Cisco NAC Appliance Hardware Installation Guide, Release 4.9
Preparing for Installation
Downloads: This chapterpdf (PDF - 1.64MB) The complete bookPDF (PDF - 7.25MB) | Feedback

Preparing for Installation

Table Of Contents

Preparing for Installation

Safety Guidelines

General Precautions

Safety with Equipment

Safety with Electricity

Preventing Electrostatic Discharge Damage

Lifting Guidelines

Preparing Your Site for Installation

Site Planning

Rack Installation Safety Guidelines

Site Environment

Airflow Guidelines

Temperature and Humidity Guidelines

Power Considerations

Method of Procedure

Shipping Package Contents

Failover Bundles

Required Equipment

Configuration Worksheets

Clean Access Manager (CAM) Configuration Worksheet

Clean Access Server (CAS) Configuration Worksheet

CAS Mode IP Addressing Considerations

Rack-Mounting Your Cisco NAC Appliance CAM/CAS

Mounting the NAC-3315 Appliance in a 4-Post Rack

NAC-3315 4-Post Rack-Mount Hardware Kit

Installing the NAC-3315 Slide Rails into a Rack

Installing the NAC-3315 Appliance into the Slide Rails

Mounting the NAC-3355/3395 Appliance in a 4-Post Rack

NAC-3355/3395 4-Post Rack-Mount Hardware Kit

Installing the NAC-3355/3395 Slide Rails Into the 4-Post Rack

Installing the NAC-3355/3395 Appliance Into the Slide Rails

Cisco NAC Appliance Licensing

Upgrading Cisco NAC Appliance Software

Downloading Cisco NAC Appliance Software

Upgrading Firmware


Preparing for Installation


This chapter provides preparatory installation instructions for Cisco NAC Appliance. It provides instructions for how to verify your hardware and other required equipment, install your Cisco NAC Appliance in a four-post rack, and upgrade the existing Cisco NAC Appliance software and chassis firmware.


Note This Installation Guide does not cover the Cisco NAC Network Module (NME-NAC-K9). For information on Cisco NAC Network Module installation and configuration, see Getting Started with Cisco NAC Network Modules in Cisco Access Routers.


This chapter covers the following topics:

Safety Guidelines

Preparing Your Site for Installation

Rack-Mounting Your Cisco NAC Appliance CAM/CAS

Cisco NAC Appliance Licensing

Upgrading Cisco NAC Appliance Software

Upgrading Firmware

Safety Guidelines

Before you begin installing the Cisco NAC Appliance CAM/CAS, review the safety guidelines in this chapter and Rack-Mounting Your Cisco NAC Appliance CAM/CAS to avoid injuring yourself or damaging the equipment.

This section contains:

General Precautions

Safety with Equipment

Safety with Electricity

Preventing Electrostatic Discharge Damage

Lifting Guidelines

General Precautions

Observe the following general precautions for using and working with your appliance:

Observe and follow service markings. Do not service any Cisco product except as explained in your appliance documentation. Opening or removing covers that are marked with the triangular symbol with a lightning bolt may expose you to electrical shock. Components inside these compartments should be serviced only by an authorized service technician.

If any of the following conditions occur, unplug the product from the electrical outlet and replace the part, or contact your authorized service provider:

The power cable, extension cord, or plug is damaged.

An object has fallen into the product.

The product has been exposed to water.

The product has been dropped or damaged.

The product does not operate correctly when you follow the operating instructions.

Keep your appliance away from radiators and heat sources. Also, do not block cooling vents.

Do not spill food or liquids on your appliance, and never operate the product in a wet environment.

Do not push any objects into the openings of your appliance. Doing so can cause fire or electric shock by shorting out interior components.

Use the product only with other equipment approved by Cisco.

Allow the product to cool before removing covers or touching internal components.

Use the correct external power source. Operate the product only from the type of power source indicated on the electrical ratings label. If you are not sure of the type of power source required, consult your service representative or local power company.

Use only approved power cables. If you have not been provided with a power cable for your appliance or for any AC-powered option intended for your appliance, purchase a power cable that is approved for use in your country. The power cable must be rated for the product and for the voltage and current marked on the product's electrical ratings label. The voltage and current rating of the cable should be greater than the ratings marked on the product.

To help prevent electric shock, plug the appliance and power cables into properly grounded electrical outlets. These cables are equipped with three-prong plugs to help ensure proper grounding. Do not use adapter plugs or remove the grounding prong from a cable. If you must use an extension cord, use a three-wire cord with properly grounded plugs.

Observe extension cord and power strip ratings. Make sure that the total ampere rating of all products plugged into the extension cord or power strip does not exceed 80 percent of the extension cord or power strip ampere ratings limit.

Do not use appliance, or voltage converters, or kits sold for appliances with your product.

To help protect your appliance from sudden, transient increases and decreases in electrical power, use a surge suppressor, line conditioner, or uninterruptible power supply (UPS).

Position cables and power cords carefully; route cables and the power cord and plug so that they cannot be stepped on or tripped over. Be sure that nothing rests on your appliance cables or power cord.

