Folhetoíndice analíticoSecuring Complexity with NAC Appliance (Cisco Clean Access):A Technical View1Agenda2The Challenge of Securing Complexity3Productivity Causes Complexity4Complexity Demands Defense-in-Depth5What Is Network Admission Control?6Four Key Capabilities of NAC7Before We Continue, You May Be Asking …8Agenda9NAC Appliance10NAC Appliance Enforces Compliance11NAC Appliance (formerly known as Clean Access) Components12Sampling of Pre-Configured Checks13Product User Flow Overview14User Experience with Agent15User Experience via Web Browser16NAC Appliance Protocol Flow17NAC Appliance Sizing18Agenda19Tour of Features: Management Console20CAM Manages All Clean Access Servers21Pre-Configured Checks22Posture Validation Overview23Checks and Rules: An Example24How Checks Look in the Manager25How Rules Look in the Manager26Requirements and Roles27How Requirements Look in the Manager28How Roles Look in the Manager29How Roles Look in the Manager30Filters and Bandwidth31How Filters Look in the Manager32How Bandwidth Controls Look33Clean Access Manager: Back-end Authentication Integration34Admin Control with Real-Time Information35Fine-Tuning Administrator Access36Clean Access Manager Benefits Summary37Agenda38NAC Appliance Technical Benefits39Tamanho: 3 MBPáginas: 41Language: EnglishAbrir o manual
Folhetoíndice analíticoSecuring Complexity with Cisco NAC Appliance (Clean Access)1Agenda2The Challenge of Securing Complexity3Productivity Causes Complexity4Complexity Demands Defense-in-Depth5Agenda6What Is Network Admission Control?7Four Key Capabilities of NAC8Before We Continue, You May Be Asking …9Agenda10The Cisco NAC Appliance Advantage11NAC Appliance Enforces Compliance12NAC Appliance (formerly known as Clean Access) Components13Sampling of Pre-Configured Checks14Product User Flow Overview15User Experience with Agent16User Experience via Web Browser17NAC Appliance Sizing18NAC Appliance Options19Agenda20NAC Appliance Top Values to Business21Customer Return on Investment22Tamanho: 2 MBPáginas: 24Language: EnglishAbrir o manual
/pt/manuals/1650151/índice analíticoCisco NAC Appliance - Clean Access Server Installation and Administration Guide1About This Guide11Audience11Purpose11Document Conventions12Product Documentation12Obtaining Documentation13Cisco.com13Product Documentation DVD14Ordering Documentation14Documentation Feedback14Cisco Product Security Overview14Reporting Security Problems in Cisco Products15Product Alerts and Field Notices15Obtaining Technical Assistance16Cisco Support Website16Submitting a Service Request17Definitions of Service Request Severity17Obtaining Additional Publications and Information17Introduction19What Is Cisco NAC Appliance (Cisco Clean Access)?19Cisco NAC Appliance Components20Clean Access Server Features22Installation Requirements22Product Licensing and Service Contract Support22Upgrading the Software23Cisco NAC Appliance Hardware Platforms23Supported Server Hardware Platforms23Minimum System Requirements23Important Release Information23CAS Management Pages Summary24Global vs. Local Administration Settings25Priority of Settings25Planning Your Deployment27Overview27Clean Access Server Operating Modes27Real-IP Gateway28Virtual Gateway29NAT Gateway30Central Versus Edge Deployment31Routed Central Deployment (L2)31Multi-Hop L3 Deployment33Bridged Central Deployment33Edge Deployment34CAS Operating Mode Summary35Configuring Layer 3 Out-of-Band (L3 OOB)37Overview37Layer 3 Out-of-Band Deployment Use Cases38Layer 3 Out-of-Band L2 vs L3 OOB Implementation39Layer 3 Out-of-Band L3 OOB Details39Layer 3 OOB: Configuration39Layer 3 OOB: Configuration40Layer 3 OOB: Important Configuration Notes41Layer 3 OOB: Networking42Installing the Clean Access Server NAC Appliance43Overview43Set Up the Clean Access Server NAC Appliance44Virtual Gateway Mode