manualshive.com logo in svg

Cisco NAC-3300 Series, Быстрый старт

Поделиться
Скачать
Cisco NAC-3300 Series Скачать руководство пользователя страница 41

41

 

Step 17

Follow the prompts to configure the temporary SSL security certificate that secures the login 
exchange between the Clean Access Server and untrusted (managed) clients (using field 

k.

):

a.

For the organization unit name, enter the group 

within

 your organization that is responsible 

for the certificate (for example, 

doc

).

b.

For the organization name, type the name of your organization or company for which you 
would like to receive the certificate (for example,

 Cisco Systems

), and press Enter.

c.

Type the name of the city or county in which your organization is legally located (for example,

 

San Jose

), and press Enter.

d.

Type the two-character state code in which the organization is located (for example,

 CA

 or 

NY

), and press Enter.

e.

Type the two-letter country code (for example, 

US

), and press Enter.

Step 18

Confirm values and press Enter to generate the SSL certificate, or type 

n

 to restart:

You entered the following:

Domain: 10.201.240.10

Organization unit: doc

Organization name: Cisco Systems

City name: San Jose

State code: CA

Country code: US

Is this correct? (y/n)? [y] y

Note

You must generate the temporary SSL certificate or you will not be able to access your CAS 
as an end user.

Step 19

Specify whether or not you want the CAS to feature Pre-login Banner Support at the following 
prompt.

Enable Prelogin Banner Support? (y/n)? [n]

For more information and an example of the Pre-login Banner feature, see the “

Administering 

the CAS

” chapter of the 

Cisco NAC Appliance - Clean Access Server Installation and 

Configuration Guide, Release 4.5(1)

.

Step 20

Configure the 

root

 user password for the installed Linux operating system of the Clean Access 

Server.

 

The 

root

 

user account is used to access the system over a serial connection or through 

SSH.

Cisco NAC Appliance supports using Strong Passwords for root user login. Passwords must 
be at least 8 characters long and feature a combination of upper- and lower-case letters, digits, 
and other characters. For example, the password 

10-9=One

 does not satisfy the requirements 

because it does not contain two characters from each category, but 

1o-9=OnE

 is a valid 

password. For more details, see the “

Administering the CAM

” chapter of the 

Cisco NAC 

Appliance - Clean Access Manager Installation and Configuration Guide, Release 4.5(1)

.

Содержание NAC-3300 Series

Страница 1: ...nce Hardware Summary 3 Configuration Worksheets 4 Connecting the Cisco NAC Appliance 5 Installing Software via CD on Cisco NAC Appliance 6 Running the Configuration Utility 7 Accessing the CAM Web Console 8 Using CLI Commands 9 Configuring Additional NIC Cards 10 Obtaining Documentation and Submitting a Service Request ...

Страница 2: ...ystem comprises a hardened Linux kernel based on a Fedora core Cisco NAC Appliance does not support the installation of any other packages or applications onto a CAM or CAS dedicated machine About This Document The Cisco NAC Appliance Hardware Installation Release 4 5 Quick Start Guide provides basic hardware specifications and installation instructions for Cisco NAC Appliance It provides instruct...

Страница 3: ... Cisco representative or reseller for instructions Some Cisco NAC Appliance models might include additional items that are not shown Figure 1 Shipping Box Contents Note Because product software is preloaded onto Cisco NAC 3300 Series appliances the shipping contents do not include a separate Cisco NAC Appliance software installation CD Refer to Upgrading Cisco NAC Appliance Software page 5 for add...

Страница 4: ... Required You need to supply a workstation PC or laptop and keyboard monitor mouse to run the Cisco NAC Appliance Configuration Utility on the appliance Once the initial configuration is complete you will need a standard straight through Ethernet Category 5 network cable with RJ 45 connectors to connect the interfaces of the Cisco NAC Appliance to the network eth0 for the CAM eth0 and eth1 for the...

Страница 5: ...oad and run the standard product upgrade file e g cca_upgrade 4 5 0 NO WEB tar gz The upgrade mechanism automatically determines whether the machine is a Clean Access Server or a Lite Standard Super Clean Access Manager and executes accordingly For step by step upgrade instructions refer to the Upgrading section of the Release Notes for Cisco NAC Appliance Version 4 5 1 at http www cisco com en US...

Страница 6: ...EB tar gz Product Upgrade Archive Note Files with the CCAAgent prefix are for the Cisco Clean Access Agent only Files with the nme nac prefix are used for Cisco NAC Network Module only see Getting Started with Cisco NAC Network Modules in Cisco Access Routers for details Upgrading Firmware Cisco NAC 3300 Series appliances are subject to any system BIOS Firmware upgrades required for the server mod...

Страница 7: ...an Access Manager Installation and Configuration Guide Release 4 5 1 Cisco NAC Appliance Clean Access Server Installation and Configuration Guide Release 4 5 1 Getting Started with Cisco NAC Network Modules in Cisco Access Routers Cisco NAC Profiler Installation and Configuration Guide Release 2 1 8 For the latest online updates to this quick start guide refer to http www cisco com en US products ...

Страница 8: ...ms NAC 3310 1 2 MANAGER Lite Manager supporting up to 3 standalone or HA pair CASs Single processor Xeon 2 33 GHz dual core 1 GB RAM 80 GB NHP SATA HDD 4 10 100 1000 LAN ports 2 Broadcom 5721 integrated NICs 2 Intel e1000 PCI X NICs HP NC360T CD DVD ROM Drive 4 USB Ports 2 front 2 rear Note NAC 3310 is based on HP ProLiant DL140 G3 Cisco NAC 3310 Front Panel page 10 Cisco NAC 3310 Front Panel LEDs...

Страница 9: ...ly 4 GB RAM 4 x 72 GB SFF SAS RAID HDD Smart Array E200i Controller 4 10 100 1000 LAN ports 2 Broadcom 5708 integrated NICs 2 Intel e1000 PCI X NICs HP NC360T CD DVD ROM Drive 4 USB Ports 1 front 1 internal 2 rear Cavium CN1120 NHB E SSL Accelerator Card Note NAC 3390 is based on HP ProLiant DL360 G5 Cisco NAC 3390 Front Panel page 18 Cisco NAC 3390 Front Panel LEDs Buttons Cisco NAC 3390 Rear Pan...

Страница 10: ...lexibility in NIC interface selection and to facilitate CAS high availability configuration For additional details see Cisco NAC Appliance Hardware Summary page 8 Figure 2 Cisco NAC 3310 Front Panel 1 Hard disk drive HDD bay 6 HDD activity LED indicator green 2 CD ROM DVD drive 7 Power button with LED indicator bicolor green amber 3 UID Unit identification button with recessed LED indicator blue 8...

Страница 11: ...r processor thermal sensors At least one memory module failure A power supply unit error has occurred 3 Activity link status LED for NIC 1 eth0 and NIC 2 eth1 Solid green An active network link exists Flashing green An ongoing network data activity exists Off The server is off line 4 HDD activity LEDs Flashing green Ongoing drive activity Off No drive activity 5 Power status LED recessed Green The...

Страница 12: ...port blue 4 NIC 3 eth2 and NIC 4 eth3 PCI Express GbE LAN RJ 45 ports Intel 12 Serial port 5 13 PS 2 keyboard port purple 6 Standard height full length PCI Express x16 PCI X riser board slot cover 14 PS 2 mouse port green 7 Power supply cable socket 15 10 100 Mbps iLO LAN port for IPMI management RJ 45 8 NIC 1 eth0 and NIC 2 eth1 integrated GbE LAN RJ 45 ports Broadcom 2 3 1 6 3 7 15 13 12 11 10 9...

Страница 13: ...Ds Steady amber The LAN connection is using a GbE link Steady green The LAN connection is using a 100 Mbps link Off The LAN connection is using a 10 Mbps link 3 UID LED recessed Blue A UID button has been pressed 4 Link status LED for the 10 100 Mbps LAN port Green A network link exists Off No network link exists 5 Activity status LED for the 10 100 Mbps LAN port Flashing green Network activity ex...

Страница 14: ...bility in NIC interface selection and facilitate CAS high availability configuration The Cisco NAC 3350 additionally provides 2 GB of RAM two SAS drives configured in RAID 0 and 1 an SSL accelerator and dual power supply to support large network deployments and provide added reliability for a centralized CAM CAS deployment in the network core For additional details see Cisco NAC Appliance Hardware...

Страница 15: ...ntify the component in a critical state refer to HP Systems Insight Display and LEDs Off System health is normal when in standby mode 4 External health LED power supply Green Power supply health is normal Amber Power redundancy failure occurred Off Power supply health is normal when in standby mode 5 NIC 1 eth0 link activity LED Green Network link exists Flashing green Network link and activity ex...

Страница 16: ...hing green Activity exists Off No activity exists 2 iLO 2 NIC link LED Green Link exists Off No link exists 3 10 100 1000 NIC 3 Intel Activity LED Steady green High activity Flashing green Activity exists Off No activity if link LED is off link is dead 4 10 100 1000 NIC 3 Intel Link LED Orange 1000 Mbps Green 100 Mbps Off 10 Mbps if activity LED is off link is dead 5 10 100 1000 NIC 4 Intel Activi...

