Skip to main content

Posts

Showing posts from June, 2008

NAC Manager (CAM) Backups

Background: The Cisco NAC Manager is the brain of the Cisco NAC solution. All configuration is stored in a database which makes the solution scalable. With that said, a crucial step in any deployment is developing a backup plan to ensure that if the NAC Manager or Failover Pair fails(Hardware failure, database corruption, administrator configuration mistake, fire, flood, sinkhole, etc.) the database can be restored and everything will be back up and working! What gets backed up: Everything that is stored in the database gets backed up. The following is a list of items that get backed up: o Clean Access Server Configuration information (DHCP, Managed Subnets, VLAN Mapping, Static Routes, filters, etc.) o Filters (Device Filters, Subnet Filters) o Posture Assessment (Checks, Rules, Requirements,etc) o Switch Management o User Management (User Roles, Auth Servers, User Pages, Admin Users) o Reports o Licenses What doesn't get backed up: The less talked ...
Post a Comment
Read more

Cisco NAC Guest Server 1.1.1

On June 9th, Cisco posted an update to NAC Guest Server. Version 1.1.1 comes with a few new features: Guest Role Support Guest Role Support provides the ability for Sponsors to create guest accounts with different privileges. This includes provisioning into different roles on the Clean Access Manager, returning different RADIUS attributes to RADIUS clients or only allowing access from specified networks. Additional NTP Server The 1.1.1 release introduces the ability to configure two NTP servers instead of a single NTP server in 1.1.0. FTP Backup Directory The 1.1.1 release allows a directory to be specified as part of the scheduled FTP backup, prior versions placed the backup in the default directory of the FTP user account. As with all NAC related upgrades make sure to read the RELEASE NOTES before upgrading ! The NAC Guest Server Installation & Configuration Guide 1.1.1 can be used for reference of the new features. Finally to download the new version go to the NAC Guest Serve...
1 comment
Read more

New Configuration Examples

Cisco posted two new Configuration Guides: NAC: LDAP over SSL on the Clean Access Manager (CAM) This example will walk you through using SSL with your LDAP Auth Server. NAC: LDAP Integration with ACS Configuration Example This example will explain how to use Cisco NAC Profiler for MAC Auth Bypass(MAB) for 802.1X deployments. To see all the previous Configuration Examples and TechNotes
Post a Comment
Read more

Cisco NAC with IP Phones

Background: One question that many people ask is how to deal with IP Phones during your NAC Deployment. Well the easy answer is "it depends", but what does it really depend on... Identify all of the phones: To find all of the phones on your network you may manually go through your Call-Manager or other Voice Server and export a list or utilize Cisco NAC Profiler to find all the phones. Please note that you must keep an updated list of all IP Phones in the CAM Device Filter Table in order for NAC to exclude the phones. Determine your NAC deployment type: When deploying an In-Band (IB) NAC Deployment, handling phones is very simplistic. One deployment option is when all of the phones are on a Voice VLAN they should bypass NAC. Meaning if the voice VLAN is NOT be bridged or routed through the CAS, the phones will never go through NAC. Another possibility, is the phones are on the same VLAN as users.(Please note it is a best practice to separate your voice devices from data devic...
Post a Comment
Read more