Hardware Installation Guide
Page 6
.../Change Current Master Secret on CAM/CAS 3-48 Recover From Corrupted Master Secret 3-48 Network Interface Card (NIC) Driver Not Supported 3-49 Resetting and Restoring an Unreachable Clean Access Server 3-49 Enabling TLSv1 on Internet Explorer Version 6 3-49 Powering Down the NAC Appliance 3-50 4 C H A P T E R Configuring High Availability (HA) 4-1 Adding High Availability Cisco NAC Appliance To Your Network 4-1 Installing a Clean Access Manager High Availability Pair 4-3 CAM High Availability Overview 4-4 Before Starting 4-7 Connect the Clean Access Manager Machines 4-8 Serial Connection...
.../Change Current Master Secret on CAM/CAS 3-48 Recover From Corrupted Master Secret 3-48 Network Interface Card (NIC) Driver Not Supported 3-49 Resetting and Restoring an Unreachable Clean Access Server 3-49 Enabling TLSv1 on Internet Explorer Version 6 3-49 Powering Down the NAC Appliance 3-50 4 C H A P T E R Configuring High Availability (HA) 4-1 Adding High Availability Cisco NAC Appliance To Your Network 4-1 Installing a Clean Access Manager High Availability Pair 4-3 CAM High Availability Overview 4-4 Before Starting 4-7 Connect the Clean Access Manager Machines 4-8 Serial Connection...
Hardware Installation Guide
Page 9
... Updates • Obtaining Documentation and Submitting a Service Request Audience This guide is for further details on all Cisco NAC Appliance platforms. Once you have installed and initially configured the CAM and CAS, you can use the Clean Access Manager (CAM) and its web-based administration console to introduce the Clean Access Manager (CAM) and Clean Access Server (CAS) into the network. End users connect through the Clean Access Server...
... Updates • Obtaining Documentation and Submitting a Service Request Audience This guide is for further details on all Cisco NAC Appliance platforms. Once you have installed and initially configured the CAM and CAS, you can use the Clean Access Manager (CAM) and its web-based administration console to introduce the Clean Access Manager (CAM) and Clean Access Server (CAS) into the network. End users connect through the Clean Access Server...
Hardware Installation Guide
Page 11
About This Guide Product Documentation Table 3 lists the technical documentation available for switches and WLCs Connecting Cisco Network Admission Control Network Modules • Connecting Cisco NAC network module (NME-NAC-K9) in an Integrated Services Router Cisco NAC Appliance FIPS Card Field-Replaceable Unit Installation Guide • Provides instructions to upgrade your existing Cisco NAC-3310, NAC-3350, and NAC-3390 with a field-replaceable FIPS card necessary to the documents that match the software version running on Cisco.com at http://www.cisco.com/en...
About This Guide Product Documentation Table 3 lists the technical documentation available for switches and WLCs Connecting Cisco Network Admission Control Network Modules • Connecting Cisco NAC network module (NME-NAC-K9) in an Integrated Services Router Cisco NAC Appliance FIPS Card Field-Replaceable Unit Installation Guide • Provides instructions to upgrade your existing Cisco NAC-3310, NAC-3350, and NAC-3390 with a field-replaceable FIPS card necessary to the documents that match the software version running on Cisco.com at http://www.cisco.com/en...
Hardware Installation Guide
Page 13
... Software, page 2-27 • Updated Release 4.8(1) screenshots as appropriate Added a note about number of users supported by NAC-3315 and NAC-3310, when they are FIPS-Compliant, to Cisco NAC-3315 Front and Rear Panels, page 1-5 and Cisco NAC-3310 Front and Rear Panels, page 1-18 Updated the Hardware Specification for NAC-3315 in Cisco NAC Appliance Hardware Summary Added note about installing and running Release 4.8 on CCA-3140s to This Document For Information On: Cisco NAC Profiler Installation and Configuration Guide...