Страница 17: ...een Activity exists Flashing green Activity exists Off No activity exists 10 10 100 1000 NIC 2 Broadcom Link LED Green Link exists Off No link exists 11 UID button LED Blue Identification is activated Flashing blue System is being managed remotely Off Identification is deactivated 12 Power supply 1 LED Green Normal Off System is off or power supply has failed 13 Power supply 2 LED Green Normal Off...

Страница 18: ...ower supplies 4 GB of RAM 4 hard disk drives two integrated NICs and an SSL accelerator For additional details see Cisco NAC Appliance Hardware Summary page 8 Note The Super CAM software is supported only on the Cisco NAC 3390 Appliance platform Figure 10 Cisco NAC 3390 Front Panel Figure 11 Cisco NAC 3390 Front Panel LEDs Buttons 1 Hard drive bay 1 5 CD ROM DVD drive 2 Hard drive bay 2 6 Video co...

Страница 19: ...To identify the component in a critical state refer to HP Systems Insight Display and LEDs Off System health is normal when in standby mode 4 External health LED power supply Green Power supply health is normal Amber Power redundancy failure occurred Off Power supply health is normal when in standby mode 5 NIC 1 link activity LED Green Network link exists Flashing green Network link and activity e...

Страница 20: ...y bay 2 11 USB connector 5 Integrated NIC 2 eth1 port Broadcom 12 USB connector 6 Integrated NIC 1 eth0 port Broadcom 13 iLO 2 NIC connector RJ 45 7 Keyboard connector purple 1 iLO 2 NIC activity LED Green Activity exists Flashing green Activity exists Off No activity exists 2 iLO 2 NIC link LED Green Link exists Off No link exists 3 10 100 1000 NIC 1 Activity LED Green Activity exists Flashing gr...

Страница 21: ...ivity exists 6 10 100 1000 NIC 2 Link LED Green Link exists Off No link exists 7 UID button LED Blue Identification is activated Flashing blue System is being managed remotely Off Identification is deactivated 8 Power supply 1 LED Green Normal Off System is off or power supply has failed 9 Power supply 2 LED Green Normal Off System is off or power supply has failed ...

Страница 22: ...n Clean Access Manager CAM Configuration Worksheet Table 2 CAM Configuration Utility Worksheet For Clean Access Manager NAC Appliance a IP address for eth0 interface trusted 1 b Subnet mask IP netmask for eth0 interface c Default gateway IP address for eth0 interface d Host name for your CAM e IP address of Domain Name Server on your network f Shared secret Must be the same for the CAM and all CAS...

Страница 23: ...work cards NIC 1 and NIC 2 on most types of server hardware b Subnet mask IP netmask for eth0 interface c Default gateway IP address for eth0 interface d IP address for eth1 interface untrusted e Subnet mask IP netmask for eth1 interface f Default gateway IP address for eth1 interface 1 g Host name for your CAS h IP address of Domain Name Server on your network i Shared secret Must be the same for...

Страница 24: ...ing Considerations CAS Mode Comments Real IP The trusted eth0 and untrusted eth1 interfaces of the CAS must be on different subnets Add static routes on the L3 switch or router to route traffic for the managed subnets to the trusted interface of the respective CASs If using DHCP relay make sure the DHCP server has a route back to the managed subnets NAT testing only Note NAT is not supported for p...

Страница 25: ...the CAS untrusted side The CAS is automatically configured for DHCP Passthrough when set to Virtual Gateway mode Managed subnets must be configured on the CAS for all the user subnets that are managed by the CAS When configuring the Managed subnet make sure that you type an unused IP address in that subnet for the CAS to use and not a subnet address Traffic from clients must pass through the CAS b...

Страница 26: ...ance a If planning to configure the CAS as a Virtual Gateway either In Band IB or Out of Band OOB do not connect the untrusted interface eth1 NIC2 of the CAS until after you have added the CAS to the CAM from the web administrator console and for Central Deployments configured VLAN Mapping to prevent network connectivity issues For details see the Cisco NAC Appliance Clean Access Server Installati...

Страница 27: ...ndow Step 3 Type a name for the session and click OK Step 4 In the Connect using list choose the COM port on the workstation to which the serial cable is connected e g COM3 or COM1 and click OK Step 5 Configure the Port Settings as follows Bits per second 9600 Data bits 8 Parity None Stop bits 1 Flow control Hardware CTS RTS or None Step 6 Click the Disconnect icon then go to File Properties to op...

Страница 28: ... Note that starting from Release 4 5 There is only one product installation CD ISO for all appliance platforms CAS and Lite Standard Super CAM The DL140 and serial_DL140 boot installation directives are no longer required when installing the software on NAC 3310 appliances Use the following instructions to perform CD installation of the latest supported software version directly onto your applianc...

Страница 29: ... the CD into the CD ROM drive of each installation machine Note Cisco recommends burning the ISO image to a CD R using speeds 10x or lower Higher speeds can result in corrupted unbootable installation CDs Step 3 Insert the CD ROM containing the Cisco NAC Appliance ISO file into the CD ROM drive of the target machine Step 4 Reboot the machine The Cisco Clean Access Installer welcome screen appears ...

Страница 30: ... CAS for the target machine on which you are performing installation Step 8 The Clean Access Manager Package Installation then executes The installation takes several minutes When finished the installation script presents the following message prompting you to press Enter to reboot the CAM and launch the Clean Access Manager quick configuration utility Installation complete Press ENTER to continue...

Страница 31: ...Installer To install a Cisco Clean Access device press the ENTER key To install a Cisco Clean Access device over a serial console enter serial at the boot prompt and press the ENTER key boot Step 5 At the boot prompt type one of the following options depending on the type of connection Press the Enter key if your monitor and keyboard are directly connected to the CAS Type serial and press enter in...

Страница 32: ... you for the initial CAS configuration as described in Run CAS Configuration Utility Script page 37 6 Running the Configuration Utility Once you have booted up the appliance or if you have installed a new release on your Cisco NAC Appliance you are prompted to perform the initial configuration as described in this section To configure the MANAGER follow the steps in Run CAM Configuration Utility S...

Страница 33: ...0 11 Is this correct y n y Step 3 Type the subnet mask for the interface address from field b at the prompt or press Enter for the default 255 255 255 0 Confirm the value when prompted Please enter the netmask for the interface eth0 255 255 255 0 You entered 255 255 255 0 is this correct y n y Step 4 Accept the default gateway or specify and confirm a default gateway address from field c for the C...

Страница 34: ...ccess Manager is located from field g as follows The timezone is currently not set on this system Please identify a location so that time zone rules can be set correctly Please select a continent or ocean a Choose your region from the continents and oceans list Type the number next to your location on the list such as 2 for the Americas and press Enter Type 11 to enter the time zone in Posix TZ fo...

Страница 35: ...rtificate for example Cisco Systems and press Enter d Type the name of the city or county in which your organization is legally located for example San Jose and press Enter e Type the two character state code in which the organization is located for example CA or NY and press Enter f Type the two letter country code for example US and press Enter Step 11 Confirm values and press Enter to generate ...

Страница 36: ...mix of upper and lower case letters digits and other characters Minimum of 8 characters and maximum of 16 characters with characters from all of these classes Minimum of 2 characters from each of the four character classes is mandatory An upper case letter that begins the password and a digit that ends it do not count towards the number of character classes used Enter new password Re type new pass...

Страница 37: ... Clean Access Servers Run CAS Configuration Utility Script Step 1 After the software is installed from the CD and package installation is complete the welcome script for the configuration utility appears Welcome to the Cisco Clean Access Manager quick configuration utility Note that you need to be root to execute this utility The utility will now ask you a series of configuration questions Please ...

Страница 38: ...1 is disabled Would you like to enable it y n n Note In most cases VLAN passthrough is not needed Step 6 At the Management VLAN Tagging prompt type n and press Enter or just press Enter to keep Management VLAN tagging disabled default Or type Y and press Enter to enable Management VLAN tagging with the specified VLAN ID for the eth0 interface Management Vlan Tagging for egress packets of eth0 is d...

Страница 39: ...ou entered 10 10 10 1 Is this correct y n y Step 10 At the next prompt type n and press Enter or just press Enter to keep VLAN ID passthrough disabled for the eth1 interface Vlan Id Passthrough for packets from eth1 to eth0 is disabled Would you like to enable it y n n Step 11 At the Management VLAN Tagging prompt type n and press Enter or just press Enter to keep Management VLAN tagging disabled ...

Страница 40: ...T 10 b The next list that appears shows the countries for the region you chose Choose your country from the country list such as 45 for the United States and press Enter c If the country contains more than one time zone the time zones for the country appears d Choose the appropriate time zone region from the list such as 19 for Pacific Time and press Enter e Confirm your choices by entering 1 or u...

Страница 41: ...ntry code US Is this correct y n y y Note You must generate the temporary SSL certificate or you will not be able to access your CAS as an end user Step 19 Specify whether or not you want the CAS to feature Pre login Banner Support at the following prompt Enable Prelogin Banner Support y n n For more information and an example of the Pre login Banner feature see the Administering the CAS chapter o...

Страница 42: ...limited CAS specific settings and is primarily used to set up High Availability Please enter an appropriately secure password for the web console admin user New password for web console admin Confirm new password for web console admin Step 22 After the configuration is complete press Enter to reboot the CAS Configuration is complete Changes require a REBOOT of Clean Access Server Step 23 Enter the...

Страница 43: ...ww perfigo com OU Product O Perfigo Inc L San Francisco ST California C US Certificate Authority from the CAM and CAS s A CA signed certificate for the CAS prevents the security warning when end users log in and a CA signed certificate for the CAM prevents the administrator web login security warning For more information see the Known Issues for Cisco NAC Appliance section of the Release Notes for...

Страница 44: ...rough direct console connection serial connection or SSH Step 2 Login as root with the correct password Step 3 Enter the service perfigo config command Step 4 Accept the default values or provide new ones for all prompts as described in Running the Configuration Utility page 32 Step 5 When configuration is done enter service perfigo reboot or reboot to reboot the machine Powering Down the NAC Appl...

Страница 45: ...ificate the security alert appears and you are prompted to accept the certificate Click Yes to accept the certificate If using signed certificates security dialogs do not appear Install CAM License Step 4 Following installation and initial configuration the Clean Access Manager License Form appears the first time you access the CAM web console Figure 14 You will need to obtain and save your produc...

Страница 46: ...the Install License button Note If you have purchased a CAM Failover HA license install the Failover license to the Primary CAM first then load all the other licenses This facilitates upgrading CAM HA pairs Step 6 Once the license is accepted the administrator web console login window appears Figure 15 Type the administrator username and password you configured during initial installation and clic...

Страница 47: ... navigation pane appears Figure 16 Note If you enabled the Pre login Banner during initial configuration in Run CAM Configuration Utility Script page 33 a splash screen appears prompting you to acknowledge any system messages before you are able to view the Summary page Figure 16 Monitoring Summary Page ...

Страница 48: ...undle and click Install License You should see a green confirmation text string at the top of the page which indicates success failure to install the license type of license added and for a CAS license the Server increment count for example License added successfully CCA Manager License added Out of Band Server Count is now 20 The status text at the bottom of the page will indicate the presence of...

Страница 49: ...inistrator web console Refer to Cisco NAC Appliance Service Contract Licensing Support for details Step 11 Licenses are now installed You can continue the configuration of your deployment using the CAM web console Refer to the following documents for further configuration guidelines Cisco NAC Appliance Configuration Quick Start Guide Release 4 1 Cisco NAC Appliance Clean Access Manager Installatio...

Страница 50: ...ing message appears service perfigo stop Shuts down Cisco NAC Appliance services on the CAM or CAS Note When the management VLAN is set issuing this command causes the CAS to lose network connectivity service perfigo maintenance CAS only command This command brings the CAS to maintenance mode in which only the basic CAS router runs and continues to handle VLAN tagged packets The command allows com...

Страница 51: ...he proper addressing it can then be configured as the dedicated UDP heartbeat interface for the HA CAS Note For Cisco NAC Appliance hardware platforms the following instructions assume that the NIC is plugged in and working i e recognized by BIOS and by Linux service perfigo restart Shuts down Cisco NAC Appliance services and starts them up again on the CAM or CAS This is used when services are al...

Страница 52: ...TMASK BROADCAST and NETWORK values with the actual values suitable for your network DEVICE eth2 IPADDR 192 168 0 253 NETMASK 255 255 255 252 BROADCAST 192 168 0 255 NETWORK 192 168 0 252 BOOTPROTO static ONBOOT yes TYPE Ethernet Step 6 Save the file and reboot the system The network interface is now ready to be used for HA Note If the NIC card is not recognized by BIOS for example for a non applia...

Страница 53: ...on on obtaining documentation submitting a service request and gathering additional information see the monthly What s New in Cisco Product Documentation which also lists all new and revised Cisco technical documentation at http www cisco com en US docs general whatsnew whatsnew html Subscribe to the What s New in Cisco Product Documentation as a Really Simple Syndication RSS feed and set content ...

Страница 54: ...54 ...

Страница 55: ...55 ...

Страница 56: ... Cisco has more than 200 offices worldwide Addresses phone numbers and fax numbers are listed on the Cisco Website at www cisco com go offices Printed in the USA on recycled paper containing 10 postconsumer waste 78 18807 01 This document may reproduce requested material from HP Copyright 2007 2008 Hewlett Packard Development Company L P Reproduced with Permission Last Updated July 6 2009 ...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды