Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3065
Views
21
Helpful
8
Replies

NAC Switch Configuration

Go to solution
mamaral
Level 1
Level 1

‎11-19-2010 04:09 AM - edited ‎02-21-2020 04:09 AM

Hi!!

     I have bought an NAC Server and a Nac Manager, to manage centraly the vlan where the users connect to based on the authentication.

     I have several sites, but the NAC server will be in the headquarters.

     When a remote user authenticates, the nac should configure the user switch port for the right vlan.

     Is this an out-of-band solution?

     Do i need an specific license for out-of-band?

Best Regard's,

Miguel Amaral

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tiago Antunes
Cisco Employee
Cisco Employee
In response to mamaral

‎12-09-2010 03:20 AM

Hi,

It is the same schema: Yo uneed 2 licenses, one for CAM and one for CAS.

The one for CAM defines how many CASes you can add.

The one for CAS defines how many users are supported.

So either the CAS PAK was lost, or was never bought.

In either case you will need to get in touch with the entitiy that sold the devices and request for the CAS PAK.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

View solution in original post

8 Replies 8

Go to solution
Eduardo Aliaga
Level 4
Level 4

‎11-19-2010 09:41 AM

Hello. You don't need an specific license for out-of-band. You just configure you NAC Manager to tell each NAC server to work as out-of-band or as in-band.

About your scenario, it seems logical to use out-of-band, but take into account that when the user is authenticating and remediating the traffic will always go through NAC Server (no matter if you have chosen out-of-band or in-band). The term "out-of-band" applies only after the user was authenticated and the pc was remediated. Then (and only then) the traffic of that user won't go through NAC server. Hope that helps

Go to solution
mamaral
Level 1
Level 1
In response to Eduardo Aliaga

‎12-07-2010 05:40 AM

Hi !

Tkx for the reply.

I still have an problem. When i try to add an NAC server, i do not have the option of out-of-band.

Do you have any hint (i'm using version 4.8).

regards,

Miguel

0 Helpful

Go to solution
Tiago Antunes
Cisco Employee
Cisco Employee
In response to mamaral

‎12-07-2010 05:53 AM

Hi,

You need to have an Out of Band license in order to be able to use Out of band features and add the Clean Access Servers as Out-of-band servers.

Without OOB license you will also not have the device administration menu on the left side of the GUI.

This is needed to configure the switches for OOB.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Go to solution
Eduardo Aliaga
Level 4
Level 4
In response to Tiago Antunes

‎12-07-2010 06:34 AM

Hello Tiago

In very old version there were specific out-of-band and in-band licenses. But in new versions you don't need an specific Out-of-band license

http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/license.html

I just installed version 4.8. As I mentioned before, my licenses let me choose inband or out-of-band behavior (but not both simultaneously for a single NAC server).

You just go to "Device Management> Clean Access Servers"  click en New Server . There you type the IP address and you choose Server Type from  a drop-down list. You have to choose "Out-of-band virtual gateway". To finish you click "Add Clean Access Server".

0 Helpful

Go to solution
mamaral
Level 1
Level 1
In response to Eduardo Aliaga

‎12-07-2010 06:42 AM

Hi Eduardo,

          My problem is that when i do that, the option of Out-Of-Band does not show up in the list-box ,

and when i go to the license page, it does not show up the OOB license.

          Did you had to do anything to activate the OOB?

          My NAC came with the version 4.1, and i have upgraded to the verions 4.8, but neither one had the OOB option.

regards,

Miguel

0 Helpful

Go to solution
Tiago Antunes
Cisco Employee
Cisco Employee
In response to mamaral

‎12-07-2010 09:42 AM

Hi,

You need at least 2 licenses:

1 - CAM license -> This license is the one you install the first time you access the CAM WEB GUI.

2 - CAS license -> This license needs to be installed so that you can add Clean Access Servers to the CAM.

Did you installed the CAS license?

If not, you need to get the Product Activation Key (PAK) you received allong with the CAs and go to the licensing web page https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet, and request a CAS license. Please note that you need to enter the Clean Access MANAGER eth0 mac address for the Clean Access Server (CAS) licence.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Go to solution
mamaral
Level 1
Level 1
In response to Tiago Antunes

‎12-09-2010 03:15 AM

Hi Tiago,

TKX in advanced for your help.

I have recieved with the CAM an license for 20 CAS, but nothing more.

The CAS server's did not bring any PAK.

This CAM and CAS were bought two years ago by my client, but just now he asked me to install it.

Do you know if two years ago the licensing was diferent?

TKX

Miguel

0 Helpful

Go to solution
Tiago Antunes
Cisco Employee
Cisco Employee
In response to mamaral

‎12-09-2010 03:20 AM

Hi,

It is the same schema: Yo uneed 2 licenses, one for CAM and one for CAS.

The one for CAM defines how many CASes you can add.

The one for CAS defines how many users are supported.

So either the CAS PAK was lost, or was never bought.

In either case you will need to get in touch with the entitiy that sold the devices and request for the CAS PAK.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card