Do not modify power cables or plugs. Consult a licensed electrician or your power company for site modifications. Always follow your local or national wiring rules.

Safety with Equipment

The following guidelines will help ensure your safety and protect the equipment. However, this list does not include all potentially hazardous situations, so be alert.


Warning Read the installation instructions before connecting the system to the power source. Statement 1004

Always disconnect all power cords and interface cables before moving the appliance.

Never assume that power is disconnected from a circuit; always check.

Keep the appliance chassis area clear and dust-free before and after installation.

Keep tools and assembly components away from walk areas where you or others could trip over them.

Do not work alone if potentially hazardous conditions exist.

Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.

Do not wear loose clothing that may get caught in the appliance chassis.

Wear safety glasses when working under conditions that may be hazardous to your eyes.

Safety with Electricity


Warning This unit is intended for installation in restricted access areas. A restricted access area can be accessed only through the use of a special tool, lock and key, or other means of security.
Statement 1017

Warning To avoid electric shock, do not connect safety extra-low voltage (SELV) circuits to telephone-network voltage (TNV) circuits. LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some LAN and WAN ports both use RJ-45 connectors. Statement 1021

Warning Do not touch the power supply when the power cord is connected. For systems with a power switch, line voltages are present within the power supply even when the power switch is off and the power cord is connected. For systems without a power switch, line voltages are present within the power supply when the power cord is connected. Statement 4

Warning Before working on equipment that is connected to power lines, remove jewelry (including rings, necklaces, and watches). Metal objects will heat up when connected to power and ground and can cause serious burns or weld the metal object to the terminals. Statement 43

Warning Before working on a chassis or working near power supplies, unplug the power cord on AC units; disconnect the power at the circuit breaker on DC units. Statement 12

Warning Do not work on the system or connect or disconnect cables during periods of lightning activity. Statement 1001

Warning This equipment is intended to be grounded. Ensure that the host is connected to earth ground during normal use. Statement 39

Warning When installing or replacing the unit, the ground connection must always be made first and disconnected last. Statement 1046

Follow these guidelines when working on equipment powered by electricity:

Locate the room's emergency power-off switch. Then, if an electrical accident occurs, you can quickly turn off the power.

Disconnect all power before doing the following:

Working on or near power supplies.

Installing or removing an appliance.

Performing most hardware upgrades.

Never install equipment that appears damaged.

Carefully examine your work area for possible hazards, such as moist floors, ungrounded power extension cables, and missing safety grounds.

Never assume that power is disconnected from a circuit; always check.

Never perform any action that creates a potential hazard to people or makes the equipment unsafe.

Never work alone when potentially hazardous conditions exist.

If an electrical accident occurs, proceed as follows:

Use caution, and do not become a victim yourself.

Turn off power to the appliance.

If possible, send another person to get medical aid. Otherwise, determine the condition of the victim, and then call for help.

Determine whether the person needs rescue breathing, external cardiac compressions, or other medical attention; then take appropriate action.

In addition, use the following guidelines when working with any equipment that is disconnected from a power source but still connected to telephone wiring or network cabling:

Never install telephone wiring during a lightning storm.

Never install telephone jacks in wet locations unless the jack is specifically designed for it.

Never touch uninsulated telephone wires or terminals unless the telephone line is disconnected at the network interface.

Use caution when installing or modifying telephone lines.

Preventing Electrostatic Discharge Damage

Electrostatic discharge (ESD) can damage equipment and impair electrical circuitry. ESD can occur when electronic printed circuit cards are improperly handled and can cause complete or intermittent failures. Always follow ESD-prevention procedures when removing and replacing modules:

When unpacking a static-sensitive component from its shipping carton, do not remove the component from the antistatic packing material until you are ready to install the component in your appliance. Just before unwrapping the antistatic packaging, be sure to discharge static electricity from your body.

When transporting a sensitive component, first place it in an antistatic container or packaging.

Handle all sensitive components in a static-safe area. If possible, use antistatic floor pads and workbench pads.

Ensure that the Cisco NAC Appliance CAM/CAS is electrically connected to ground.

Wear an ESD-preventive wrist strap, ensuring that it makes good skin contact. Connect the clip to an unpainted surface of the appliance to channel unwanted ESD voltages safely to ground. To guard against ESD damage and shocks, the wrist strap and cord must operate effectively.

If no wrist strap is available, ground yourself by touching a metal part of the appliance.


Caution For the safety of your equipment, periodically check the resistance value of the antistatic wrist strap. It should be between 1 and 10 Mohm.

Lifting Guidelines

A Cisco NAC Appliance CAM/CAS weighs between 15 lb (9.071 kg) and 33 lb (14.96 kg) depending on what hardware options are installed in the appliance. The appliance is not intended to be moved frequently. Before you install the appliance, ensure that your site is properly prepared so you can avoid having to move the appliance later to accommodate power sources and network connections.

Whenever you lift the appliance or any heavy object, follow these guidelines:

Always disconnect all external cables before lifting or moving the appliance.

