Cisco Cisco Clean Access 3.5
4-17
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 4 Switch Management and Cisco Clean Access Out-of-Band (OOB)
Configure OOB Switch Management in the CAM
Add Out-of-Band Clean Access Servers and Configure Environment
Almost all the CAM/CAS configuration for Cisco Clean Access Out-of-Band deployment is done
directly in the Switch Management module of the web admin console. Apart from the Switch
Management module configuration, OOB setup is almost exactly the same as traditional in-band setup,
except for the following differences:
directly in the Switch Management module of the web admin console. Apart from the Switch
Management module configuration, OOB setup is almost exactly the same as traditional in-band setup,
except for the following differences:
1.
Choose an Out-of-Band gateway type when you add your Clean Access Server(s).
Figure 4-7
Add New OOB Server
When you apply an Out-of-Band (Switch Management) enabled license to a Clean Access
deployment, three additional Server Types will appear in the dropdown menu to add a new Clean
Access Server (see
deployment, three additional Server Types will appear in the dropdown menu to add a new Clean
Access Server (see
–
Out-of-Band Virtual Gateway
–
Out-of-Band Real-IP Gateway
–
Out-of-Band NAT Gateway
The Clean Access Manager can control both in-band and out-of-band CASes in its domain.
However, the Clean Access Server itself must be either in-band or out-of-band.
However, the Clean Access Server itself must be either in-band or out-of-band.
Note
NAT Gateway mode (In-Band or OOB) is not recommended for production deployment.
Note
•
For Virtual Gateway (In-Band or OOB), it is recommended to connect the untrusted interface (eth1)
of the CAS to the switch only after the CAS has been added to the CAM via the web console.
of the CAS to the switch only after the CAS has been added to the CAM via the web console.
•
For Virtual Gateway with VLAN mapping (In-Band or OOB), the untrusted interface (eth1) of the
CAS should not be connected to the switch until VLAN mapping has been configured correctly
under Device Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping.
See the Cisco Clean Access Server Installation and Administration Guide for details.
CAS should not be connected to the switch until VLAN mapping has been configured correctly
under Device Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping.
See the Cisco Clean Access Server Installation and Administration Guide for details.
License-enabled
dropdown