... Software, page 2-27 • Updated Release 4.8(1) screenshots as appropriate Added a note about number of users supported by NAC-3315 and NAC-3310, when they are FIPS-Compliant, to Cisco NAC-3315 Front and Rear Panels, page 1-5 and Cisco NAC-3310 Front and Rear Panels, page 1-18 Updated the Hardware Specification for NAC-3315 in Cisco NAC Appliance Hardware Summary Added note about installing and running Release 4.8 on CCA-3140s to This Document For Information On: Cisco NAC Profiler Installation and Configuration Guide...
Hardware Installation Guide
Page 26
... Access Servers or 40 HA-CAS pairs. The Cisco NAC-3390 features dual processors, dual power supplies, 4 GB of the Clean Access Super Manager (Super CAM) which can also view the NAC-3315 serial number location on the Cisco NAC-3395 and Cisco NAC-3390 platforms. Front Panel Features Figure 1-12 Cisco NAC-3395 Front Panel 1 2 3 45 678 195206 13 12 11 10 Cisco NAC 3395 Series NAC Manager CISCO 9 1 Hard disk drive (HDD) bay 0 8 Front USB port 1 2 Hard disk drive (HDD) bay 2 9 Front USB port 2 3 Empty (unused) hard disk drive (HDD) bay 1 10 CD-ROM/DVD drive 4 Power button...
... Access Servers or 40 HA-CAS pairs. The Cisco NAC-3390 features dual processors, dual power supplies, 4 GB of the Clean Access Super Manager (Super CAM) which can also view the NAC-3315 serial number location on the Cisco NAC-3395 and Cisco NAC-3390 platforms. Front Panel Features Figure 1-12 Cisco NAC-3395 Front Panel 1 2 3 45 678 195206 13 12 11 10 Cisco NAC 3395 Series NAC Manager CISCO 9 1 Hard disk drive (HDD) bay 0 8 Front USB port 1 2 Hard disk drive (HDD) bay 2 9 Front USB port 2 3 Empty (unused) hard disk drive (HDD) bay 1 10 CD-ROM/DVD drive 4 Power button...
Hardware Installation Guide
Page 31
... Cisco NAC Appliance Hardware Installation Guide 1-17 See Upgrading Firmware, page 2-28. 2. Defaults can be changed through the BIOS setup. 3. MANAGER Super Manager supporting up to 40 standalone or HA-pair CASs • Dual processor: Xeon 3.0 GHz dual core • Dual power supply • 4 GB RAM • 4 x 72 GB SFF SAS RAID HDD • Smart Array E200i Controller • 4 10/100/1000 LAN ports [2 Broadcom 5708 integrated NICs; 2 Intel e1000 PCI-X NICs (HP #NC360T)] • CD/DVD-ROM Drive • 4 USB Ports...
... Cisco NAC Appliance Hardware Installation Guide 1-17 See Upgrading Firmware, page 2-28. 2. Defaults can be changed through the BIOS setup. 3. MANAGER Super Manager supporting up to 40 standalone or HA-pair CASs • Dual processor: Xeon 3.0 GHz dual core • Dual power supply • 4 GB RAM • 4 x 72 GB SFF SAS RAID HDD • Smart Array E200i Controller • 4 10/100/1000 LAN ports [2 Broadcom 5708 integrated NICs; 2 Intel e1000 PCI-X NICs (HP #NC360T)] • CD/DVD-ROM Drive • 4 USB Ports...
Hardware Installation Guide
Page 70
... > Cisco Network Access Control > Cisco NAC Appliance > Cisco NAC Appliance 4.8. Upgrading Firmware Chapter 2 Preparing for Installation Downloading Cisco NAC Appliance Software You can result in to a CD-R using speeds 10x or lower. Note Cisco recommends burning the .ISO image to the Cisco Software Download Site at http://www.cisco.com/public/sw-center/index.shtml. Step 1 Step 2 Step 3 Log in corrupted/unbootable installation CDs. Download the latest 4.8(x) .ISO image (e.g. Caution Before downloading or installing any system BIOS/Firmware upgrades required for the server model...
... > Cisco Network Access Control > Cisco NAC Appliance > Cisco NAC Appliance 4.8. Upgrading Firmware Chapter 2 Preparing for Installation Downloading Cisco NAC Appliance Software You can result in to a CD-R using speeds 10x or lower. Note Cisco recommends burning the .ISO image to the Cisco Software Download Site at http://www.cisco.com/public/sw-center/index.shtml. Step 1 Step 2 Step 3 Log in corrupted/unbootable installation CDs. Download the latest 4.8(x) .ISO image (e.g. Caution Before downloading or installing any system BIOS/Firmware upgrades required for the server model...
Hardware Installation Guide
Page 74
... target machine to connect the target machine and access the CAM's command line. Clean Access Manager Configuration Guide, Release 4.8(3). The diagnostic LEDs will need to your Clean Access Servers, as described in Serial Connection to a FIPS 140-2 compliant NAC-3315, NAC-3355, or NAC-3395 by pressing the power button on the back panel. • Connecting a serial cable from CD-ROM or to the CAM and open a serial connection using a CAT5 Ethernet cable. Use a US layout keyboard or ensure that you know the key mapping...
... target machine to connect the target machine and access the CAM's command line. Clean Access Manager Configuration Guide, Release 4.8(3). The diagnostic LEDs will need to your Clean Access Servers, as described in Serial Connection to a FIPS 140-2 compliant NAC-3315, NAC-3355, or NAC-3395 by pressing the power button on the back panel. • Connecting a serial cable from CD-ROM or to the CAM and open a serial connection using a CAT5 Ethernet cable. Use a US layout keyboard or ensure that you know the key mapping...
Hardware Installation Guide
Page 75
... enter in corrupted/unbootable installation CDs. Step 1 Step 2 Connect the target installation machine to the network and access the command line of the Clean Access Manager software on the target machine as a bootable disk to the Cisco Software Download Site at http://www.cisco.com/public/sw-center/index.shtml. Log in Serial Connection to provide your monitor and keyboard are accessing the appliance over a serial console, enter serial a t the boot prompt and press the key. Higher speeds...
... enter in corrupted/unbootable installation CDs. Step 1 Step 2 Connect the target installation machine to the network and access the command line of the Clean Access Manager software on the target machine as a bootable disk to the Cisco Software Download Site at http://www.cisco.com/public/sw-center/index.shtml. Log in Serial Connection to provide your monitor and keyboard are accessing the appliance over a serial console, enter serial a t the boot prompt and press the key. Higher speeds...
Hardware Installation Guide
Page 80
Clean Access Manager Configuration Guide, Release 4.8(3). For security reasons, it is used . An upper case letter that begins the password and a digit that you want to turn on fips mode? (y/n)? [y] -- New password for web console admin: Confirm new password for the web console admin user. To enable FIPS operation, enter y at the following prompt. Otherwise, enter n to recreate security world and initialize cards (y/n)? [n] writing RSA key 3-10 Cisco NAC Appliance Hardware Installation Guide OL-20326-01...
Clean Access Manager Configuration Guide, Release 4.8(3). For security reasons, it is used . An upper case letter that begins the password and a digit that you want to turn on fips mode? (y/n)? [y] -- New password for web console admin: Confirm new password for the web console admin user. To enable FIPS operation, enter y at the following prompt. Otherwise, enter n to recreate security world and initialize cards (y/n)? [n] writing RSA key 3-10 Cisco NAC Appliance Hardware Installation Guide OL-20326-01...
Hardware Installation Guide
Page 87
... After Upgrade Troubleshooting Tech Note. Clean Access Server Configuration Guide, Release 4.8(3). Chapter 3 Installing the Clean Access Manager and Clean Access Server Installing the Clean Access Manager Step 14 To log out of the web console, either click the administrator session Logout button, at the top right-hand corner of order, CAM/CAS communication may fail after upgrade to release 4.8(x), refer to the How to Fix Certificate Errors...
... After Upgrade Troubleshooting Tech Note. Clean Access Server Configuration Guide, Release 4.8(3). Chapter 3 Installing the Clean Access Manager and Clean Access Server Installing the Clean Access Manager Step 14 To log out of the web console, either click the administrator session Logout button, at the top right-hand corner of order, CAM/CAS communication may fail after upgrade to release 4.8(x), refer to the How to Fix Certificate Errors...
