11-19-2010 04:09 AM - edited 02-21-2020 04:09 AM
Hi!!
I have bought an NAC Server and a Nac Manager, to manage centraly the vlan where the users connect to based on the authentication.
I have several sites, but the NAC server will be in the headquarters.
When a remote user authenticates, the nac should configure the user switch port for the right vlan.
Is this an out-of-band solution?
Do i need an specific license for out-of-band?
Best Regard's,
Miguel Amaral
Solved! Go to Solution.
12-09-2010 03:20 AM
Hi,
It is the same schema: Yo uneed 2 licenses, one for CAM and one for CAS.
The one for CAM defines how many CASes you can add.
The one for CAS defines how many users are supported.
So either the CAS PAK was lost, or was never bought.
In either case you will need to get in touch with the entitiy that sold the devices and request for the CAS PAK.
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
11-19-2010 09:41 AM
Hello. You don't need an specific license for out-of-band. You just configure you NAC Manager to tell each NAC server to work as out-of-band or as in-band.
About your scenario, it seems logical to use out-of-band, but take into account that when the user is authenticating and remediating the traffic will always go through NAC Server (no matter if you have chosen out-of-band or in-band). The term "out-of-band" applies only after the user was authenticated and the pc was remediated. Then (and only then) the traffic of that user won't go through NAC server. Hope that helps
12-07-2010 05:40 AM
Hi !
Tkx for the reply.
I still have an problem. When i try to add an NAC server, i do not have the option of out-of-band.
Do you have any hint (i'm using version 4.8).
regards,
Miguel
12-07-2010 05:53 AM
Hi,
You need to have an Out of Band license in order to be able to use Out of band features and add the Clean Access Servers as Out-of-band servers.
Without OOB license you will also not have the device administration menu on the left side of the GUI.
This is needed to configure the switches for OOB.
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
12-07-2010 06:34 AM
Hello Tiago
In very old version there were specific out-of-band and in-band licenses. But in new versions you don't need an specific Out-of-band license
http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/license.html
I just installed version 4.8. As I mentioned before, my licenses let me choose inband or out-of-band behavior (but not both simultaneously for a single NAC server).
You just go to "Device Management> Clean Access Servers" click en New Server . There you type the IP address and you choose Server Type from a drop-down list. You have to choose "Out-of-band virtual gateway". To finish you click "Add Clean Access Server".
12-07-2010 06:42 AM
Hi Eduardo,
My problem is that when i do that, the option of Out-Of-Band does not show up in the list-box ,
and when i go to the license page, it does not show up the OOB license.
Did you had to do anything to activate the OOB?
My NAC came with the version 4.1, and i have upgraded to the verions 4.8, but neither one had the OOB option.
regards,
Miguel
12-07-2010 09:42 AM
Hi,
You need at least 2 licenses:
1 - CAM license -> This license is the one you install the first time you access the CAM WEB GUI.
2 - CAS license -> This license needs to be installed so that you can add Clean Access Servers to the CAM.
Did you installed the CAS license?
If not, you need to get the Product Activation Key (PAK) you received allong with the CAs and go to the licensing web page https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet, and request a CAS license. Please note that you need to enter the Clean Access MANAGER eth0 mac address for the Clean Access Server (CAS) licence.
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
12-09-2010 03:15 AM
Hi Tiago,
TKX in advanced for your help.
I have recieved with the CAM an license for 20 CAS, but nothing more.
The CAS server's did not bring any PAK.
This CAM and CAS were bought two years ago by my client, but just now he asked me to install it.
Do you know if two years ago the licensing was diferent?
TKX
Miguel
12-09-2010 03:20 AM
Hi,
It is the same schema: Yo uneed 2 licenses, one for CAM and one for CAS.
The one for CAM defines how many CASes you can add.
The one for CAS defines how many users are supported.
So either the CAS PAK was lost, or was never bought.
In either case you will need to get in touch with the entitiy that sold the devices and request for the CAS PAK.
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: