Cisco Cisco NAC Appliance 4.1.0
5-12
Cisco NAC Appliance - Clean Access Server Installation and Administration Guide
OL-12213-01
Chapter 5 Clean Access Server Managed Domain
Configure Network Settings for the CAS
Change Clean Access Server Type
When you add the CAS to the Clean Access Manager, you specify its operating mode: In-Band or
Out-of-Band Real-IP, NAT, or Virtual Gateway. This section describes how to change the Server Type of
the CAS after it has been added to the CAM as a different operating mode.
Out-of-Band Real-IP, NAT, or Virtual Gateway. This section describes how to change the Server Type of
the CAS after it has been added to the CAM as a different operating mode.
Note
You must have an OOB-enabled license to change the CAS from In-Band to Out-of-Band mode.
Switching Between NAT and Real-IP Gateway Modes
To switch between NAT and Real IP Gateway modes, simply make the necessary configuration changes
within the CAM admin console (for example, choose the type in the IP form, configure NAT behavior
and DHCP properties, and so on).
within the CAM admin console (for example, choose the type in the IP form, configure NAT behavior
and DHCP properties, and so on).
Switching Between Virtual Gateway and NAT/ Real-IP Gateway Modes
To switch between Virtual and Real IP/NAT Gateway modes, you will need to change the topology of
the network to reflect the modification. You must also modify the routing table on the upstream router
to reflect the change. For more information on possible topology changes that are required, see
the network to reflect the modification. You must also modify the routing table on the upstream router
to reflect the change. For more information on possible topology changes that are required, see
The general steps for switching between these types are:
1.
Delete the CAS from the list of managed Clean Access Servers in the CAM.
2.
Modify the network topology as appropriate. Change the cable connections to the CAS, if needed.
3.
Access the CAS via SSH console and execute the
service perfigo config
utility to change the IP
address of the CAS (see
). You must change the eth1 IP
address of the CAS.
4.
Ping the CAS from the CAM’s subnet to make sure that the topology is correctly changed.
5.
Add the CAS in the CAM admin console.
6.
Add or re-add managed subnets with the address that the CAS will represent. The managed subnet
entries must specify the CAS as the default gateway for each of the managed subnets.
entries must specify the CAS as the default gateway for each of the managed subnets.
7.
Add static routes in the upstream router for the subnets managed by the CAS.
8.
Change the CAS configuration on the CAM from the Device Management > CCA Servers >
Manage [CAS_IP]> Network page, and Update and Reboot the CAS.
Manage [CAS_IP]> Network page, and Update and Reboot the CAS.
9.
Set up the CAS as either a DHCP server or relay.
10.
Update relevant configuration settings such as certificates.
11.
If changing to an Out-of-Band Real-IP Gateway, make sure to enable Port Bouncing (Switch
Management > Profiles > Port | “Bounce the port after VLAN is changed”) to help Real-IP or
NAT gateway clients get a new IP address after successful authentication and certification.
Management > Profiles > Port | “Bounce the port after VLAN is changed”) to help Real-IP or
NAT gateway clients get a new IP address after successful authentication and certification.