Connection Requirements46Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB)47Access the CAS Over a Serial Connection47Set Up the Terminal Emulation Console Connection48Install the Clean Access Server Software from CD-ROM49CD Installation Steps49Perform the Initial Configuration52Configuration Utility Script52Important Notes for SSL Certificates59Using the Command Line Interface (CLI)60CAM/CAS Connectivity Across a Firewall61Configuring the CAS Behind a NAT Firewall61Configuring Additional NIC Cards62Troubleshooting the Installation63Network Interface Card (NIC) Driver Not Supported63Resetting the Clean Access Server Configuration63Clean Access Server Managed Domain65Overview65Add the CAS to the CAM66Add New Server66IP Addressing Considerations68Additional Notes for Virtual Gateway with VLAN Mapping (L2 Deployments)69List of Clean Access Servers70Troubleshooting when Adding the Clean Access Server70Navigating the CAS Management Pages71Configure Network Settings for the CAS73IP Form73Change Clean Access Server Type76Switching Between NAT and Real-IP Gateway Modes76Switching Between Virtual Gateway and NAT/ Real-IP Gateway Modes76Enable Network Access (L3, L3 Strict or L2 Strict)77Enable L3 Support77VPN/L3 Access for Clean Access Agent78Enable L3 Strict Mode (Clean Access Agent Only)79Enable L2 Strict Mode (Clean Access Agent Only)79Configure DHCP81Configure DNS Servers on the Network81Configuring Managed Subnets or Static Routes82Overview82Configure Managed Subnets for L2 Deployments84Adding Managed Subnets85Configure Static Routes for L3 Deployments86Configuring Static Routes for Layer 2 Deployments87Add Static Route87Configure ARP Entries88Add ARP Entry88Understanding VLAN Settings89Enable Subnet-Based VLAN Retag in Virtual Gateway Mode91VLAN Mapping in Virtual Gateway Modes92Native VLAN, Management VLAN, Dummy VLAN92VLAN Mapping for In-Band93VLAN Mapping for Out-of-Band93Switch Configuration for Out-of-Band Virtual Gateway Mode93Configure VLAN Mapping for Out-of-Band94To Verify VLAN Mapping for Out-of-Band94Local Device and Subnet Filtering96Configure Local Device Access Filter Policies96View Active L2 Device Filter Policies99Configure Subnet Access Filter Policies100CAS Fallback Policy101NAT Session Throttle102Configure 1:1 Network Address Translation (NAT)103Configure 1:1 NATing104Configure 1:1 NATing with Port Forwarding104Configure Proxy Server Settings on CAS105To Specify Proxy Server Settings on the CAS105To Configure the CAS to Parse Host Policy Traffic105Configuring DHCP107Overview107Enable the DHCP Module108Configure DHCP Relay or DHCP Server Mode108DHCP Status Options110Configuring IP Ranges (IP Address Pools)111Auto-Generated versus Manually Created Subnets111Subnetting Rules111Create IP Pools Manually113Auto-Generating IP Pools and Subnets115Add Managed Subnet115Create Auto-Generated Subnet116Working with Subnets120View Users by MAC Address/VLAN120View or Delete Subnets from the Subnet List120Edit a Subnet121Reserving IP Addresses122Add a Reserved IP Address122User-Specified DHCP Options124Global Action131IPSec/L2TP/PPTP/PPP on the CAS (Deprecated)133Overview133Enable VPN Policies134Configure IPSec Encryption135Configure L2TP Encryption138Configure PPTP Encryption140Configure PPP141Example Windows L2TP/IPSec Setup142Integrating with Cisco VPN Concentrators145Overview145Single Sign-On (SSO)146Configure Clean Access for VPN Concentrator Integration148Add Default Login Page149Configure User Roles and Clean Access Requirements149Enable L3 Support on the CAS149Verify Discovery Host150Add VPN Concentrator to Clean Access Server150Make CAS the RADIUS Accounting Server for VPN Concentrator151Add Accounting Servers to the CAS151Map VPN Concentrator(s) to Accounting Server(s)152Add VPN Concentrator as a Floating Device153Configure Single Sign-On (SSO) on