HP 3350 - Cisco NAC Appliance Spezifikationen Seite 84
- Seite / 681
- Inhaltsverzeichnis
- FEHLERBEHEBUNG
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
2-34
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 2 Device Management: Adding Clean Access Servers, Adding Filters
Integrating Cisco ISE Profiler
Step 2 In the New Rule form, enter the following:
• Rule Name – Enter a name for the new Rule.
• Rule Description – Enter a description.
• Matching Profile – Enter Endpoint Profile names in the text box as follows:
–
Specify an exact Profile name. You can click Display Profiles and select a Profile from the
popup list. The existing endpoint Profile names in Cisco ISE Profiler are displayed in this list
as shown in Figure 2-17.
–
Use a wildcard "*" to specify multiple Profile names.
–
Separate multiple Profile names with a return.
Figure 2-17 Display Profiles
Step 3
Choose the policy for the Profile from the Access Type choices:
• ALLOW
IB - bypass login, bypass posture assessment, allow access
OOB (Switch) - bypass login, bypass posture assessment, assign Default Access VLAN
OOB (WLC) - bypass login, bypass posture assessment, assign WLC Access VLAN
• DENY
IB - bypass login, bypass posture assessment, deny access
OOB (Switch) - bypass login, bypass posture assessment, assign Auth VLAN
OOB (WLC) - bypass login, bypass posture assessment, assign WLC Quarantine VLAN
• ROLE
IB - bypass login, bypass L2 posture assessment/apply L3 posture assessment, assign role
OOB (Switch) - bypass login, bypass L2/L3 posture assessment, assign User Role VLAN
OOB (WLC) - bypass login, bypass L2/L3 posture assessment, assign WLC Access VLAN. See
Chapter 6, “User Management: Configuring User Roles and Local Users” for details.
- Manager Configuration Guide 1
- CONTENTS 3
- Contents 10
- OL-28003-01 10
- About This Guide 19
- Document Organization 20
- Document Conventions 21
- New Features in this Release 21
- Product Documentation 22
- Documentation Updates 23
- Introduction 25
- Chapter 1 Introduction 26
- Clean Access Manager (CAM) 29
- Clean Access Server (CAS) 29
- Client Login Overview 30
- Cisco NAC Appliance Agents 38
- Cisco NAC Web Agent 40
- Network Scanner 41
- Managing Users 44
- Publishing Information 47
- Admin Console Summary 48
- Servers, Adding Filters 51
- Global and Local Settings 59
- Adding Multiple Entries 62
- Figure 2-6 Endpoint Summary 69
- Configure Device Filters 70
- Figure 2-7 New Device Filter 71
- Test Device Filter Policies 75
- Configure Subnet Filters 77
- Limitations 79
- Map Endpoint Policies 83
- View Rules 85
- Edit Rules 85
- Delete Rules 86
- Order Rules 86
- Cisco ISE is not reachable 89
- Deployment 91
- In-Band Versus Out-of-Band 92
- Out-of-Band Requirements 92
- Flow for OOB VGW Mode 98
- Deployment Modes 100
- L3 Out-of-Band Deployment 103
- Configure Your Switches 104
- • Switch configuration level: 108
- CAT 2950 109
- Internet 109
- CAT 3550 109
- Switch Configuration 111
- CAM/CAS Configuration 111
- List of MIBs and OIDs 112
- Configure Group Profiles 118
- Add Group Profile 119
- Edit Group Profile 119
- Configure Switch Profiles 120
- Add Switch Profile 121
- Configure Port Profiles 123
- Add Port Profile 124
- Configure VLAN Profiles 130
- Add VLAN Profile 132
- Edit VLAN Profile 133
- Configure SNMP Receiver 134
- Advanced Settings 135
- To Change Default SNMP 136
- Add and Manage Switches 138
- Add New Switch 139
- Search New Switches 140
- Verify Devices 141
- Discovered Clients 142
- Manage Switch Ports 144
- Figure 3-34 Ports Tab 145
- • Profile (2) 150
- Config Tab 153
- Advanced 154
- Linkdown Traps 154
- Port Security 155
- Enabling Port Security 155
- Re-Enabling MAC Notification 156
- Figure 3-41 Config Group 157
- • L2 OOB Real IP Gateway 157
- Out-of-Band Users 158
- OOB Troubleshooting 161
- Troubleshooting SNMP 162
- Unknown User Name 163
- Wrong Digest 163
- Authorization Error 163
- Unsupported Security Level 163
- No Access 163
- OOB Client MAC/IP Not Found 164
- Additional Information 164
- Overview 165
- DHCP Bridging Mode 167
- SNMP Control 168
- SNMP Trap 183
- Discovered Wireless Clients 188
- Figure 4-22 Config > Group 190
- Wireless Out-of-Band Users 191
- User Login Page 193
- Proxy Settings 194
- Add Default Login Page 195
- Agent Login 198
- Web Login 198
- Customize Login Page Content 200
- Upload a Resource File 205
- Customize Login Page Styles 206
- Guest User Access 209
- Local Users 215
- Create User Roles 216
- User Role Types 217
- Normal Login Role 218
- Session Timeouts 220
- Default Login Page 221
- Traffic Policies for Roles 221
- Adding a New User Role 221
- Role Properties 223
- Editing an Existing Role 228
- Create Local User Accounts 229
- Local Authentication 233
- Providers 233
- Mapping Rules 233
- FIPS 140-2 Compliance 233
- Kerberos 235
- Set Up the IPSec Tunnel 239
- (Figure 7-8) 243
- Click Add 243
- Windows NT 245
- Multiple Domain SSL 251
- Windows NetBIOS SSO 252
- Cisco VPN SSO 254
- Add Cisco VPN SSO Auth Server 255
- Allow All 256
- AD/LDAP Configuration Example 259
- Configure Mapping Rule 262
- Add Mapping Rule to Role (B) 265
- Editing Mapping Rules 267
- Auth Test 269
- Authentication Successful 270
- Authentication Failed 270
- RADIUS Accounting 271
- Data Fields 273
- Logout Event Data Fields 274
- Figure 7-39 Login Events 276
- Figure 7-40 Logout Events 276
- Figure 7-41 Shared Events 276
- Schedule 277
- Traffic Policy Priority 278
- Global vs. Local Scope 279
- Add IP-Based Policy 280
- Edit IP-Based Policy 283
- Enable Default Allowed Hosts 285
- Add Allowed Host 286
- Control Bandwidth Usage 289
- Session Timer 291
- Heartbeat Timer 291
- In-Band (L2) Sessions 292
- Example Traffic Policies 300
- Microsoft Xbox 301
- Other Game Ports 301
- Unauthenticated Role 303
- Agent Temporary Role 303
- Quarantine Role 303
- Step 7 Click Update 311
- Configure Out-of-Band Logoff 312
- Network Requirements 313
- Feature Limitations 314
- Enable Out-of-Band Logoff 315
- Troubleshooting OOB Logoff 315
- View Current Updates 318
- Agent Distribution 324
- Installation Page 326
- • nac_logo.gif 339
- • nac_login.xml 339
- • nacStrings_xx.xml 339
- Agent Login Screen 340
- Cisco NAC Agent MSI Installer 343
- Role Mapping 346
- AV Rules and AS Rules 349
- Verify AV/AS Support Info 350
- Create an AV Rule 353
- Create an AS Rule 359
- Prerequisites 364
- Custom Requirements 377
- Custom Rules 378
- Custom Checks 379
- Copying Checks and Rules 379
- Configuration Summary 380
- Create Custom Check 380
- Registry Checks 381
- File Checks 382
- Service Check 383
- Create a Custom Rule 384
- Validate Rules 386
- Create a Custom Requirement 387
- Map Requirements to Rules 397
- Validate Requirements 400
- Figure 9-48 Requirement List 401
- Downgrading the Agent 408
- Configure Agent Auto-Upgrade 409
- Uninstalling the Agent 410
- Uninstall Cisco NAC Agent 411
- Uninstall Mac OS X Agent 411
- Versioning 413
- Cisco Updates 413
- Cisco NAC Agent Download 415