Ensure that your footing is solid, and balance the weight of the object between your feet.

Lift the appliance slowly; never move suddenly or twist your body as you lift.

Keep your back straight and lift with your legs, not your back. If you must bend down to lift the appliance, bend at the knees, not at the waist, to reduce the strain on your lower back muscles.

Lift the appliance from the bottom; grasp the underside of the appliance exterior with both hands.

Preparing Your Site for Installation

Before installing a Cisco NAC Appliance CAM/CAS, it is important to prepare the following:

1. Prepare the site (see Site Planning) and review the installation plans or method of procedures (MOPs).

2. Unpack and inspect the appliance.

3. Gather the tools and test equipment required to properly install the appliance.

This section contains:

Site Planning

Shipping Package Contents

Failover Bundles

Required Equipment

Configuration Worksheets

Site Planning


Warning This unit is intended for installation in restricted access areas. A restricted access area can be accessed only through the use of a special tool, lock and key, or other means of security.
Statement 1017

Typically, you should have prepared the installation site beforehand. As part of your preparation, obtain a floor plan of the site and the equipment rack where the Cisco NAC Appliance CAM/CAS will be housed. Determine the location of any existing appliances and their interconnections, including communications and power. Following the airflow guidelines (see Airflow Guidelines) ensures that adequate cooling air is provided to the appliance.

All personnel involved in the installation of the appliance, including installers, engineers, and supervisors, should participate in the preparation of a MOP for approval by the customer. For more information, see Method of Procedure.

The following sections provide the site requirement guidelines that you must consider before installing the appliance:

Rack Installation Safety Guidelines

Site Environment

Airflow Guidelines

Temperature and Humidity Guidelines

Power Considerations

Method of Procedure

Rack Installation Safety Guidelines

The Cisco NAC Appliance CAM/CAS can be mounted in most four-post telephone company (telco-type), 19-inch equipment racks that comply with the Electronics Industries Association (EIA) standard for equipment racks (EIA-310-D). The distance between the center lines of the mounting holes on the two mounting posts must be 18.31 inches +/- 0.06 inch (46.50 cm +/- 0.15 cm). The rack-mounting hardware included with the appliance is suitable for most 19-inch equipment racks or telco-type frames.


Note Cisco strongly recommends using four-post racks whenever possible, but your rack must have at least two posts that provide mounting flanges for mounting an appliance.


Figure 2-1 shows a couple of common examples of four-post equipment racks.

Figure 2-1 Four-Post Equipment Rack Types

Four-Post (Partially-Enclosed) Rack

Image "1" in Figure 2-1 shows a freestanding, partially-enclosed rack with two mounting posts in the front and two more at the rear. The Cisco NAC Appliance CAM/CAS may be installed in this type of enclosed rack, because the appliance only requires an unobstructed flow of cooling air into the front of the chassis and pushed out of the rear to maintain acceptable operating temperatures for its internal components.

Four-Post (Open) Rack

Image "2" in Figure 2-1 shows a freestanding, four-post open rack with two mounting posts in front and two mounting posts at the back. The mounting posts in this type of rack are often adjustable so that you can position the rack-mounted unit within the depth of the rack rather than flush-mount it with the front of the rack.

Before installing your Cisco NAC Appliance CAM/CAS in a rack, review the following guidelines:

Two or more people are required to install the appliance in a rack.

Ensure that the room air temperature is below 95°F (35°C).

Do not block any air vents; usually, 6 inches (15 cm) of space provides proper airflow.

Plan the appliance installation starting from the bottom of the rack.

Do not extend more than one appliance out of the rack at the same time.

Connect the appliance to a properly grounded outlet.

Do not overload the power outlet when installing multiple devices in the rack.

Do not place any object weighing more than 110 lb (50 kg) on top of rack-mounted devices.

Site Environment

The location of your appliance and the layout of your equipment rack or wiring room are extremely important considerations for proper operation. Equipment placed too close together, inadequate ventilation, and inaccessible panels can cause malfunctions and shutdowns, and can make maintenance difficult. Plan for access to front- and rear-panels of the appliance.

The following precautions will help you plan an acceptable operating environment for your appliance and will help you avoid environmentally caused equipment failures:

Ensure that the room where your appliance operates has adequate circulation. Electrical equipment generates heat. Without adequate circulation, ambient air temperature may not cool equipment to acceptable operating temperatures. For more information, see Airflow Guidelines.

Ensure that the site of the rack includes provisions for source AC power, grounding, and network cables.

Allow sufficient space to work around the rack during the installation. You need:

At least 3 feet (9.14 m) adjacent to the rack to move, align, and insert the appliance.

At least 24 inches (61 cm) of clearance in front of and behind the appliance for maintenance after installation.

To mount the appliance between two posts or rails, the usable aperture (the width between the inner edges of the two mounting flanges) must be at least 17.7 inches (45.0 cm).


Note The rack-mount kit does not include a 2-post equipment rack.


Use appropriate strain-relief methods to protect cables and equipment connections.

To avoid noise interference in network interface cables, do not route them directly across or along power cables.