the CAS/CAM153Configure SSO on the CAS154Configure SSO on the CAM154Create (Optional) Auth Server Mapping Rules155Clean Access Agent with VPN Concentrator and SSO156Clean Access Agent L3 VPN Concentrator User Experience156View Active VPN Clients158Local Traffic Control Policies161Overview161Local vs. Global Traffic Policies162View Local Traffic Control Policies163Add Local IP-Based Traffic Control Policies164Add / Edit Local IP-Based Traffic Policy164Add Local Host-Based Traffic Control Policies166Enable Proxy Traffic167Add Local Allowed Host168Add Local Trusted DNS Server168View IP Addresses Used by DNS Host169Controlling Bandwidth Usage170Local Authentication Settings173Overview173Local Heartbeat Timer174Local Login Page175Add Local Login Page175Enabling Web Client for Local Login Page177Local File Upload179Enable Active Directory SSO Login180Enable Windows NetBIOS SSO Login180OS Detection182Local Clean Access Settings185Overview185Add Exempt Devices186Clear Exempt Devices186Clear Certified Devices187Specify Floating Devices188Administer the Clean Access Server191Status Tab191Clean Access Server Direct Access Web Console192Manage CAS SSL Certificates193Web Console Pages for SSL Certificate Management194Typical Steps for CAS New Installs195Generate Temporary Certificate196Export CSR/Private Key/Certificate197Filenames for Exported Files198Verify Currently Installed Private Key and Certificates198Import Signed Certificate201View Certificate Files Uploaded for Import203Troubleshooting Certificate Issues203CAS Cannot Establish Secure Connection to CAM203Private Key in Clean Access Server Does Not Match the CA-Signed Certificate204Regenerating Certificates for DNS Name Instead of IP205Certificate-Related Files205Synchronize System Time206Support Logs and Loglevel Settings207Configuring High Availability (HA)211Overview211Failover Events213Choosing External IPs for Link-Based Failover213CAS High Availability Requirements214Physical Connection214Switch Interfaces for OOB Deployment215Service IP Addresses215Host Names215DHCP Synchronization215SSL Certificates215Before Starting216Selecting and Configuring the Heartbeat UDP Interface217Serial Port High-Availability Connection217Configure High Availability218Configure the Primary Clean Access Server218a. Access the Primary CAS Directly218b. Configure the Host Information for the Primary219c. Configure HA-Primary Mode and Update219d. Configure the SSL Certificate222e. Reboot the Primary Server223f. Add the CAS to the CAM Using the Service IP223Configure the HA-Secondary Clean Access Server224a. Access the HA-Secondary CAS Directly224b. Configure the Host Information for the HA-Secondary224c. Configure HA-Secondary Mode and Update224d. Configure the SSL Certificate227e. Reboot the HA-Secondary Server227Connect the Clean Access Servers and Complete the Configuration228Failing Over an HA-CAS Pair229Configure DHCP Failover230To Configure DHCP Failover230Modifying High Availability Settings233To Change IP Settings for an HA-CAS233Upgrading an Existing Failover Pair234Useful CLI Commands for HA234How to Verify Primary/Secondary Configuration Status on the HA CAS234How to Verify Active/Standby Runtime Status on the HA CAS235Adding High Availability Cisco NAC Appliance To Your Network236Tamanho: 6 MBPáginas: 242Language: EnglishAbrir o manual
