IBM Tivoli and Cisco 사용자 설명서
Appendix A. Hints and tips
455
Client logging can be turned on by setting the debug property to
true
in the
%SCM_HOME%\client\client.pref file. When turned on, a file called client.log is
created and updated in the %SCM_HOME/client directory. This file displays any
notification received from the network.
created and updated in the %SCM_HOME/client directory. This file displays any
notification received from the network.
Remediation handler
When the Security Compliance Manager client is started, it automatically starts
the remediation handler. Log messages from the remediation handler appear in
the Security Compliance Manager Client’s client.log file.
the remediation handler. Log messages from the remediation handler appear in
the Security Compliance Manager Client’s client.log file.
NAC Appliance details
Cisco NAC Appliance is a network-centric integrated solution administered from
the Clean Access Manager Web console and enforced through the Clean Access
Server and the Clean Access Agent. Cisco NAC Appliance checks client
systems, enforces network requirements, distributes patches and antivirus
software, and quarantines vulnerable or infected clients for remediation before
clients access the network.
the Clean Access Manager Web console and enforced through the Clean Access
Server and the Clean Access Agent. Cisco NAC Appliance checks client
systems, enforces network requirements, distributes patches and antivirus
software, and quarantines vulnerable or infected clients for remediation before
clients access the network.
Cisco NAC Appliance components
The following is a list of the NAC Appliance components.
Clean Access Manager (CAM)
This is the administration server for Clean Access deployment. The secure
Web console of the Clean Access Manager is the single point of management
for up to 20 Clean Access Servers in a deployment. For Out-of-Band (OOB)
deployment, the Web admin console allows you to control switches and VLAN
assignment of user ports through the use of SNMP. (Note that the CAM Web
admin console supports Internet Explorer® 6.0 or later only, and requires high
encryption (64-bit or 128-bit). High encryption is also required for client
browsers for Web login and Clean Access Agent authentication.)
Web console of the Clean Access Manager is the single point of management
for up to 20 Clean Access Servers in a deployment. For Out-of-Band (OOB)
deployment, the Web admin console allows you to control switches and VLAN
assignment of user ports through the use of SNMP. (Note that the CAM Web
admin console supports Internet Explorer® 6.0 or later only, and requires high
encryption (64-bit or 128-bit). High encryption is also required for client
browsers for Web login and Clean Access Agent authentication.)
Clean Access Server (CAS)
Enforcement server between the untrusted (managed) network and the
trusted network. The CAS enforces the policies you have defined in the CAM
Web admin console, including network access privileges, authentication
requirements, bandwidth restrictions, and Clean Access system
requirements. It can be deployed in-band (always inline with user traffic) or
out-of-band (inline with user traffic only during authentication/posture
trusted network. The CAS enforces the policies you have defined in the CAM
Web admin console, including network access privileges, authentication
requirements, bandwidth restrictions, and Clean Access system
requirements. It can be deployed in-band (always inline with user traffic) or
out-of-band (inline with user traffic only during authentication/posture
Note: NAC Appliance is also referred to as Cisco Clean Access, and most of
the references and figures in this section use the Clean Access naming.
the references and figures in this section use the Clean Access naming.