Always follow ESD-prevention procedures as described in Preventing Electrostatic Discharge Damage to avoid damage to equipment. Damage from static discharge can cause immediate or intermittent equipment failure.

Airflow Guidelines

To ensure adequate airflow through the equipment rack, it is recommended that you maintain a clearance of at least 6 inches (15.24 cm) at the front and the rear of the rack. If airflow through the equipment rack and the appliances that occupy it is blocked or restricted, or if the ambient air being drawn into the rack is too warm, an overtemperature condition within the rack and the appliances that occupy it can occur.

The site should also be as dust-free as possible. Dust tends to clog the appliance fans, reducing the flow of cooling air through the equipment rack and the appliances that occupy it. This reduction increases the risk of an overtemperature condition.

Additionally, the following guidelines will help you plan your equipment rack configuration:

Besides airflow, you must allow clearance around the rack for maintenance.

When mounting an appliance in an open rack, ensure that the rack frame does not block the front intakes or the rear exhausts.

Temperature and Humidity Guidelines

Table 2-1 lists the operating and non-operating environmental site requirements for the Cisco NAC Appliance CAM/CAS. The appliance normally operates within the ranges listed; however, a temperature measurement approaching a minimum or maximum parameter indicates a potential problem. Maintain normal operation by anticipating and correcting environmental anomalies before they approach critical values by properly planning and preparing your site before you install the appliance.

Table 2-1 Operating and Nonoperating Environmental Specifications

Specification
Minimum
Maximum

Temperature, ambient operating

50°F (10°C)

95°F (35°C)

Temperature, ambient nonoperating and storage

-40°F (°C)

158°F (70°C)

Humidity, ambient (noncondensing) operating

10%

90%

Humidity, ambient (noncondensing) nonoperating and storage

5%

95%

Vibration, operating

5-500 Hz, 2.20 g RMS random


Power Considerations

You configure the Cisco NAC Appliance CAM/CAS with AC-input power only. Ensure that all power connections conform to the rules and regulations in the National Electrical Codes (NECs), as well as local codes. When planning power connections to your appliance, the following precautions and recommendations must be followed:

Check the power at your site before installation and periodically after installation to ensure that you are receiving clean power (free of spikes and noise). Install a power conditioner if necessary.

The AC power supply includes the following features:

Autoselect feature for 110-V or 220-V operation.

An electrical cord for all appliances. (A label near the power cord indicates the correct voltage, frequency, current draw, and power dissipation for the appliance.)


Warning This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 10A international) is used on the phase conductors (all current-carrying conductors). Statement 13

Install proper grounding to your host equipment rack to avoid damage from lightning and power surges.


Warning This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. Statement 1024

The AC-input power supply that operates on input voltage and frequency within the ranges of 100 to 240 VRMS and 50/60 Hz without the need for operator adjustments.

Method of Procedure

As described previously, part of your preparation includes reviewing installation plans or MOPs. An example of a MOP (a preinstallation checklist of tasks and considerations that need to be addressed and agreed upon before proceeding with the installation) is as follows:

1. Assign personnel.

2. Determine protection requirements for personnel, equipment, and tools.

3. Evaluate potential hazards that may affect service.

4. Schedule time for installation.

5. Determine any space requirements.

6. Determine any power requirements.

7. Identify any required procedures or tests.

8. On an equipment plan, make a preliminary decision that locates each Cisco NAC Appliance CAM/CAS that you plan to install.

9. Read this hardware installation guide.

10. Verify the list of replaceable parts for installation (screws, bolts, washers, and so on) so that the parts are identified.

11. Check the required tools list to make sure the necessary tools and test equipment are available. For more information, see Required Equipment.

12. Perform the installation.

Shipping Package Contents

Verify the contents of the packing box, shown in Figure 2-2, to ensure that you have received all items necessary to install your Cisco NAC Appliance. Save the packing material in case you need to repack the unit. If any item is missing or damaged, contact your Cisco representative or reseller for instructions. Some Cisco NAC Appliance models might include additional items that are not shown.

Figure 2-2 Shipping Box Contents


Note Because product software is preloaded onto the Cisco NAC Appliance CAM/CAS, the shipping contents do not include a separate Cisco NAC Appliance software installation CD. Refer to Upgrading Cisco NAC Appliance Software for additional details.


Failover Bundles

If you ordered a Failover Bundle, you will receive two physical Cisco NAC Appliances, and you will need to perform the initial configuration on each machine as described in this guide. After initial configuration is complete, configure High Availability (HA) using the CAM or CAS web console and physically connect the appliances to create the HA pair. Refer to Chapter 4 "Configuring High Availability (HA)"for CAM and CAS HA configuration details.


Note When connecting high availability (failover) pairs via serial cable, BIOS redirection to the serial port must be disabled for the Cisco NAC Appliance CAM/CAS. Refer to the "Disable BIOS Redirection for Serial HA (Failover) Connections" section of the Supported Hardware and System Requirements for Cisco NAC Appliance (Cisco Clean Access) for details.