/pt/manuals/1649937/índice analíticoCisco NAC Appliance - Clean Access Manager Installation and Administration Guide1About This Guide15Audience15Purpose15Document Conventions16Product Documentation16Obtaining Documentation17Cisco.com17Product Documentation DVD18Ordering Documentation18Documentation Feedback18Cisco Product Security Overview18Reporting Security Problems in Cisco Products19Product Alerts and Field Notices19Obtaining Technical Assistance20Cisco Support Website20Submitting a Service Request21Definitions of Service Request Severity21Obtaining Additional Publications and Information21Introduction23What Is Cisco NAC Appliance (Cisco Clean Access)?23Cisco NAC Appliance Components24Clean Access Manager (CAM)26Clean Access Server (CAS)26Clean Access Agent27Managing Users27Installation Requirements29Product Licensing and Service Contract Support29Upgrading the Software29Cisco NAC Appliance Hardware Platforms29Supported Server Hardware Platforms30Minimum System Requirements30Important Release Information30Overview of Web Admin Console Elements30Clean Access Server (CAS) Management Pages31Admin Console Summary33Installing the Clean Access Manager35Overview35Set Up the Clean Access Manager NAC Appliance36Access the CAM Over a Serial Connection38Install the Clean Access Manager Software from CD-ROM40CD Installation Steps40Perform the Initial Configuration42Configuration Utility Script42Important Notes for SSL Certificates44Using the Command Line Interface (CLI)45Troubleshooting Network Card Driver Support Issues46Cisco NAC Appliance Connectivity Across a Firewall46Access the CAM Web Console48Device Management: Adding Clean Access Servers, Adding Filters51Working with Clean Access Servers52Add Clean Access Servers to the Managed Domain52Troubleshooting when Adding the Clean Access Server54Manage the Clean Access Server54Check Clean Access Server Status55Disconnect a Clean Access Server55Reboot the Clean Access Server55Remove the Clean Access Server from the Managed Domain55Global and Local Administration Settings56Global and Local Settings57Global Device and Subnet Filtering57Overview57Device Filters and User Count License Limits58Adding Multiple Entries59Corporate Asset Authentication and Posture Assessment by MAC Address59Device Filters for In-Band Deployment60Device Filters for Out-of-Band Deployment61Device Filters for Out-of-Band Deployment Using VoIP Phones61Device Filters and IPSec/L2TP/PPTP Connections to CAS62Device Filters and Gaming Ports62Global vs. Local (CAS-Specific) Filters62Configure Device Filters62Add Global Device Filter63Display / Search Device Filter Policies66Order Device Filter Wildcard/Range Policies67Test Device Filter Policies68View Active L2 Device Filter Policies68Edit Device Filter Policies69Delete Device Filter Policies69Configure Subnet Filters70Switch Management: Configuring Out-of-Band (OOB) Deployment73Overview73In-Band Versus Out-of-Band74Out-of-Band Requirements74SNMP Control76Deployment Modes76Basic Connection76Out-of-Band Virtual Gateway Deployment78Out-of-Band Real-IP/NAT Gateway Deployment81L3 Out-of-Band Deployment84Configuring Your Network for Out-of-Band84Configure Your Switches84Configuration Notes84Example Switch Configuration Steps85OOB Network Setup / Configuration Worksheet89Configure OOB Switch Management in the CAM90Add Out-of-Band Clean Access Servers and Configure Environment91Configure Global Device Filters to Ignore IP Phone MAC Addresses94Configure Group Profiles94Add Group Profile94Edit Group Profile95Configure Switch Profiles96Add Switch Profile97Configure Port Profiles99Add Port Profile100Configure SNMP Receiver104SNMP Trap104Advanced Settings105Add Managed Switch108Add New Switch108Search New Switches110Discovered Clients111Manage Switch Ports112Ports Tab112Ports -MAC Notification113Ports-Linkup/Linkdown117Config Tab119Basic119Advanced120Group121Out-of-Band User List Summary122OOB Troubleshooting123OOB Switch Trunk Ports After Upgrade123Unable to Control <Switch IP>123OOB Error: connected device <client_MAC> not found124Configuring User Login Page and Guest Access125User Login Page126Unauthenticated Role Traffic Policies126Proxy Settings127Add Default Login Page127Change Page Type (to Frame-Based or Small-Screen)129Enable Web Client for Login Page130DHCP Release/Renew with Clean Access