NAC deployment

Unanswered Question
Jan 28th, 2008
User Badges:

Hello there!

I have 2 NAC Appliance 3310. I want to configure them both as Clean Access Servers(CAS). One will be fail over for the other. In this deployment i will have no Clean Access Manager. Is this possible? If possible how will i configure the CAS without CAM? Is it possible also to install the CAM software in a different hardware other than NAC Appliances(Like normal PCs or Server machines)

Best regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
pmccubbin Tue, 01/29/2008 - 13:47
User Badges:
  • Silver, 250 points or more

Hi Stanslaus,

You need one Clean Access Manager (CAM) and one Clean Access Server (CAS) at a minimum to make any In-band or Out-of-band solution work. What's more, the CAM and the CAS cannot be installed on the same server.

Here are some excellent references to consult:

Cisco Security Center


Cisco NAC Appliance: Enforcing Host Security with Clean Access by Jamey Heary, Jerry Lin, Chad Sullivan, Alok Agrawal. (2007)

Hope this helps.



acharyr123 Wed, 01/30/2008 - 01:02
User Badges:


As fas as my understanding goes, in NAC we must have to have at least one CAM.

In CAM all configuration is done & the CAS will deliver the same to NAC compliant end devices.

Without CAm how will this be done???

CAM s/ u can't install on different servers!!!


This Discussion