Cisco Cisco NAC Appliance 4.1.0
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 4 Switch Management: Configuring Out-of-Band (OOB) Deployment
Out-of-Band User List Summary
Out-of-Band User List Summary
For additional details, see also
and
Table 4-3
Out-of-Band User List Summary
User List
Description
In-Band
Online Users
Online Users
•
The In-Band Online Users list (
) tracks in-band users logged into the network.
•
The CAM adds a client IP/MAC address (if available) to this list after a user logs into the network either
through web login or the Clean Access Agent.
through web login or the Clean Access Agent.
•
Removing a user from this Online Users list logs the user off the in-band network.
Certified List
•
The Certified List (
) lists the MAC addresses of all “certified” client devices
— whether out-of-band or in-band — that have met your Clean Access requirements.
•
The CAM adds a client MAC address to the Certified List after a client device goes through the Clean
Access process and meets Clean Access requirements.
Access process and meets Clean Access requirements.
•
Removing a client from the Certified List:
Removes an in-band user from the In-Band Online Users list
Removes an OOB user from the Out-of-Band Online Users list (causing the port to be changed from
the Access VLAN to the Auth VLAN) and bounces the port, unless Remove out-of-band online
user without bouncing the port is checked for the Port profile.
the Access VLAN to the Auth VLAN) and bounces the port, unless Remove out-of-band online
user without bouncing the port is checked for the Port profile.
Discovered
Clients
Clients
•
The Discovered Clients list (
) records the activities of out-of-band clients
(regardless of VLAN), based on the SNMP trap information that the CAM receives.
•
The CAM adds a client’s MAC address, originating switch IP address, and switch port number to the
out-of-band Discovered Clients list after receiving SNMP trap information for the client from the switch.
The CAM updates the entry as it receives SNMP trap information for the client.
out-of-band Discovered Clients list after receiving SNMP trap information for the client from the switch.
The CAM updates the entry as it receives SNMP trap information for the client.
•
Removing an entry from the Discovered Clients list clears this status information for the OOB client from
the CAM. However, note that an entry must exist in the Discovered Clients list in order for the CAM to
determine the switch port for which to change the VLAN. If the user is logging in at the same time that
an entry in the Discovered Clients list is deleted, the CAM will not be able to detect the switch port.
the CAM. However, note that an entry must exist in the Discovered Clients list in order for the CAM to
determine the switch port for which to change the VLAN. If the user is logging in at the same time that
an entry in the Discovered Clients list is deleted, the CAM will not be able to detect the switch port.
Out-of-Band
Online Users
Online Users
•
The Out-of-Band Online Users list (
) tracks all authenticated out-of-band
users that are on the Access VLAN (on the trusted network).
•
The CAM adds a client MAC address to the Out-of-Band Online Users list after a client is switched to
the Access VLAN.
the Access VLAN.
•
When a user is removed from the Out-of-Band Online Users list, the CAM instructs the switch to change
the VLAN of the port from the Access VLAN to the Auth VLAN.
the VLAN of the port from the Access VLAN to the Auth VLAN.
•
Additionally, if Bounce the port after VLAN is changed is checked for the Port profile (Real-IP/NAT
gateways), the following occurs:
gateways), the following occurs:
1.
The CAM bounces the switch port (off and on).
2.
The switch resends SNMP traps to the CAM.
3.
The CAM discovers the device connected to the switch port from SNMP mac-notification or linkup
traps received.
traps received.
4.
The port is assigned the Auth VLAN if the device is not certified.
5.
The CAM changes the VLAN of the port according to the Port Profile configuration