Cisco Cisco NAC Appliance 4.1.0
1-7
Cisco NAC Appliance - Clean Access Server Installation and Administration Guide
OL-12213-01
Chapter 1 Introduction
Global vs. Local Administration Settings
Global vs. Local Administration Settings
The Clean Access Manager web admin console has the following types of settings:
•
Clean Access Manager administration settings are relevant only to the Clean Access Manager.
These include its IP address and host name, SSL certificate information, and High-Availability
(failover) settings.
These include its IP address and host name, SSL certificate information, and High-Availability
(failover) settings.
•
Global administration settings are set from the Clean Access Manager and applied to all Clean
Access Servers. These include authentication server information, global device/subnet filter
policies, user roles, and Cisco Clean Access configuration.
Access Servers. These include authentication server information, global device/subnet filter
policies, user roles, and Cisco Clean Access configuration.
•
Local administration settings are set in the CAS management pages of the admin console and
apply only to that Clean Access Server. These include CAS network settings, SSL certificates, VPN
concentrator integration, DHCP and 1:1 NAT configuration, IPSec key changes, local traffic control
policies, and local device/subnet filter policies.
apply only to that Clean Access Server. These include CAS network settings, SSL certificates, VPN
concentrator integration, DHCP and 1:1 NAT configuration, IPSec key changes, local traffic control
policies, and local device/subnet filter policies.
The global or local scope of a setting is indicated in the Clean Access Server column in the web admin
console, as shown in
console, as shown in
Figure 1-3
Scope of Settings
•
GLOBAL — The entry was created using a global form in the CAM web admin console and applies
to all Clean Access Servers in the CAM’s domain.
to all Clean Access Servers in the CAM’s domain.
•
<IP Address> — The entry was created using a local form from the CAS management pages and
applies only for the Clean Access Server with this IP address.
applies only for the Clean Access Server with this IP address.
In most cases, global settings are added, edited, and deleted from the global forms used to create them,
and local settings are added, edited, and deleted from the local forms used to create them.
and local settings are added, edited, and deleted from the local forms used to create them.
Some pages may display global settings (referenced by GLOBAL) and local settings (referenced by IP
address) for convenience. Usually, the local settings may be edited or deleted from the global pages but
can be added only from the local CAS management pages for a particular CAS.
address) for convenience. Usually, the local settings may be edited or deleted from the global pages but
can be added only from the local CAS management pages for a particular CAS.
Priority of Settings
Global (defined in CAM for all CASes) and local (CAS-specific) settings often coexist on the same CAS.
If a global and local setting conflict, the local setting always overrides the global setting. Note the
following:
If a global and local setting conflict, the local setting always overrides the global setting. Note the
following:
•
For device/subnet filter policies (in which authentication requirements can be bypassed), local
(CAS-specific) settings override global (CAM) settings.
(CAS-specific) settings override global (CAM) settings.
•
For other settings, such as traffic control policies, the priority of the policy (higher or lower)
determines which global or local policy is enforced.
determines which global or local policy is enforced.
Scope
indicators