1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Server
  5. NAC-3300 Series
  6. Quick start manual

Cisco NAC-3300 Series Quick Start Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Q
S
UICK
TART
Cisco NAC Appliance Hardware Installation, Release 4.5
1
Preparing for Installation
2
Cisco NAC Appliance Hardware Summary
3
Configuration Worksheets
4
Connecting the Cisco NAC Appliance
5
Installing Software via CD on Cisco NAC Appliance
6
Running the Configuration Utility
7
Accessing the CAM Web Console
8
Using CLI Commands
9
Configuring Additional NIC Cards
10
Obtaining Documentation and Submitting a Service Request
G
UIDE

Advertisement

Table of Contents
loading

Related Manuals for Cisco NAC-3300 Series

Summary of Contents for Cisco NAC-3300 Series

  • Page 1 Cisco NAC Appliance Hardware Installation, Release 4.5 Preparing for Installation Cisco NAC Appliance Hardware Summary Configuration Worksheets Connecting the Cisco NAC Appliance Installing Software via CD on Cisco NAC Appliance Running the Configuration Utility Accessing the CAM Web Console Using CLI Commands Configuring Additional NIC Cards...

  • Page 2: About The Cisco Nac Appliance

    Clean Access Manager (CAM), enforced through the Clean Access Server (CAS), and applied on clients through the Clean Access Agent and Cisco NAC Web Agent client software. You can deploy the Cisco NAC Appliance solution in the configuration that best meets the needs of your network.

  • Page 3: Preparing For Installation

    Verify the contents of the packing box, shown in Figure 1, to ensure that you have received all items necessary to install your Cisco NAC Appliance. Save the packing material in case you need to repack the unit. If any item is missing or damaged, contact your Cisco representative or reseller for instructions.

  • Page 4: Failover Bundles

    (straight-through) Ethernet Category 5 network cable with RJ-45 connectors to connect the interfaces of the Cisco NAC Appliance to the network (eth0 for the CAM; eth0 and eth1 for the CAS). You will need a crossover RJ-45 Ethernet cable to connect HA-pair appliances together.

  • Page 5: Upgrading Cisco Nac Appliance Software

    Cisco NAC-3300 Series appliances are preloaded with a default version of the Cisco NAC Appliance software, which may not match the latest release of the software. Cisco recommends that you run the latest supported version of the system software to ensure you have the latest product enhancements and fixes.

  • Page 6: Upgrading Firmware

    Log in with your Cisco ID and access the Software Download site for Cisco NAC Appliance: Step 1 a. You can go directly to the Software Download site at http://www.cisco.com/cgi-bin/apps/tblbld/tablebuild.pl?topic=279515766. b. Or, access the Cisco NAC Appliance support page at http://www.cisco.com/en/US/partner/products/ps6128/index.html...
  • Page 7 Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide, Release • 4.5(1) Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release 4.5(1) • Getting Started with Cisco NAC Network Modules in Cisco Access Routers •...
  • Page 8 Cisco NAC Appliance Hardware Summary Table 1 summarizes the hardware specifications for each Cisco NAC Appliance. See the “Diagrams” column for links to detailed diagrams showing NIC ports, power supply sockets, LEDs and buttons. Table 1 Cisco NAC Appliance Hardware Summary...
  • Page 9 Table 1 Cisco NAC Appliance Hardware Summary (continued) Cisco NAC Appliance Product Hardware Specifications Diagrams NAC-3350 Single processor: Xeon 3.0 GHz dual core • Cisco MANAGER Dual power supply NAC-3350 Standard 2 GB RAM Front Panel, Manager 2 x 72 GB SFF SAS RAID HDD...

  • Page 10: Cisco Nac-3310 Front And Rear Panels

    3 Clean Access Servers or 3 HA-CAS pairs. A NAC-3310 CAS can support 100, 250, or 500 users. The Cisco NAC-3310 comes equipped with 4 network interfaces to provide flexibility in NIC interface selection and to facilitate CAS high availability configuration.
  • Page 11 Figure 3 Cisco NAC-3310 Front Panel LEDs/Buttons UID LED (recessed) Blue = A UID button has been pressed. System health LED Off = System health is normal Amber = A pre-failure system threshold has been breached. This can be any of the following: •...
  • Page 12 Figure 4 Cisco NAC-3310 Rear Panel Ventilation holes UID button with recessed LED indicator (blue) Thumbscrew for the top cover 10 Rear USB ports (black) Thumbscrews for the PCI riser board Video port (blue) assembly NIC 3 (eth2) and NIC 4 (eth3) PCI Express...
  • Page 13 Figure 5 Cisco NAC-3310 Rear Panel LEDs NIC activity/link status Solid green = An active network link exists LEDs for NIC 1 (eth0) and Flashing green = An ongoing network data activity exists NIC 2 (eth1) Off = The server is off-line...

  • Page 14: Cisco Nac-3350 Front And Rear Panels

    NIC interface selection and facilitate CAS high availability configuration. The Cisco NAC-3350 additionally provides 2 GB of RAM, two SAS drives configured in RAID 0 and 1, an SSL accelerator, and dual power supply to support large network deployments and provide added reliability for a centralized CAM/CAS deployment in the network core.
  • Page 15 Off = No link to network exists If power is off, the front panel LED is not active. For status, view the rear panel LED for the RJ-45 connector (Figure 9 on page 16). Figure 8 Cisco NAC-3350 Rear Panel...
  • Page 16 13 USB connector Integrated NIC 1 (eth0) port (Broadcom) 14 iLO 2 NIC connector (RJ-45) Figure 9 Cisco NAC-3350 Rear Panel LEDs 9 10 11 12 iLO 2 NIC activity LED Green = Activity exists Flashing green = Activity exists...
  • Page 17 10/100/1000 NIC 1 (Broadcom) Green = Activity exists Activity LED Flashing green = Activity exists Off = No activity exists 10/100/1000 NIC 1 (Broadcom) Link Green = Link exists Off = No link exists 10/100/1000 NIC 2 (Broadcom) Green = Activity exists Activity LED Flashing green = Activity exists Off = No activity exists...

  • Page 18: Cisco Nac-3390 Front And Rear Panels

    Clean Access Super Manager (Super CAM) which can support up to 40 Clean Access Servers or 40 HA-CAS pairs. The Cisco NAC-3390 features dual processors, dual power supplies, 4 GB of RAM, 4 hard disk drives, two integrated NICs, and an SSL accelerator.
  • Page 19 Power On/Standby button Green = System is on and system power LED Amber = System is shut down, but power is still applied Off = Power cord is not attached, power supply failure has occurred, no power supplies are installed; facility power is not available, or disconnected power button cable UID button/LED Blue = Identification is activated...
  • Page 20 Integrated NIC 1 (eth0) port (Broadcom) 13 iLO 2 NIC connector (RJ-45) Keyboard connector (purple) Figure 13 Cisco NAC-3390 Rear Panel LEDs/Buttons iLO 2 NIC activity LED Green = Activity exists Flashing green = Activity exists Off = No activity exists...
  • Page 21 10/100/1000 NIC 1 Link LED Green = Link exists Off = No link exists 10/100/1000 NIC 2 Activity LED Green = Activity exists Flashing green = Activity exists Off = No activity exists 10/100/1000 NIC 2 Link LED Green = Link exists Off = No link exists UID button/LED Blue = Identification is activated...

  • Page 22: Configuration Worksheets

    To generate the required temporary SSL certificate (you can change this at a later time): FQDN or IP address of CAM: Organization unit (e.g. Sales) Organization name (e.g. Cisco) Organization location (e.g. San Jose, CA, US) If using FQDN, make sure your DNS server Note is set up for the domain name.

  • Page 23: Clean Access Server (Cas) Configuration Worksheet

    1. eth0 and eth1 generally correlate to the first two network cards—NIC 1 and NIC 2—on most types of server hardware. 2. Cisco highly recommends replacing default password(s) with “strong” passwords (at least 8 characters long, comprised of a combination of two characters from each of the upper- and lower-case letters, numbers, and special...

  • Page 24: Cas Mode Ip Addressing Considerations

    2. Cisco highly recommends replacing default password(s) with “strong” passwords (at least 8 characters long, comprised of a combination of two characters from each of the upper- and lower-case letters, numbers, and special characters categories) CAS Mode IP Addressing Considerations Table 4 CAS Modes—...
  • Page 25 CAM via the web console, and VLAN mapping is configured correctly under Device Management > CCA Servers > Manage [CAS_IP] > Advanced > VLAN Mapping. See the Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release 4.5(1) for details.
  • Page 26 SecureCRT). For details, see Connecting Serially to the Cisco NAC Appliance, page 27. Connect a straight-through Category 5 Ethernet cable to the eth0 (NIC1) 10/100/1000 Step 2 Ethernet port on the back panel of the Cisco NAC Appliance (CAM or CAS) and to your local area network. Additionally, for the CAS appliance: Step 3 a.

  • Page 27: Connecting Serially To The Cisco Nac Appliance

    To use a serial connection, use a serial cable (DB-9, female-female) to connect your PC/laptop Step 1 to the serial port on the Cisco NAC Appliance. (You can use the null modem cable shipped in the box if needed.) After physically connecting your workstation to the appliance, you can access the serial connection interface using a variety of terminal emulation applications.
  • Page 28 Cisco NAC-3310, NAC-3350, and NAC-3390 appliances are preloaded with a default version of the Cisco NAC Appliance system software. The first time a Cisco NAC-3300 appliance is powered on, it prompts for root user login and starts the initial configuration script as described in Running the Configuration Utility, page 32.

  • Page 29: Install The Clean Access Manager (Cam) Software From Cd-Rom

    Connect the target installation machine to the network and access the command line of the Step 1 machine by direct console or over a serial connection, as described in Connecting the Cisco NAC Appliance, page 26. Download the latest software version supported on the target machine as follows: Step 2 a.

  • Page 30: Install The Clean Access Server (Cas) Software From Cd-Rom

    NAC-3310 SERVER or NAC-3350 SERVER appliances. Step 1 Connect the target installation machine to the network and access the command line of the machine by direct console or over a serial connection, as described in Connecting the Cisco NAC Appliance, page 26.
  • Page 31 Burn the ISO as a bootable disk to a CD-R. Insert the CD into the CD-ROM drive of each installation machine. Note Cisco recommends burning the ISO image to a CD-R using speeds 10x or lower. Higher speeds can result in corrupted/unbootable installation CDs. Step 3 Insert the CD-ROM containing the Clean Access Server ISO file into the CD-ROM drive of the target CAS machine.

  • Page 32: Running The Configuration Utility

    Configuration Utility Script, page 37. Running the Configuration Utility Once you have booted up the appliance, or if you have installed a new release on your Cisco NAC Appliance, you are prompted to perform the initial configuration as described in this section.

  • Page 33: Run Cam Configuration Utility Script

    Please answer them carefully. Cisco Clean Access Manager, (C) 2008 Cisco Systems, Inc. If this prompt does not appear after you install the Cisco NAC Appliance software and restart Note the CAM, refer to Manually Restarting the Configuration Utility, page 44.
  • Page 34 The Clean Access Manager and Clean Access Servers in a deployment authenticate each other Step 7 through a shared secret that serves as an internal password. The default shared secret is . Type and confirm the shared secret (from field f.) at the prompts. cisco123 The shared secret used between Clean Access Manager and Clean Access Server is the default string: cisco123...
  • Page 35 Enable Prelogin Banner Support? (y/n)? [n] For more information and an example of the Pre-login Banner feature, see the “Installing the Clean Access Manager” chapter of the Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide, Release 4.5(1).
  • Page 36 SSH. Cisco NAC Appliance supports using Strong Passwords for root user login. Passwords must be at least 8 characters long and feature a combination of upper- and lower-case letters, digits, and other characters. For example, the password...

  • Page 37: Run Cas Configuration Utility Script

    Please answer them carefully. Cisco Clean Access Manager, (C) 2008 Cisco Systems, Inc. If this prompt does not appear after you install the Cisco NAC Appliance software and restart Note the CAS, refer to Manually Restarting the Configuration Utility, page 44.
  • Page 38 Type the subnet mask for the interface address (from field b.) at the prompt or press Enter for Step 3 the default (255.255.255.0). Confirm the value when prompted. Please enter the netmask for the interface eth0 []: 255.255.255.0 You entered 255.255.255.0, is this correct? (y/n)? [y] Accept the default gateway address or type a default gateway (from field c.) for the eth0 Step 4 address of the CAS and press Enter.
  • Page 39 CAS to the CAM in the web console. See the Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release 4.5(1) for further details.
  • Page 40 This is highly insecure. It is recommended that you choose a string that is unique to your installation. Please remember to configure all Clean Access Devices with the same string. Only the first 8 characters supplied will be used. Please enter the shared secret between Clean Access Server and Clean Access Manager: cisco123 You entered: cisco123 Is this correct? (y/n)? [y]...
  • Page 41 SSH. Cisco NAC Appliance supports using Strong Passwords for root user login. Passwords must be at least 8 characters long and feature a combination of upper- and lower-case letters, digits, and other characters. For example, the password...
  • Page 42 For security reasons, it is highly recommended that you change the password for the root user. ** Please enter a valid password for root user as per the requirements below! ** Changing password for user root. You can now choose the new password. A valid password should be a mix of upper and lower case letters, digits, and other characters.

  • Page 43: Important Notes For Ssl Certificates

    Important Notes for SSL Certificates • You must generate the temporary SSL certificates during the initial configuration of both the CAM and CAS or you will not be able to access your Cisco NAC Appliance as an administrator or end user.

  • Page 44: Manually Restarting The Configuration Utility

    Manually Restarting the Configuration Utility If after installation you need to reset the configuration settings, or if you need to start the configuration utility manually, you can issue the CLI command on either the Clean Access service perfigo config Server or Clean Access Manager. When using , you will also need to enter service perfigo config after configuration is complete to reboot the machine.

  • Page 45: Install Cam License

    Accessing the CAM Web Console The Clean Access Manager web administration console is the primary interface for administering the Cisco NAC Appliance deployment. After initial configuration is complete, use the following steps to access the CAM web console. Launch a web browser from a computer accessible to the CAM.
  • Page 46 Figure 14 Clean Access Manager License Form To enter a license in the Clean Access Manager License File field, click the Browse button to Step 5 locate the license file you received for the CAM and click the Install License button. If you have purchased a CAM Failover (HA) license, install the Failover license to the Primary Note CAM first, then load all the other licenses.
  • Page 47 Figure 15 CAM Administrator Web Console Login Page The Monitoring > Summary page and left-hand navigation pane appears (Figure 16). Step 7 If you enabled the Pre-login Banner during initial configuration in Run CAM Configuration Note Utility Script, page 33, a splash screen appears prompting you to acknowledge any system messages before you are able to view the Summary page.

  • Page 48: Add Additional Licenses

    Add Additional Licenses To add additional licenses for your Clean Access Servers, go to Administration > CCA Step 8 Manager > Licensing (Figure 17) in the CAM administrator web console. Figure 17 Licensing Page In the Clean Access FlexLM License File(s) field, Browse to the license file for your CAS or Step 9 CAS bundle, and click Install License.
  • Page 49 CAM web console. Refer to the following documents for further configuration guidelines: Cisco NAC Appliance Configuration Quick Start Guide, Release 4.1 – Cisco NAC Appliance - Clean Access Manager Installation and Configuration Guide, Release – 4.5(1) Cisco NAC Appliance - Clean Access Server Installation and Configuration Guide, Release –...

  • Page 50: Using Cli Commands

    Using CLI Commands You can use the Cisco NAC Appliance command line interface (CLI) to set basic operational parameters directly on the CAM or CAS if the web console is unavailable (for example, due to incorrect network or VLAN settings). Table 5 lists commonly used CLI commands. To run them,...
  • Page 51 Linux command. clock If you are configuring the Cisco NAC Appliance Profiler Collector on the Clean Access Server, Note refer to the Cisco NAC Profiler Installation and Configuration Guide, Release 2.1.8 additional details.

  • Page 52: To Configure An Additional Nic

    To Configure an Additional NIC To verify that the NIC has been recognized by Linux, type n (where n is the Step 1 ifconfig eth interface number). For example, if adding a NIC to a system that already has two built-in Ethernet interfaces (eth0 and eth1), n is 2 and you enter ifconfig eth2 Verify that the output displays information about the interface including MAC address and...
  • Page 53 Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free...
  • Page 56 San Jose, CA Singapore Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. Printed in the USA on recycled paper containing 10% postconsumer waste. 78-18807-01...

Table of Contents