- Cisco NAC Agent 416
- Figure 10-2 Login Page 417
- System Requirements 439
- Mac OS X Cisco NAC Agent 457
- Mac OS X Agent Prerequisites 458
- Mac OS X Agent Restrictions 462
- CAM/CAS Restrictions 462
- CCAAgent.app (Figure 10-76) 476
- Viewing Agent Reports 480
- Exporting Agent Reports 484
- Manage Certified Devices 489
- Add Exempt Device 491
- Add Floating Devices 495
- Report Settings 497
- CCA Servers 499
- Managed Switches 499
- Authentication Servers 500
- Custom Reports 501
- Figure 11-20 Generate Reports 502
- Generating a Report 503
- Scheduling Report Generation 504
- View Saved Templates 505
- View Executive Summary 505
- Configuration 506
- User Activity Log Files 506
- Online Users list 507
- Interpreting Active Users 508
- View Online Users 509
- In-Band Users 510
- Log Users Off the Network 513
- Display Settings 514
- Agent Troubleshooting 515
- Cisco NAC Web Agent Logs 516
- Client Cannot Connect/Login 517
- AV/AS Rule Troubleshooting 519
- Background 520
- Workaround 520
- Option 2 521
- Configuring Network Scanning 522
- User Page Summary 525
- Configure the Quarantine Role 527
- Uploading Plugins 528
- Deleting Plugins 529
- Configure General Setup 530
- Apply Plugins 531
- Configure Plugin Options 533
- Test Scanning 537
- View Scan Reports 538
- Monitoring Event Logs 546
- Interpreting Event Logs 549
- Table 13-2 Log Viewer Page 550
- Event Log Example 552
- Configuring Syslog Logging 554
- Cisco NAC Appliance Log Files 556
- Enable SNMP Polling/Alerts 558
- Add New Trapsink 560
- SNMP on Individual CAS 562
- Add New Trapsink to CAS 563
- Administering the CAM 564
- Failover 567
- Set System Time 568
- Manage CAM SSL Certificates 570
- Viewing Trusted CAs 580
- Removing Trusted CAs 581
- System Upgrade 587
- Licensing 588
- Remove Product Licenses 590
- Remove Legacy License Keys 590
- Policy Import/Export 591
- Example Scenarios 592
- Before You Start 593
- Configure the Master 595
- Configure the Receiver 598
- Perform Policy Sync 599
- Perform Manual Sync 600
- Perform Auto Sync 601
- View History Logs 602
- Support Logs 605
- Agent Logs 609
- Admin Users 610
- Figure 14-33 Admin Groups 611
- Figure 14-34 New Admin Group 612
- Login/Logout an Admin User 614
- Add an Admin User 614
- Edit an Admin User 615
- Active Admin User Sessions 616
- Manage System Passwords 619
- Backing Up the CAM Database 621
- Database Recovery Tool 627
- API Support 628
- Error and Event Log Messages 630
- CAM Event Log Messages 631
- Authentication Requirements 637
- Device Filter Operations 638
- Appendix B API Support 639
- User Operations 644
- Guest Access Operations 647
- Report Operations 649
- MIB Support 658
- Table C-1 CLEAN ACCESS - MIB 659
- Table C-2 SNMPv2-MIB 660
- Table C-3 RFC1213-MIB 660
- Table C-4 IP-MIB 661
- Table C-4 IP-MIB (continued) 662
- Ta b l e C - 5 U D P - M I B 664
- Table C-6 HOST-RESOURCES-MIB 664
- Appendix C MIB Support 665
- Ta b l e C - 7 M TA- M I B 666
- Table C-8 IF-MIB 666
- Table C-9 DISMAN-EVENT-MIB 667
- Table C-8 IF-MIB (continued) 667
- Table C-12 UCD-DLMOD-MIB 670
- Table C-13 NET-SNMP-AGENT-MIB 671
- Table C-16 SNMP-MPD-MIB 671
- Table C-17 SNMP-TARGET-MIB 672
- OpenSSL/Open SSL Project 674
- Original SSLeay License: 675
Verwandte Produkte und Handbücher für PC / Workstation Barebones HP 3350 - Cisco NAC Appliance
(136 Seiten)
(8 Seiten)
(175 Seiten)
(158 Seiten)© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.999 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern