https://community.cisco.com/t5/network-security/redundant-nac/m-p/1690511#M795656 <HTML><HEAD></HEAD><BODY><P>Hey,</P><P></P><P>I will try to answer your questions to the best of my knowledge.</P><P></P><P>1. CAM is the manager which is used to manage the CAS. So the CAS communicates with all clients trying to login and manages inband routing, vlan-mapping etc. CAM is used to set a ton of things like user roles, what checks are required for posture assessment, setting up authentication servers, configuring NAC agent properties, etc , etc..</P><P></P><P>2. There is an Administration &gt; CCA Manager &gt; Failover TAB which allows you to choose whether the device is primary or secondary.</P><P>Similarly, there is a failover TAB in CAS which allows you to do the same.</P><P></P><P>3. You can check the logs of the CAS to figure out if it is processing data or not.</P><P></P><P>You can see real time logs via the CLI, using the following commands:</P><P><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} </style> <![endif]--></P><P class="MsoNormal"><SPAN style="font-size: 10pt; font-family: &quot;Arial&quot;,&quot;sans-serif&quot;;">CAM : tail -f /perfigo/control/tomcat/logs/nac_manager.log</SPAN></P><P></P><P class="MsoNormal"><SPAN style="font-size: 10pt; font-family: &quot;Arial&quot;,&quot;sans-serif&quot;;">CAS : tail -f /perfigo/access/tomcat/logs/nac_server.log</SPAN></P><P class="MsoNormal"></P><P class="MsoNormal">Hope this helps.</P><P class="MsoNormal"></P><P class="MsoNormal">-Shrikant</P><P class="MsoNormal"></P><P class="MsoNormal">P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.</P></BODY></HTML> Fri, 08 Apr 2011 16:09:52 GMT Shrikant Sundaresh 2011-04-08T16:09:52Z https://community.cisco.com/t5/network-security/redundant-nac/m-p/1690510#M795624 <P>Hi Experts,</P><P></P><P>I am a newbie to NAC. From documents, i found the steps to setup high availability for NAC components CAM &amp; CAS. But i have following queries:</P><P></P><P>1. what is the use of the two distinct components CAM/CAS in NAC suite and how are they linked by functionality/dependency to each other.</P><P>2. if we need to forcefully choose active or standby units , how can that be achieved. that is, will both cam/cas need to be seperately disengaged from high availability?</P><P>3. after the forceful move of making other unit active, how do we verify if the one active is actually processing all network data.</P><P></P><P>Appreciate all help with answers or useful links to understand the above.</P><P></P><P>Thank you all.</P> Fri, 21 Feb 2020 12:18:47 GMT https://community.cisco.com/t5/network-security/redundant-nac/m-p/1690510#M795624 suthomas1 2020-02-21T12:18:47Z https://community.cisco.com/t5/network-security/redundant-nac/m-p/1690511#M795656 <HTML><HEAD></HEAD><BODY><P>Hey,</P><P></P><P>I will try to answer your questions to the best of my knowledge.</P><P></P><P>1. CAM is the manager which is used to manage the CAS. So the CAS communicates with all clients trying to login and manages inband routing, vlan-mapping etc. CAM is used to set a ton of things like user roles, what checks are required for posture assessment, setting up authentication servers, configuring NAC agent properties, etc , etc..</P><P></P><P>2. There is an Administration &gt; CCA Manager &gt; Failover TAB which allows you to choose whether the device is primary or secondary.</P><P>Similarly, there is a failover TAB in CAS which allows you to do the same.</P><P></P><P>3. You can check the logs of the CAS to figure out if it is processing data or not.</P><P></P><P>You can see real time logs via the CLI, using the following commands:</P><P><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} </style> <![endif]--></P><P class="MsoNormal"><SPAN style="font-size: 10pt; font-family: &quot;Arial&quot;,&quot;sans-serif&quot;;">CAM : tail -f /perfigo/control/tomcat/logs/nac_manager.log</SPAN></P><P></P><P class="MsoNormal"><SPAN style="font-size: 10pt; font-family: &quot;Arial&quot;,&quot;sans-serif&quot;;">CAS : tail -f /perfigo/access/tomcat/logs/nac_server.log</SPAN></P><P class="MsoNormal"></P><P class="MsoNormal">Hope this helps.</P><P class="MsoNormal"></P><P class="MsoNormal">-Shrikant</P><P class="MsoNormal"></P><P class="MsoNormal">P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.</P></BODY></HTML> Fri, 08 Apr 2011 16:09:52 GMT https://community.cisco.com/t5/network-security/redundant-nac/m-p/1690511#M795656 Shrikant Sundaresh 2011-04-08T16:09:52Z