Published On: August 6ᵗʰ, 2019 02:05
Supported Hardware and System Requirements for Cisco NAC Appliance (Cisco Clean Access)
Note 
This document is available under:
http://www.cisco.com/en/US/products/ps6128/products_device_support_tables_list.html
For the most current Cisco NAC Appliance documentation, refer to:
http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html
This document describes the following:
•Troubleshooting Network Card Driver
Support Issues
Supported Hardware Platforms
•Cisco NAC Appliance Hardware
Platforms
•Customer-Supplied Hardware
Platforms and Cisco NAC Appliance Software
Cisco NAC Appliance Hardware Platforms
All Cisco NAC Appliance hardware platforms (e.g. Cisco NAC-3350) are supported under Cisco SMARTnet.
•Cisco NAC Appliance 3300 Series
(Integrated Hardware/Software)
•Cisco NAC Network Module for
Integrated Services Routers
•Cisco NAC Appliance 3100 Series
(Hardware Only)
For additional details on SMARTnet, refer to the following website:
http://www.cisco.com/en/US/products/svcs/ps3034/ps2827/ps2978/serv_group_home.html
Note For details on Cisco NAC Guest Server and Cisco NAC
Profiler, refer to the ordering information available under "Cisco
NAC Appliance Bulletins" at
http://www.cisco.com/en/US/products/ps6128/prod_bulletins_list.html
Cisco NAC Appliance 3300 Series (Integrated Hardware/Software)
With the Cisco NAC Appliance 3300 Series, Cisco introduces three new integrated hardware platforms that are pre-installed with the Cisco NAC Appliance software (release 4.0.3.3 or later). The Cisco NAC Appliance 3300 Series is intended to facilitate ordering and installation of the Cisco NAC Appliance on your network.
Note that NAC 3300 Series platforms are available only as fully integrated appliances containing both hardware and software, and cannot be ordered as hardware-only platforms.
Note You must use identical appliances (e.g. NAC-3350 and
NAC-3350) in order to configure High Availability (HA) pairs of
Clean Access Managers (CAMs) or Clean Access Servers (CASs).
Table 1 summarizes the Cisco NAC Appliance 3300 Series.
Table 1 Cisco NAC Appliance 3300 Series
|
Model Number 3
|
Clean Access Servers Supported
|
Clean Access Manager Supported
|
|
|---|---|---|---|
|
CAS for 100 users |
Lite CAM (for 3 CASs) |
||
|
NAC Appliance 3350 |
CAS for 1500 users |
Standard CAM (for 20 CASs) |
|
|
NAC Appliance 3390 8 |
- |
Super CAM (for 40 CASs) |
|
1 You can upgrade NAC 3300 series appliances to the releases listed in the "Cisco NAC Appliance Versions Supported" column only. Release 4.0(5) is the minimum 4.0(x) version and release 4.1.2.1 is the minimum 4.1(x) version supported on NAC 3300 appliances. Releases 4.1(0)/4.1.0.1/4.1.0.2 do not support and cannot be installed on NAC 3300 appliances. If introducing a NAC 3300 appliance to your network, you must upgrade all existing CAM/CAS machines to the same release (e.g. 4.1(8)) for compatibility. Other versions of the Cisco NAC Appliance software cannot be installed on a NAC 3300 appliance and are not supported. Refer to the applicable Release Notes for details. 2 For details on enhancements in each release, refer to Release Notes for Cisco NAC Appliance for the applicable version. 3 If you are planning to connect NAC-3300 series appliances for HA (failover) using the serial cable deployment option, make sure you disable BIOS redirection to the serial port. See Disable BIOS Redirection for Serial HA (Failover) Connections for details. 4 Cisco NAC Appliance Release 4.5 only supports and can only be installed on the following Cisco NAC Appliance platforms: Cisco CCA-3140, Cisco NAC-3310, Cisco NAC-3350, Cisco NAC-3390, Cisco NAC Network Module (NME-NAC-K9). You cannot upgrade to or install release 4.5 on any other platform. Refer to the Release Notes for Cisco NAC Appliance, Release 4.5 for details. 5 Release 4.1.2.1 is the minimum mandatory 4.1(x) version for Cisco NAC 3300 Series Appliances and the Cisco NAC network module, and is required to support HA-CAS pairs. Refer to the applicable Release Notes for Cisco NAC Appliance for important details specific to each 4.1(x) release (such as 4.1(6) and 4.1(8)). For additional Cisco NAC network module compatibility details, refer to Cisco NAC Network Module for Integrated Services Routers. 6 For CD software installation of Release 4.1(x)/4.0(x) only on the NAC-3310 only (DL140 G3 based appliance), you must type an installation directive at the "boot:" prompt—either DL140 if directly connected, or serial_DL140 if serially connected to the appliance. See Required Installation Directives for details. Release 4.5 and later no longer require these installation directives for the NAC-3310 (see the Release Notes for Cisco NAC Appliance, Release 4.5 for details.) 7 The NAC-3310 appliance is subject to any BIOS/firmware upgrades required for the HP ProLiant DL140 G3 server. Refer to DL140 G3 Required BIOS/Firmware Upgrades for details. 8 Super Manager (Super CAM) software is supported only on the NAC-3390 appliance. A separate ISO file is required if performing CD installation of the Super CAM. |
For additional information on the Cisco NAC Appliance 3300 Series, refer to:
•Cisco NAC Appliance Ordering Guide
•Cisco NAC Appliance Data Sheet
•Cisco NAC Appliance Hardware Installation Quick Start Guide
•Cisco NAC Appliance Service Contract / Licensing Support
Cisco NAC Network Module for Integrated Services Routers
The Cisco NAC Network Module (NME-NAC-K9) offers the Clean Access Server (CAS) functionality on the next generation service module for the Cisco 2800 and 3800 Series Integrated Services Routers. The Cisco NAC network module is pre-installed with Cisco NAC Appliance software (release 4.1(2) or later). Once initial configuration is complete, the Cisco NAC network module is added to the Clean Access Manager's managed domain like any other CAS and is managed through the CAM's web console (GUI) interface.
