Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
1
Replies

redundant nac

Go to solution
suthomas1
Level 6
Level 6

‎04-08-2011 09:01 AM - edited ‎02-21-2020 04:18 AM

Hi Experts,

I am a newbie to NAC. From documents, i found the steps to setup high availability for NAC components CAM & CAS. But i have following queries:

1. what is the use of the two distinct components CAM/CAS in NAC suite and how are they linked by functionality/dependency to each other.

2. if we need to forcefully choose active or standby units , how can that be achieved. that is, will both cam/cas need to be seperately disengaged from high availability?

3. after the forceful move of making other unit active, how do we verify if the one active is actually processing all network data.

Appreciate all help with answers or useful links to understand the above.

Thank you all.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-08-2011 09:09 AM

Hey,

I will try to answer your questions to the best of my knowledge.

1. CAM is the manager which is used to manage the CAS. So the CAS communicates with all clients trying to login and manages inband routing, vlan-mapping etc. CAM is used to set a ton of things like user roles, what checks are required for posture assessment, setting up authentication servers, configuring NAC agent properties, etc , etc..

2. There is an Administration > CCA Manager > Failover TAB which allows you to choose whether the device is primary or secondary.

Similarly, there is a failover TAB in CAS which allows you to do the same.

3. You can check the logs of the CAS to figure out if it is processing data or not.

You can see real time logs via the CLI, using the following commands:

CAM : tail -f /perfigo/control/tomcat/logs/nac_manager.log

CAS : tail -f /perfigo/access/tomcat/logs/nac_server.log

Hope this helps.

-Shrikant

P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-08-2011 09:09 AM

Hey,

I will try to answer your questions to the best of my knowledge.

1. CAM is the manager which is used to manage the CAS. So the CAS communicates with all clients trying to login and manages inband routing, vlan-mapping etc. CAM is used to set a ton of things like user roles, what checks are required for posture assessment, setting up authentication servers, configuring NAC agent properties, etc , etc..

2. There is an Administration > CCA Manager > Failover TAB which allows you to choose whether the device is primary or secondary.

Similarly, there is a failover TAB in CAS which allows you to do the same.

3. You can check the logs of the CAS to figure out if it is processing data or not.

You can see real time logs via the CLI, using the following commands:

CAM : tail -f /perfigo/control/tomcat/logs/nac_manager.log

CAS : tail -f /perfigo/access/tomcat/logs/nac_server.log

Hope this helps.

-Shrikant

P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card