Agent/ActiveX/Applet130Customize Login Page Content133Create Content for the Right Frame135Upload a Resource File136Customize Login Page Styles137Configure Other Login Properties138Redirect the Login Success Page138Specify Logout Page Information139Guest User Access140Enable Login Page “Guest Access”140Enable Guest Users with Any Credential141User Management: Configuring User Roles and Local Users143Overview143Create User Roles143User Role Types144Unauthenticated Role145Normal Login Role145Role Assignment Priority146Clean Access Roles146Session Timeouts147Default Login Page148Traffic Policies for Roles148Add New Role148Role Properties150Modify Role154Edit a Role154Delete Role155Create Local User Accounts156Create a Local User156User Management: Configuring Auth Servers157Overview157Adding an Authentication Provider160Kerberos161RADIUS162Windows NT164LDAP165Active Directory Single Sign-On (SS0)166Windows NetBIOS SSO166Implementing Windows NetBIOS SSO166Add Windows NetBIOS SSO Auth Server167Cisco VPN SSO168Add Cisco VPN SSO Auth Server168Allow All169Configuring Authentication Cache Timeout (Optional)170Authenticating Against Backend Active Directory171AD/LDAP Configuration Example171Map Users to Roles Using Attributes or VLAN IDs173Configure Mapping Rule174Editing Mapping Rules179Auth Test181RADIUS Accounting183Enable RADIUS Accounting183Restore Factory Default Settings184Add Data to Login, Logout or Shared Events184Add New Entry (Login Event, Logout Event, Shared Event)185Configuring Active Directory Single Sign-On (AD SSO)189AD SSO Overview190Windows SSO Process (Kerberos Ticket Exchange)190CAS Communication with AD Server191AD SSO Configuration Step Summary192Configuration Prerequisites192Configuration Step Summary193Add Active Directory SSO Auth Server194Configure Traffic Policies for Unauthenticated Role195Configure AD SSO on the CAS197Configure the AD Server and Run KTPass Command200Create the CAS User200Install Support Tools204Run ktpass.exe Command205Example KTPass Command Execution208Enable Agent-Based Windows Single Sign-On with Active Directory (Kerberos)209Confirm AD SSO Service Is Started210Enable GPO Updates211Enabling a Login Script (Optional)212Introducing a Delay to Allow Script Use213Using Network-Based Scripts in Out-of-Band Mode with IP Address Changes214Reference Script214Delay Script with Delete Command215Add LDAP Lookup Server for Active Directory SSO (Optional)215Troubleshooting218General218KTPass Command218Cannot Start AD SSO Service on CAS218AD SSO Service Starts, but Client Not Performing SSO219Kerbtray219CAS Log Files219User Management: Traffic Control, Bandwidth, Schedule221Overview221Global vs. Local Scope223View Global Traffic Control Policies223Add Global IP-Based Traffic Policies224Add IP-Based Policy224Edit IP-Based Policy227Add Global Host-Based Traffic Policies228Add Trusted DNS Server for a Role228Enable Default Allowed Hosts229Add Allowed Host230View IP Addresses Used by DNS Hosts231Proxy Servers and Host Policies232Control Bandwidth Usage233Configure User Session and Heartbeat Timeouts235Session Timer235Heartbeat Timer235In-Band (L2) Sessions235OOB (L2) and Multihop (L3) Sessions236Session Timer / Heartbeat Timer Interaction236Configure Session Timer (per User Role)237Configure Heartbeat Timer (User Inactivity Timeout)237Configure Policies for Agent Temporary and Quarantine Roles239Configure Clean Access Agent Temporary Role239Configure Session Timeout for the Temporary Role239Configure Traffic Control Policies for the Temporary Role240Configure Network Scanning Quarantine Role241Create Additional Quarantine Role241Configure Session Timeout for Quarantine Role242Configure Traffic Control Policies for the Quarantine Role243Example Traffic Policies244Allowing Authentication Server Traffic for Windows Domain Authentication244Allowing Traffic for Enterprise AV Updates with Local Servers244Allowing Gaming Ports244Microsoft Xbox245Other Game Ports245Adding Traffic Policies for Default Roles247Troubleshooting Host-Based Policies249Clean Access Implementation Overview251Clean Access Overview251Clean Access Agent Download252Clean Access Agent for VPN Users253Clean Access Agent for L3 OOB Users253Clean Access Agent Client Assessment Process254Network Scanning Client Assessment255Clean Access Agent255Clean Access Updates256Network Scanner257Certified List257Role-Based Configuration259Clean Access Setup Steps259Retrieving Updates261Cisco Checks and Rules261Supported AV/AS Product List261Download Cisco Updates264General Setup Summary267Agent Login267Web Login270User Page Summary272Manage Certified Devices276Add Exempt Device277Clear Certified or Exempt Devices Manually278View Clean Access Reports for Certified Devices278View Switch Information for Out-of-Band Certified Devices279Configure Certified Device Timer279Add Floating Devices282Distributing the Clean Access Agent285Overview285Configuration Steps for Clean Access Agent286Add Default Login Page287Require Use of the Clean Access Agent287Configure Restricted Network Access for Agent Users289Configure Network Policy Page (Acceptable Use Policy) for Agent Users290Configure the Clean Access Agent Temporary Role290Enable Network Access (L3 or L2)291Enable L3 Deployment Support292Clean Access Agent Sends IP/MAC for All Available Adapters292VPN/L3 Access for Clean Access Agent293Enable L3 Support294Disabling L3 Capability295Enabling L2/L3 Strict Mode (Clean Access Agent Only)295Configuring Agent Distribution/Installation296Distribution296Installation298Clean Access Agent Stub Installer301SSL Requirements for Mac OS/CAS Communication302CAS Temporary Certificate Requirements for SSL Connection to Mac OS Agent302Installing the Root Certificate for Mac OS 10.2.x303Installing the Root Certificate for Mac OS 10.3.x304Installing the Root Certificate for Mac OS 10.4.x305Enable the Root User on Mac OS X306Obtaining the Root Certificate from the CAS307Configure Clean Access Agent Auto-Upgrade309Enable Agent Auto-Upgrade on the CAM309Disable Agent Upgrades to Users309Disable Mandatory Auto-Upgrade on the CAM309User Experience for Auto-Upgrade310Uninstalling the Agent310Uninstall Windows Clean Access Agent310Uninstall Mac OS Clean Access Agent310Agent Setup and Agent Patch (Upgrade) Files311Loading Agent Installation Files to the CAM311Auto-Upgrade Compatibility312Upgrading from 3.5.0 and Below Agents313Agent Upgrade Through File Distribution Requirement313Manually Uploading the Agent to the CAM315Downgrading the Agent316Configuring Clean Access Agent Requirements317Summary317Configuration Steps for Clean Access Agent Requirements318Create Clean Access Agent Requirements319Configuring Windows Update Requirement320Create Windows Update Requirement320Map Windows Update Requirement to Windows Rules323Configuring AV/AS Definition Update Requirements324AV Rules and AS Rules325Verify AV/AS Support Info326Create AV Rule328Create AV Definition Update Requirement330Create AS Rule332Create AS Definition Update Requirement333Configure Launch Programs Requirement335Cisco Pre-Configured Rules (“pr_”)337Using Cisco Pre-Configured Rules to Check for CSA337Configure Custom Checks, Rules and Requirements338Custom Requirements338Cisco Rules339Cisco Checks339Copying Checks and Rules339Create Custom Check340Registry Check Types340File Check Types342Service Check Type343Application Check Type343Create Custom Rule344Create a Custom Rule345Validate Rules346Create Custom Requirement347Create File Distribution /Link Distribution / Local Check Requirement347Map Requirement to Rules350Apply Requirements to Role352Validate Requirements353Configure an Optional Requirement354Launch Programs Example356Viewing Clean Access Agent Reports365Limiting the Number of Reports366Clean Access Agent User Dialogs367Windows Agent Dialogs367Mac OS X Agent Dialogs (Authentication Only)378Agent Localized Language Templates385Troubleshooting the Agent387Client Cannot Connect/Login387No Agent Pop-Up/Login Disabled387Client Cannot Connect (Traffic Policy Related)388AV/AS Rule Troubleshooting388Known Issue for Windows Script 5.6389Known Issue for MS Update Scanning Tool (KB873333)389Background389Workaround390Configuring Network Scanning391Overview391Network Scanning Implementation Steps392Configure the Quarantine Role393Load Nessus Plugins into the Clean Access Manager Repository393Uploading Plugins394Deleting Plugins395Configure General Setup396Apply Plugins397Configure Plugin Options399Configure Vulnerability Handling400Test Scanning402Show Log403View Scan Reports404Customize the User Agreement Page406Monitoring411Overview411Online Users List413Interpreting Active Users414View Online Users415In-Band Users415Out-of-Band Users417View Users by Clean Access Server, Authentication Provider, or Role419Search by User Name, IP, or MAC Address420Log Users Off the Network420Display Settings421Interpreting Event Logs423View Logs423Event Log Example426Limiting the Number of Logged Events427Configuring Syslog Logging427Log Files427SNMP428Enable SNMP Polling/Alerts429Add New Trapsink430Administration433Overview433Network & Failover434Set System Time436Manage CAM SSL Certificates437Web Console Pages for SSL Certificate Management438Typical Steps for New Installs438Generate Temporary Certificate440Export CSR/Private Key/Certificate441Filenames for Exported Files442Verify Currently Installed Private Key and Certificates442Import Signed Certificate445View Certificate Files Uploaded for Import446Troubleshooting Certificate Issues447No Web Login Redirect / CAS Cannot Establish Secure Connection to CAM447Private Key in Clean Access Server Does Not Match the CA-Signed Certificate448Regenerating Certificates for DNS Name Instead of IP448Certificate-Related Files449System Upgrade450Licensing452Support Logs454Admin Users456Admin Groups456Add a Custom Admin Group456Admin Users458Login / Logout an Admin User458Add an Admin User459Edit an Admin User459Active Admin User Sessions460Manage System Passwords462Change the CAM Web Console Admin Password462Change the CAS Web Console Admin User Password463Recovering Root Password for CAM/CAS (Release 4.1.x/4.0.x/3.6.x)463Recovering Root Password for CAM/CAS (Release 3.5.x or Below)464Backing Up the CAM Database465Automated Daily Database Backups465Manual Backups from Web Console465Creating Manual Backup466Backing Up Snapshots to Another Server via FTP466Restoring Configuration from CAM Snapshot467Database Recovery Tool467Manual Database Backup from SSH468API Support468Usage Requirements468Authentication Requirement468Guest Access Support469Summary of Operations469Examples471Configuring High Availability (HA)473Overview473Before Starting475Connect the Clean Access Manager Machines476Serial Connection476Configure the HA-Primary CAM477Configure the HA-Secondary CAM480Complete the Configuration482Upgrading an Existing Failover Pair482Failing Over an HA-CAM Pair482Useful CLI Commands for HA483How to Verify Active/Standby Runtime Status on the HA CAM483How to Verify Primary/Secondary Configuration Status on the HA CAM484Adding High Availability Cisco NAC Appliance To Your Network485Device Management: Roaming (Deprecated)487Overview487Requirements487How Roaming Works488Roaming Modes489Before Starting490Setting Up Simple Roaming491Setting Up Advanced Roaming492Monitoring Roaming Users494Error and Event Log Messages497Client Error Messages497Login Failed497Network Error498CAM Event Log Messages499Tamanho: 10 MBPáginas: 506Language: EnglishAbrir o manual