Required Equipment

You need to supply a workstation (PC or laptop) and keyboard/monitor/mouse to run the Cisco NAC Appliance Configuration Utility on the appliance. Once the initial configuration is complete, you will need a standard (straight-through) Ethernet Category 5 network cable with RJ-45 connectors to connect the interfaces of the Cisco NAC Appliance to the network (eth0 for the CAM; eth0 and eth1 for the CAS). You will need a crossover RJ-45 Ethernet cable to connect HA-pair appliances together. The FIPS 140-2 Compliant and Non-FIPS Hardware Platforms provides interface details for each model.

Configuration Worksheets

You will need the following information to complete the initial configuration of your Cisco NAC Appliances:

Clean Access Manager (CAM) Configuration Worksheet

Clean Access Server (CAS) Configuration Worksheet

CAS Mode IP Addressing Considerations


Note If planning to configure your appliances for high availability (HA), you first must perform initial installation on each appliance, then configure HA via the CAM and/or CAS web console(s). You will need to create a virtual Service IP for the HA-pair via web configuration.


Clean Access Manager (CAM) Configuration Worksheet

Table 2-2 CAM Configuration Utility Worksheet

For Clean Access Manager NAC Appliance

a. IP address for eth0 interface (trusted) 1 :

                                                              

b. Subnet mask (IP netmask) for eth0 interface:

                                                              

c. Default gateway IP address for eth0 interface:

                                                              

d. Host name for your CAM:

                                                              

e. IP address of Domain Name Server on your network:

                                                              

f. Master secret:

Note The master secret must be the same for CAMs/CASs deployed as HA peers.

                                                              

g. Date, time and timezone:

                                                              

h. To generate the required temporary SSL certificate (you can change this at a later time):

FQDN or IP address of CAM:
Organization unit (e.g. Sales)
Organization name (e.g. Cisco)
Organization location (e.g. San Jose, CA, US)

Note If using FQDN, make sure your DNS server is set up for the domain name.

                                                              

i. Root user password:

                                                              

j. Web console password 2 :

                                                              

1 eth0 and eth1 generally correlate to the first two network cards—NIC 1 and NIC 2—on the server hardware.

2 Cisco highly recommends replacing default password(s) with "strong" passwords (at least 8 characters long, comprised of a combination of two characters from each of the upper- and lower-case letters, numbers, and special characters categories)


Clean Access Server (CAS) Configuration Worksheet

Table 2-3 CAS Configuration Utility Worksheet

For Clean Access Server NAC Appliance

a. IP address for eth0 interface (trusted) 1 :

                                                              

b. Subnet mask (IP netmask) for eth0 interface:

                                                              

c. Default gateway IP address for eth0 interface:

                                                              

d. IP address for eth1 interface (untrusted):

                                                              

e. Subnet mask (IP netmask) for eth1 interface:

                                                              

f. Default gateway IP address for eth1 interface 1:

                                                              

g. Host name for your CAS:

                                                              

h. IP address of Domain Name Server on your network:

                                                              

i. Master secret:

Note The master secret must be the same for CAMs/CASs deployed as HA peers.

                                                              

j. Date, time and timezone:

                                                              

k. To generate the required temporary SSL certificate (you can change this at a later time):

FQDN or eth0 IP address of CAS:
Organization unit (e.g. Sales)
Organization name (e.g. Cisco)
Organization location (e.g. San Jose, CA, US)

Note If using FQDN, make sure your DNS server is set up for the domain name.

                                                              

l. Root user password:

                                                              

m. Web console password 2 :

                                                              

1 eth0 and eth1 generally correlate to the first two network cards—NIC 1 and NIC 2—on the server hardware.

2 Cisco highly recommends replacing default password(s) with "strong" passwords (at least 8 characters long, comprised of a combination of two characters from each of the upper- and lower-case letters, numbers, and special characters categories)


CAS Mode IP Addressing Considerations

Table 2-4 CAS Modes— IP addressing Considerations  

CAS Mode
Comments

Real-IP

The trusted (eth0) and untrusted (eth1) interfaces of the CAS must be on different subnets.

Add static routes on the L3 switch or router to route traffic for the managed subnets to the trusted interface of the respective CASs.

If using DHCP relay, make sure the DHCP server has a route back to the managed subnets.

Virtual Gateway

CAUTION: To avoid switch errors, do not connect the untrusted interface (eth1) of a Virtual Gateway (IB or OOB) CAS to the switch until after the CAS is added to the CAM via the web console, and VLAN mapping is configured correctly under Device Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping. See the Cisco NAC Appliance - Clean Access Server Configuration Guide, Release 4.9(1) for details.

The CAS and CAM must be on different subnets (or VLANs).

The trusted (eth0) and untrusted interfaces (eth1) of the CAS can have the same IP address. (Note: this is equivalent to an L3 SVI IP address.)

All end devices in the bridged subnet must be on the CAS untrusted side.

The CAS is automatically configured for DHCP Passthrough when set to Virtual Gateway mode.

Managed subnets must be configured on the CAS for all the user subnets that are managed by the CAS. When configuring the Managed subnet, make sure that you type an unused IP address in that subnet (for the CAS to use), and not a subnet address.

