Cisco NAC Appliance can control switch trunk ports for OOB (starting from release 3.6(1)+),
make sure the uplink ports for managed switches are configured as “uncontrolled” ports after upgrade.
This can be done in one of two ways:
make sure the uplink ports for managed switches are configured as “uncontrolled” ports after upgrade.
This can be done in one of two ways:
•
Before upgrading, change the Default Port Profile for the entire switch to “uncontrolled” under
Switch Management > Devices > Switches > List > Config[Switch_IP] > Default Port Profile |
uncontrolled, or
Switch Management > Devices > Switches > List > Config[Switch_IP] > Default Port Profile |
uncontrolled, or
•
After upgrading, change the Profile to “uncontrolled” for the applicable uplink ports of the switch
under Switch Management > Devices > Switches > List > Ports [Switch_IP] | Profile
under Switch Management > Devices > Switches > List > Ports [Switch_IP] | Profile
This prevents unnecessary issues when the Default Port Profile for the switch has been configured as a
managed/controlled port profile.
managed/controlled port profile.
Ports Tab
The Ports and Config tabs only appear after a switch is added to the Switch Management > Devices >
Switches > List. When the Ports tab first appears (
Switches > List. When the Ports tab first appears (
), one entry per Ethernet port
displays and corresponding fields for the entry are populated according to the information the Clean
Access Manager receives from direct SNMP queries. For example, if a switch added to the CAM has 24
Access Manager receives from direct SNMP queries. For example, if a switch added to the CAM has 24