Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release 4.5(1)
About This Guide
Download this chapter
About This GuideAbout This Guide
Download the complete book
Book-length PDFBook-length PDF (PDF - 10 MB)
 Feedback

Table Of Contents

About This Guide

Audience

Purpose

Document Organization

Document Conventions

New Features in this Release

Product Documentation

Documentation Updates

Obtaining Documentation and Submitting a Service Request


About This Guide

Revised July 13, 2009, OL-16411-01

This preface includes the following sections:

Audience

Purpose

Document Organization

Document Conventions

New Features in this Release

Product Documentation

Documentation Updates

Obtaining Documentation and Submitting a Service Request

Audience

This guide is for network administrators who are implementing the Cisco NAC Appliance solution to manage and secure their networks. Cisco NAC Appliance comprises the Clean Access Manager (CAM) administration appliance, Clean Access Server (CAS) enforcement appliance, and Clean Access Agent/Cisco NAC Web Agent end-user client software. Use this document along with the Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide, Release 4.5(1) to install and administer your Cisco NAC Appliance deployment.

Purpose

The Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release 4.5(1) describes how to install and configure the Clean Access Server to implement the Cisco NAC Appliance (Cisco Clean Access) solution on your network. The Clean Access Server is the enforcement server between the untrusted and trusted sides of a Cisco NAC Appliance network. This guide provides additional information specific to the Clean Access Server, such as how to configure DHCP, perform CAS-specific (local) configuration tasks, and implement High Availability.

See Product Documentation for further details on the document set for Cisco NAC Appliance.

Document Organization

Table 1 Document Organization

Chapter
Description

Chapter 2, "Introduction"

Provides a high-level overview of the Cisco NAC Appliance solution

Chapter 1, "Planning Your Deployment"

Discusses planning considerations for deploying the software

Chapter 3, "Configuring Layer 3 Out-of-Band (L3 OOB)"

Provides a general overview of the configuration needed for Layer 3 Out-of-Band deployment

Chapter 4, "Installing the Clean Access Server"

Describes how to install and initially configure the Clean Access Server

Chapter 5, "Configuring the CAS Managed Network"

Describes how to set up the Clean Access Server's managed domain

Chapter 6, "Configuring DHCP"

Describes how to configure each of the DHCP modes of the Clean Access Server

Chapter 7, "Integrating with Cisco VPN Concentrators"

Describes the configuration required to integrate the Clean Access Server with Cisco VPN Concentrators

Chapter 8, "Local Traffic Control Policies"

Describes how to set up traffic filtering rules in the Clean Access Server

Chapter 9, "Configuring Active Directory Single Sign-On (AD SSO)"

Describes how to configure Active Directory (AD) Single Sign-On (SSO) for the Cisco NAC Appliance

Chapter 10, "Local Authentication Settings"

Describes Authentication tab settings in the Clean Access Server management pages

Chapter 11, "Local Certified and Floating Devices"

Describes local settings that can be configured at the Clean Access Server level for Clean Access implementation

Chapter 12, "Administering CAS Certificates, Time, and Support Logs"

Describes Clean Access Server (CAS) administration

Chapter 13, "Configuring High Availability (HA)"

Describes how to set up two Clean Access Servers in high availability (HA) mode

Appendix A, "Open Source License Acknowledgements"

Contains Open Source License information for Cisco products


Document Conventions

Table 2 Document Conventions

Item
Convention

Indicates command line output.

Screen font

Indicates information you enter.

Boldface screen font

Indicates variables for which you supply values.

Italic screen font

Indicates web admin console modules, menus, tabs, links and submenu links.

Boldface font

Indicates a menu item to be selected.

Administration > User Pages


New Features in this Release

For a brief summary of the new features and enhancements available in this release refer to Documentation Updates and the "New and Changed Information" section of the Release Notes for Cisco NAC Appliance, Version 4.5(1).

Product Documentation

This section lists documents are available for Cisco NAC Appliance on Cisco.com at the following URL:

http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html

Tip To access external URLs referenced in this document, right-click the link in Adobe Acrobat and select "Open in Weblink in Browser."