Table 2 summarizes the Cisco NAC Network Module for Integrated Services Routers.
Table 2 Cisco NAC Network Module
|
1 Release 4.1.2.1 is the minimum mandatory 4.1(x) version for Cisco NAC 3300 Series Appliances and the Cisco NAC network module. Cisco NAC Appliance software versions earlier than 4.1(2) are not supported and cannot be installed on the Cisco NAC network module. If introducing the Cisco NAC network module to your network, you must all upgrade all existing CAM/CAS machines to the same release for compatibility (e.g. 4.5) 2 For compatibility with CAM/CAS appliances running 4.1.2.1, you must use the standard product upgrade file to upgrade the Cisco NAC network module to 4.1.2.1. Refer to the Release Notes for Cisco NAC Appliance (Cisco Clean Access), Version 4.1(2) for upgrade instructions. |
For additional information on the Cisco NAC Network Module, refer to:
•Cisco NAC Network Module for Integrated Services Routers Data Sheet
•Cisco NAC Appliance Ordering Guide
•Getting Started with Cisco NAC Network Modules in Cisco Access Routers
•Cisco NAC Appliance Service Contract / Licensing Support
Cisco NAC Appliance 3100 Series (Hardware Only)
The Cisco NAC Appliance 3100 Series comprises the Cisco CCA-3140-H1 hardware-only platform. The CCA-3140-H1 is not pre-installed with Cisco NAC Appliance software and requires CD installation of either the Clean Access Server or Clean Access Manager software. The CCA-3140 server hardware configuration is supported under Cisco SMARTnet.
Note Cisco CCA-3140-H1 cannot be ordered after August 3,
2007 (EOL). For details, refer to the EOL/EOS for the Cisco Clean Access Hardware
end-of-life and end-of-sales notice.
Customer-Supplied Hardware Platforms and Cisco NAC Appliance Software
For legacy customers only, the Cisco NAC Appliance software (release 4.1(x) and earlier) can be manually installed on select supported server configurations. In this case, Cisco Clean Access software (e.g. CCA version 4.0.x) is supported under Cisco Software Application Support and Cisco Software Application Support Plus Upgrades (SAS/SASU). For details see: http://www.cisco.com/en/US/partner/products/svcs/ps3034/ps2827/ps2993/serv_group_home.html
Note Cisco Technical Assistance Center (TAC) only supports
hardware installation questions on platforms listed in Table 3 "Current Supported
Customer-Supplied Server Hardware Configurations" or Table 4 "Non-Orderable Supported Customer-Supplied Server
Hardware Configurations (Sheet 1 of 4)".
New features in new releases may be subject to licensing
restrictions.
Table 3 lists the server hardware configurations that are supported for each successive Cisco Clean Access (CCA) software release. The Clean Access Manager (CAM) and Clean Access Server (CAS) software will run on the server configurations listed starting from the minimum CCA version specified.