Hardware Installation Guide
Page 92
... the target machine to connect the target machine and access the CAS command line interface. The diagnostic LEDs will need to your local area network (LAN) using terminal emulation software (such as HyperTerminal or SecureCRT) on the external workstation, as described in Serial Connection to a FIPS 140-2 compliant NAC-3315, NAC-3355, or NAC-3395 by plugging the Smart card reader mini-DIN cable into the female mini-DIN FIPS card port on...
... the target machine to connect the target machine and access the CAS command line interface. The diagnostic LEDs will need to your local area network (LAN) using terminal emulation software (such as HyperTerminal or SecureCRT) on the external workstation, as described in Serial Connection to a FIPS 140-2 compliant NAC-3315, NAC-3355, or NAC-3395 by plugging the Smart card reader mini-DIN cable into the female mini-DIN FIPS card port on...
Hardware Installation Guide
Page 93
... monitor and keyboard are presented with the following configurations: 1) CCA Manager. 2) CCA Server. 3) Exit. nac-4.8_3-K9.iso) and burn the image as a bootable disk to a CD-R using speeds 10x or lower. Reboot the machine. If the install CD detects an existing installation of Cisco NAC Appliance, you are directly connected to the CAS. • Type serial and press enter in to the Cisco Clean Access Installer! - Chapter 3 Installing the Clean Access Manager and Clean Access Server Installing the Clean Access Server...
... monitor and keyboard are presented with the following configurations: 1) CCA Manager. 2) CCA Server. 3) Exit. nac-4.8_3-K9.iso) and burn the image as a bootable disk to a CD-R using speeds 10x or lower. Reboot the machine. If the install CD detects an existing installation of Cisco NAC Appliance, you are directly connected to the CAS. • Type serial and press enter in to the Cisco Clean Access Installer! - Chapter 3 Installing the Clean Access Manager and Clean Access Server Installing the Clean Access Server...
Hardware Installation Guide
Page 114
... displays either "APPLIANCE" or "NME-NAC" as the platform setting. You can use the Linux reboot command. You need to manually upgrade the 3.1.0.24 Collector to modify the time zone settings. After completing service perfigo config, you want to determine whether the CAS is a standard Clean Access Server appliance or a Cisco NAC network module installed in Cisco Access Routers. service perfigo platform This command allows you are shipped with Cisco NAC Network...
... displays either "APPLIANCE" or "NME-NAC" as the platform setting. You can use the Linux reboot command. You need to manually upgrade the 3.1.0.24 Collector to modify the time zone settings. After completing service perfigo config, you want to determine whether the CAS is a standard Clean Access Server appliance or a Cisco NAC network module installed in Cisco Access Routers. service perfigo platform This command allows you are shipped with Cisco NAC Network...
Hardware Installation Guide
Page 116
... Clean Access Server or Clean Access Manager. Configured caserver12-nw -- When using service perfigo config, you will also need to enter service perfigo reboot or reboot after installation you need to reset the configuration settings, or if you need to start the configuration utility manually, you want to reboot the machine. When configuration is already running and you can issue the service perfigo config CLI command on the CAS. Starts the Collector service configuration script to reboot the machine. 3-46 Cisco NAC Appliance Hardware Installation Guide OL...
... Clean Access Server or Clean Access Manager. Configured caserver12-nw -- When using service perfigo config, you will also need to enter service perfigo reboot or reboot after installation you need to reset the configuration settings, or if you need to start the configuration utility manually, you want to reboot the machine. When configuration is already running and you can issue the service perfigo config CLI command on the CAS. Starts the Collector service configuration script to reboot the machine. 3-46 Cisco NAC Appliance Hardware Installation Guide OL...
Hardware Installation Guide
Page 117
... to work correctly, make sure the FIPS card operation switch is still not operational, you will need to your latest Cisco NAC Appliance release version. OL-20326-01 Cisco NAC Appliance Hardware Installation Guide 3-47 For further troubleshooting information, see the latest version of the Release Notes. If the FIPS card is set to "O" (for Cisco NAC Appliance, corresponding to RMA the appliance with Cisco Systems and replace it with a new Cisco NAC-3315...