Table 3 Cisco NAC Appliance Document Set

Document Title
Refer to This Document For Information On:

Cisco NAC Appliance Service Contract/Licensing Support

Obtaining and installing product licenses

Information on service contracts, ordering and RMA

Supported Hardware and System Requirements for Cisco NAC Appliance (Cisco Clean Access)

Which server hardware supports which versions of CAM/CAS software (if using your own server hardware)

CAM/CAS/Agent system requirements

NIC card troubleshooting

Switch Support for Cisco NAC Appliance

Which switches and NMEs support OOB deployment

Known issues/troubleshooting for switches and WLCs

Getting Started with Cisco NAC Network Modules in Cisco Access Routers

Installing or upgrading the Clean Access Server (CAS) software on the Cisco NAC network module (NME-NAC-K9)

Connecting Cisco Network Admission Control Network Modules

Connecting Cisco NAC network module (NME-NAC-K9) in an Integrated Services Router

Release Notes for Cisco NAC Appliance, Version 4.5(1)

Details on the latest 4.5 release, including:

New features and enhancements

Fixed caveats

Upgrade instructions

Supported AV/AS product charts

CAM/CAS/Agent compatibility and version information

Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide, Release 4.5(1)

Complete CAM details, including:

How to install the CAM software

Overviews of major concepts and features of Cisco NAC Appliance

How to use the CAM web console to perform global configuration of Cisco NAC Appliance (applying to all CASs in the deployment)

How to configure CAM pairs for High Availability

Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release 4.5(1)

CAS-specific details, including:

How to install the CAS software

Where to deploy the CAS on the network (general information)

How to perform local (CAS-specific) configuration using the CAS management pages of the CAM web console, or the CAS direct access console.

How to configure CAS pairs for High Availability


Documentation Updates

Table 4 Updates to Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release 4.5(1)

Date
Description

2/25/09

Release 4.5(1)—Updates include:

CAS Fallback Policy, page 5-45 (Feature Enhancement)

Link-Detect Interfaces, page 13-29 (New)

Installation Requirements, page 2-5 (Updated)

Added Configuring Boot Settings on NAC-3310 Based Appliances, page 4-8 and referring notes. Moved Virtual Gateway Mode Connection Requirements, page 4-3 section up.

Updated links for CAS CLI Commands for Cisco NAC Appliance, page 4-21.

Minor updates throughout for 4.5(1) version change.

Documentation caveats resolved:

CSCsx68494 (CAS Fallback Policy, page 5-45; note added Local Device and Subnet Filtering, page 5-39)

CSCsx81758 (Active/Standby Status, page 13-30)

CSCsx81733 (c. Configure HA-Secondary Mode and Update, page 13-17)

CSCsw94295 (Support Logs and LogLevel Settings, page 12-39)

For additional Release 4.5(1) enhancements, refer to the Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide, Release 4.5(1).)

1/9/09

Added Windows Active Directory SSO Support, page 9-1 referencing new section in support document, Support Information for Cisco NAC Appliance Agents, Release 4.5, to replace support table for Windows Single Sign-On (SSO) on Windows Vista/XP/2000 client machines and AD on Windows 2000/2003 servers.

11/5/08

Updated installation instructions in Configuration Utility Script, page 4-11.

11/3/08

Updated various sections to address caveats CSCsu64133, CSCsq45943, CSCsr71673, CSCsq61154, CSCsu68720, and CSCsq44710

10/21/08

Release 4.5(0)

Major updates to this document for this release include:

Manage CAS SSL Certificates, page 12-7 (including Authorization)

Support Logs and LogLevel Settings, page 12-39

The Release 4.5 CD installation script includes new options for installation (see Perform the Initial Configuration, page 4-11)

Cisco NAC Appliance enforces configurable "Pre-login Banners" for administrator users (see Figure 12-2 on page 12-3)

Web upgrade from both the CAM and CAS web console is removed as of release 4.5

For details on Admin login to the CAS using external authentication servers, refer to the Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide, Release 4.5.


Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.