Traffic from clients must pass through the CAS before hitting the gateway.

When the CAS is an OOB VGW, the following also applies:
CAS interfaces must be on a separate subnet (or VLAN) from the CAM.
The CAS management VLAN must be on a different VLAN than the user or Access VLANs.

See also "Determining VLANs For Virtual Gateway" in the Cisco NAC Appliance - Clean Access Server Configuration Guide, Release 4.9(1) for further details.


Rack-Mounting Your Cisco NAC Appliance CAM/CAS

Each Cisco NAC Appliance CAM/CAS has a set of rack handles (installed at the factory). You will use these handles later when you install the appliance in a 4-post rack. You can front (flush) mount or mid-mount the appliance in a 19-inch (48.3-cm) equipment rack that conforms to the 4-post rack specification (the inside width of the rack should be 17.5 inches [44.45 cm]). Mount the appliance in the brackets. When the appliance is installed in the rack, it requires one EIA 1.75-inch (4.4-cm) vertical mounting space or 1 rack unit (RU) for mounting.

This section addresses the following two procedures:

Mounting the NAC-3315 Appliance in a 4-Post Rack

Mounting the NAC-3355/3395 Appliance in a 4-Post Rack


Caution You must leave clearance in the front and rear of the Cisco NAC Appliance CAM/CAS to allow cooling air to be drawn in through the front and circulated through the appliance and out the rear of the appliance.

The Rack Installation Safety Guidelines and the following information will help you plan the equipment rack configuration:

When mounting an appliance in an equipment rack, ensure that the rack is bolted to the floor.

Because you may install more than one appliance in the rack, ensure that the weight of all the appliances installed does not make the rack unstable.


Caution Some equipment racks are also secured to ceiling brackets due to the weight of the equipment in the rack. If you use this type of installation, make sure that the rack you are using to install the appliances is secured to the building structure.

As mentioned in Airflow Guidelines, maintain a 6-inch (15.2-cm) clearance at the front and rear of the appliance to ensure adequate air intake and exhaust.

Avoid installing appliances in an overly congested rack. Air flowing to or from other appliances in the rack might interfere with the normal flow of cooling air through the appliances, increasing the potential for overtemperature conditions within the appliances.

Allow at least 24 inches (61 cm) of clearance at the front and rear of the rack for appliance maintenance.


Caution To prevent appliance overheating, never install an appliance in an enclosed rack or a room that is not properly ventilated or air conditioned.

Follow your local practices for cable management. Ensure that cables to and from appliances do not impede access for performing equipment maintenance or upgrades.


Note The rack-mount hardware kit does not include a 2-post equipment rack.


Mounting the NAC-3315 Appliance in a 4-Post Rack


Warning When the appliance is installed in a rack and is fully extended on its slide rail, it is possible for the rack to become unstable and tip over, which could cause serious injury. To eliminate the risk of rack instability from extending the rail or in the event of an earthquake, you should affix the rack to the floor.

This section contains:

NAC-3315 4-Post Rack-Mount Hardware Kit

Installing the NAC-3315 Slide Rails into a Rack

Installing the NAC-3315 Appliance into the Slide Rails

NAC-3315 4-Post Rack-Mount Hardware Kit

Figure 2-3 shows the items that you need to install the NAC-3315 appliance in a 4-post rack.

Figure 2-3 Release Levers on the NAC-3315 Slide Rail Hardware

1

Cable straps (6)

4

M6 screws (6)

2

Slide rail (2)

5

Shipping bracket

3

Front of rail

6

Rear of rail


Installing the NAC-3315 Slide Rails into a Rack

To install the NAC-3315 appliance in a rack:


Step 1 Press on the rail-adjustment bracket on the rear of the slide rail (see Figure 2-4) to prevent the bracket from moving.

Step 2 Press on Tab 1 and 2 (see Figure 2-4) and slide the rail-locking carrier toward the front of the slide rail until it snaps into place.

Step 3 Press on Tab 1 and 2 and slide the rail-locking carrier toward the rear of the slide until it snaps into place.

Figure 2-4 Installing the Slide Rail into the Rack

1

Adjustment tab 1

3

Rail-adjustment bracket

2

Adjustment tab 2

   

Step 4 If you need to adjust the slide-rail length, lift the release tab (see Figure 2-5) and fully extend the rail-adjustment bracket from the rear of the slide rail until it snaps into place.

Step 5 Align the pins on the rear rail-locking carrier with the holes on the rear mounting flange. Then, press the tab (see Figure 2-5) to secure the rear of the slide rail to the rear mounting flange.


Note Ensure that the pins are fully extended through the mounting flange and slide rail.


Figure 2-5 Adjusting the Slide-rail Length

1

Adjustment tab

3

Pins not extended through the mounting flange and slide rail

2

Release tab

4

Pins extended through the mounting flange and slide rail


Step 6 Align the pins (see Figure 2-6) on the front rail-locking carrier to the front mounting flange. If you have adjusted the rail length, push the rail-locking carrier back toward the rear of the slide rail to align the slide rail with the mounting flange. Then, press the tab to secure the front of the slide rail to the front mounting flange.


Note Ensure that the pins are fully extended through the mounting flange and the slide rail.


Step 7 Repeat the steps from 1 to 6 for the other slide rail.

Figure 2-6 Aligning the Slide Rail with the Mounting Flange

1

Adjustment tab

4

Pins extended through the mounting flange and slide rail

2

Mounting flange

5

Pins not extended through the mounting flange and slide rail

3

Pins

   


Installing the NAC-3315 Appliance into the Slide Rails

To install the NAC-3315 appliance in the slide rails:


Step 1 Align the CAM/CAS on the slide rails and push the CAM/CAS fully into the rack cabinet.

Step 2 Secure the CAM/CAS to the front mounting flanges with the captive thumbscrews (see Figure 2-7).


Note You must leave the shipping brackets attached to the slide rails unless the shipping brackets impede the CAM/CAS from sliding fully in the rack cabinet. If you need to remove the shipping brackets, see Step 3.


Figure 2-7 Aligning the NAC-3315 on the Slide Rails

1

Shipping brackets

3

Thumbscrews

2

NAC-3315 appliance

   

Step 3 Press on the release tab (see Figure 2-8) as indicated on the shipping bracket, and remove the shipping bracket from the slide rail.

Step 4 Repeat step 3 for the other shipping bracket. Store the shipping brackets for future use.


Note You must reinstall the shipping brackets on the slide rails before you transport the rack cabinet with the CAM/CAS installed. To reinstall the shipping brackets, reverse the steps.


Figure 2-8 Removing the Shipping Brackets

1

Release tab

   


Mounting the NAC-3355/3395 Appliance in a 4-Post Rack


Warning When the appliance is installed in a rack and is fully extended on its slide rail, it is possible for the rack to become unstable and tip over, which could cause serious injury. To eliminate the risk of rack instability from extending the rail or in the event of an earthquake, you should affix the rack to the floor.

This section contains:

NAC-3355/3395 4-Post Rack-Mount Hardware Kit

Installing the NAC-3355/3395 Slide Rails Into the 4-Post Rack

Installing the NAC-3355/3395 Appliance Into the Slide Rails

NAC-3355/3395 4-Post Rack-Mount Hardware Kit

Figure 2-9 shows the items that you need to install the NAC-3355/3395 appliance in a 4-post rack.

Figure 2-9 NAC-3355/3395 Rack Installation Kit Contents


Note Some of the items in Figure 2-9 are shipped in the NAC-3355/3395 shipping container, not necessarily with the rack installation kit.


Installing the NAC-3355/3395 Slide Rails Into the 4-Post Rack

When installing the NAC-3355/3395 slide rails in your equipment rack, Cisco recommends using cage nuts with square-holed racks, clip nuts with round-holed racks, and your own rack screws with thread-hole racks.


Note If the slide rails that arrived in your shipping container include shipping thumbscrews, remove them before performing the following procedure.



Step 1 Identify an available space in your rack to install the NAC-3355/3395.

Step 2 If you have either a round-holed or square-holed rack, install cage nuts or clip nuts, in the middle and bottom holes of the rack unit space on each side of the rack your NAC-3355/3395 will occupy (see Figure 2-10).

Step 3 Install cage nuts or clip nuts in the top and bottom holes for each side of the respective rear rack mounting rails (see Figure 2-10).

Figure 2-10 Position Cage Nuts or Clip Nuts

Step 4 Use a screwdriver to install the cage nuts or clip nuts on the inside of the mounting rail, as required for your particular rack, into the selected holes (see Figure 2-11).

Figure 2-11 Install Cage Nuts or Clip Nuts

Step 5 Use the tab on the rear of the slide rails to align the rear of the slide rail to the rear of the 4-post rack.

Step 6 Select the best range among Posts A, B, C, and D to fit into the slots. Adjust the length of the slide rails by moving around the depth adjustment screws and nuts (see Figure 2-12).

Step 7 Once you have the combination and fit you want for your NAC-3355/3395, reinstall and tighten the screws and nuts for both slide rails.

Figure 2-12 Set Up Slide Rails

Step 8 Fasten the front of the slide rail and EIA latch to the front of the 4-post rack by installing a screw in the bottom hole of the selected rack space for your NAC-3355/3395. Then, install another screw in the middle hole to secure the front of the slide rail to the 4-post rack (see Figure 2-13).


Note Use the 12-24 screws that came in the rack installation kit if you have installed clip nuts or cage nuts in the 4-post rack mounting rails.


Figure 2-13 Fasten Front of Slide Rail to 4-Post Rack

Step 9 Use two screws to fasten the rear of the slide rail to the respective rear mounting rail of the 4-post rack in the upper and bottom holes of the selected rack space for your NAC-3355/3395 (see Figure 2-14).

Figure 2-14 Fasten Rear of Slide Rail to 4-Post Rack

Step 10 Repeat Step 8 and Step 9 to attach the other slide rail to the selected rack space for your NAC-3355/3395.


Installing the NAC-3355/3395 Appliance Into the Slide Rails


Step 1 Extend the slide rails forward out of the 4-post rack until they click (twice) into place.

Step 2 Carefully lift the NAC-3355/3395 and tilt it into position over the slide rails so that the rear chassis nail heads on the CAM/CAS line up with the rear slots on the slide rails (see Figure 2-15).

Step 3 Slide the CAM/CAS down so that the rear chassis nail heads slip into the two rear slots, and then slowly lower the front of the CAM/CAS until the other chassis nail heads slip into their respective slots on the slide rails.


Note Ensure that the front latch slides over the chassis nail heads.


Figure 2-15 Position the NAC-3355/3395 In the Slide Rails

1

Extend the slide rails forward

4

Lower the CAM/CAS into position

2

Chassis nail heads

5

Front latches

3

Rear slide rail slots

   

Step 4 Lift the locking levers on the slide rails and push the CAM/CAS all the way into the rack until it clicks into place (see Figure 2-16).

Figure 2-16 Push the NAC-3355/3395 Into the Rack

1

Locking levers

2

Push the CAM/CAS into the rack



Cisco NAC Appliance Licensing

You need at least one Clean Access Manager license and one Clean Access Server license for your Cisco NAC Appliance system to work. Both licenses are installed via the Clean Access Manager administration web console. For Out-of-Band (OOB) deployments, you must add both the OOB CAS license and the CAS as an Out-of-Band device to the CAM to access the OOB Management module of the CAM web console.

For instructions on how to obtain new license(s) for your system, see Cisco NAC Appliance Service Contract/Licensing Support.

For instructions on how to install licenses for your system (after initial configuration is complete), see Install CAM License and Add Additional Licenses.

Upgrading Cisco NAC Appliance Software


Note This Installation Guide does not cover the Cisco NAC Network Module (NME-NAC-K9). For information on Cisco NAC Network Module installation and configuration, see Getting Started with Cisco NAC Network Modules in Cisco Access Routers.


Cisco NAC Appliance CAMs/CASs are preloaded with a default version of the Cisco NAC Appliance software, which may not match the latest release image. Cisco recommends you always run the latest supported version of the system software to ensure you have the latest product enhancements and fixes.

You can install Cisco NAC Appliance Release 4.9 and later only on the following Cisco NAC Appliance platforms:

NAC-3315, NAC-3355, and NAC-3395

NAC-3310, NAC-3350, and NAC-3390

Cisco NAC Network Module (NME-NAC-K9)

Upgrading to Release 4.9(x)

In Cisco NAC Appliance release 4.9 and later, you use a .tar.gz upgrade process similar to that used for upgrading CAM/CAS appliances in Cisco NAC Appliance Release 4.8(x) and 4.7(2). (Cisco NAC Appliance release 4.7(0) and 4.7(1) requires users to perform "in-place" upgrades via an .ISO image on a CD-ROM.)

To upgrade to Release 4.9(x), follow the appropriate upgrade instructions in the "Upgrading" section of the corresponding Release Notes for Cisco NAC Appliance.


Note You cannot use the Release 4.9(x) .ISO CD-ROM to perform an upgrade. You must use the .tar.gz upgrade file method.



Note You must upgrade the CAM first prior to upgrading the CAS. Otherwise, you will end up in a situation in which CAS has been upgraded but not the CAM.


Downloading Cisco NAC Appliance Software

You can access the latest versions of the Cisco NAC Appliance Release 4.9(x) installation .ISO file as follows.


Caution Before downloading or installing any Cisco NAC Appliance software, make sure to refer to the corresponding Release Notes for Cisco NAC Appliance to understand the enhancements, caveats, and upgrade impact to your existing deployment.


Step 1 Log in to the Cisco Software Download Site at http://www.cisco.com/public/sw-center/index.shtml. You will likely be required to provide your CCO credentials.

Step 2 Navigate to Security > Endpoint Security > Cisco Network Access Control > Cisco NAC Appliance > Cisco NAC Appliance 4.9.

Step 3 Download the latest 4.9 .ISO image (e.g. nac-4.9_1-K9.iso) and burn the image as a bootable disk to a CD-R.


Note Cisco recommends burning the .ISO image to a CD-R using speeds 10x or lower. Higher speeds can result in corrupted/unbootable installation CDs.



Upgrading Firmware

Cisco NAC Appliance CAMs/CASs are subject to any system BIOS/Firmware upgrades required for the server model on which they are based.

The NAC-3315 is based on the IBM System x3250 M2 server platform and the NAC-3355/3395 are based on the IBM System x3550 M2 server platform.

The NAC-3310 is based on the HP ProLiant DL140 G3 server platform and the NAC-3350/3390 are based on the HP ProLiant DL360 G5 server platform.


Note For Cisco NAC-3310 platforms, be sure to also refer to the "DL140 G3 Required BIOS/Firmware Upgrades" section of the Supported Hardware and System Requirements for Cisco NAC Appliance (Cisco Clean Access) for further details.