... to work correctly, make sure the FIPS card operation switch is still not operational, you will need to your latest Cisco NAC Appliance release version. OL-20326-01 Cisco NAC Appliance Hardware Installation Guide 3-47 For further troubleshooting information, see the latest version of the Release Notes. If the FIPS card is set to "O" (for Cisco NAC Appliance, corresponding to RMA the appliance with Cisco Systems and replace it with a new Cisco NAC-3315...
Hardware Installation Guide
Page 122
...-CASs can be added to the core-distribution-access network. Adding High Availability Cisco NAC Appliance To Your Network Chapter 4 Configuring High Availability (HA) Note HSRP is configured over both serial and eth1 interfaces. Link-failure based failover connection can also be added to the core-distribution-access network. In this example, the CAS is configured over the eth0 and/or eth1 interfaces. Cisco NAC Appliance Hardware Installation Guide 4-2 OL-20326...
...-CASs can be added to the core-distribution-access network. Adding High Availability Cisco NAC Appliance To Your Network Chapter 4 Configuring High Availability (HA) Note HSRP is configured over both serial and eth1 interfaces. Link-failure based failover connection can also be added to the core-distribution-access network. In this example, the CAS is configured over the eth0 and/or eth1 interfaces. Cisco NAC Appliance Hardware Installation Guide 4-2 OL-20326...
Hardware Installation Guide
Page 146
... Access Server High Availability Pair Chapter 4 Configuring High Availability (HA) Note If using it is configured for HA. Configure High Availability Note Cisco NAC network modules installed in their own VLAN, not on a VLAN with other user traffic. "Active/Standby" denotes the runtime status of administrative access). This is a general best practice that supports the BIOS redirection to free the serial port for HA mode. Configure HA-Primary Mode and Update...
... Access Server High Availability Pair Chapter 4 Configuring High Availability (HA) Note If using it is configured for HA. Configure High Availability Note Cisco NAC network modules installed in their own VLAN, not on a VLAN with other user traffic. "Active/Standby" denotes the runtime status of administrative access). This is a general best practice that supports the BIOS redirection to free the serial port for HA mode. Configure HA-Primary Mode and Update...
Hardware Installation Guide
Page 154
Reboot the HA-Secondary CAS a. Note In order to copy and paste values to/from the Clean Access Server Mode dropdown menu. 4-34 Cisco NAC Appliance Hardware Installation Guide OL-20326-01 See also a. Click the Failover > General tab and select HA-Secondary Mode from configuration forms, Cisco recommends keeping both web consoles open the DNS tab. 4. Access the HA-Secondary CAS Directly b. Make sure the host...
Reboot the HA-Secondary CAS a. Note In order to copy and paste values to/from the Clean Access Server Mode dropdown menu. 4-34 Cisco NAC Appliance Hardware Installation Guide OL-20326-01 See also a. Click the Failover > General tab and select HA-Secondary Mode from configuration forms, Cisco recommends keeping both web consoles open the DNS tab. 4. Access the HA-Secondary CAS Directly b. Make sure the host...
Hardware Installation Guide
Page 170
...SERVICES; This product includes software written by Eric Young ([email protected]). This package is used are not to all code found in this list of the library used. not just the SSL code. Copyright remains Eric Young's, and as the author of the parts.... 6. Products derived from the apps directory (application code) you must retain the copyright notice, this software may not be removed. Cisco NAC Appliance Hardware Installation Guide A-2 OL-20326-01 Notices Appendix A Open Source License Acknowledgements 5. LOSS OF USE, DATA, OR PROFITS; All rights reserved. If this...
...SERVICES; This product includes software written by Eric Young ([email protected]). This package is used are not to all code found in this list of the library used. not just the SSL code. Copyright remains Eric Young's, and as the author of the parts.... 6. Products derived from the apps directory (application code) you must retain the copyright notice, this software may not be removed. Cisco NAC Appliance Hardware Installation Guide A-2 OL-20326-01 Notices Appendix A Open Source License Acknowledgements 5. LOSS OF USE, DATA, OR PROFITS; All rights reserved. If this...