Note If configuring the CAS in HA mode, also refer to
CAS High Availability (HA) Requirements
Current Supported Customer-Supplied Server Hardware Configurations
Table 3 Current Supported Customer-Supplied Server Hardware Configurations
|
Server Vendor
|
Model Number 1
|
Controller Type
|
Controller Model Name/Number
|
Additional Required Steps
|
|
|---|---|---|---|---|---|
|
Cisco |
CCA-3140-H1 4 |
SATA |
Intel ICH5 82801EB 5 |
4.1(x)+ |
• |
|
MCS-7825-I1-CC1/IPC1 |
SATA |
Any 5 |
4.1(x)+ |
- |
|
|
MCS-7825-I1-ECS1 |
- |
- |
4.1(x)+ |
||
|
3.5(x)+ |
|||||
|
Dell |
SAS RAID |
PERC 5/i, Integrated Controller Card |
4.1(6)+ |
- |
|
|
HP |
ProLiant DL140 G3 |
SATA |
- |
4.1(1)+ |
• • • |
|
ProLiant DL360 G5 |
SAS RAID |
HP Smart Array P400i Controller for SAS RAID |
4.1(1)+ |
• |
|
|
SATA RAID |
HP Smart Array E200i Controller for SATA RAID |
|
1 Server configurations listed here have been tested with the Cisco Clean Access software and are supported platforms. If a server configuration is not listed, it may not have been tested with the Cisco Clean Access and is not supported. If problems are encountered with installation of CCA software on a particular server model, the customer should contact TAC and provide exact configuration information. 2 The "+" designation in the Min. CCA Version column indicates the server configuration is supported for the release branch (e.g. 4.1(x)) or starting from the CCA version specified and for subsequent versions (e.g. 4.0(6) and later). 3 SATA controllers are not supported for CCA 3.5(x) and 3.4(x). 4 Cisco CCA-3140-H1 cannot be ordered after August 3, 2007 (EOL). For details, refer to the EOL/EOS for the Cisco Clean Access Hardware notice. 5 Cisco MCS-7825-I1-CC1/IPC1 and CCA-3140-H1 support the same controllers as HP ProLiant DL140 G2. 6 Dell PowerEdge 1950 supports only serial connection to appliance for CD installation (direct/KVM connection not supported). 7 Release 4.1(1) is not supported on Dell PowerEdge 1850/1950. |
Non-Orderable Supported Server Configurations
Table 4 lists the legacy hardware configurations that can no longer be ordered from server vendors, but will still be supported for legacy customers. The Clean Access Manager (CAM) and Clean Access Server (CAS) software will run on the server configurations listed starting from the minimum CCA version specified.
Table 4 Non-Orderable Supported Customer-Supplied Server Hardware Configurations (Sheet 1 of 4)
|
Server Vendor
|
Controller Type
|
Controller Model Name/Number
|
Additional Required Steps
|
||
|---|---|---|---|---|---|
|
Broadcom |
Niagara 2100A, BCM5820 (VPN accelerator card) |
- |
- |
3.5(0)+ |
- |
|
Cisco |
MCS-7825H-3.0-IPC1 |
- |
- |
4.1(x)+ |
- |
|
Dell |
PowerEdge 650 |
- |
- |
4.1(x)+ |
- |
|
- |
- |
4.1(x)+ |
- |
||
|
4.0(x)+ |
|||||
|
3.5(0)+ |
- |
||||
|
PowerEdge 850 7 |
SATA |
Intel ICH7 82801GB |
4.1(x)+ |
||
|
SATA RAID |
Adaptec AAC-RAID |
||||
|
PowerEdge 1650 |
- |
- |
3.5(0)+ |
- |
|
|
PowerEdge 1750 8 |
- |
- |
3.5(0)+ |
||
|
SCSI RAID |
LSI Logic SCSI Perc 4e/Si |
4.1(6)+ |
|||
|
SCSI |
LSI Logic 12 |
4.1(6)+ |
|||
|
3.6(x) + |
- |
||||
|
3.5(0)+ |
|||||
|
HP |
ProLiant DL140 |
- |
- |
4.1(x)+ |
- |
|
ProLiant DL140 G2 |
SATA |
Any |
4.1(x)+ |
• |
|
|
ProLiant DL320 G2 |
IDE only |
- |
4.1(x)+ |
- |
|
|
ProLiant DL360 |
SCSI |
SmartArray 5i Controller |
4.1(x)+ |
- |
|
|
SCSI RAID |
SmartArray 6i SCSI RAID |
4.1(x)+ |
- |
||
|
3.5(0)+ |
|||||
|
IDE only |
- |
4.1(x)+ |
- |
||
|
ProLiant DL380 |
SCSI RAID |
SmartArray 6i SCSI RAID |
4.1(x)+ |
• |
|
|
3.5(0)+ |
|||||
|
IDE only |
- |
4.1(x)+ |
- |
||
|
IBM |
eServer xSeries 305 |
- |
- |
3.5(0)+ |
Disable onboard NIC, and use Intel/Broadcom PCI NIC instead. |
|
eServer xSeries 306 |
SATA |
Any 13 |
4.1(x)+ |
||
|
SCSI |
Adaptec 79xx SCSI |
4.1(x)+ |
- |
||
|
SCSI |
Adaptec 79xx SCSI |
3.5(0)+ |
|||
|
eServer xSeries 335 |
- |
- |
3.5(0)+ |
- |
|
|
eServer xSeries 345 |
- |
- |
- |
||
|
eServer xSeries 336 |
SCSI |
LSI Logic MPT 53c1030 SCSI |
4.1(x)+ |
- |
|
|
SCSI RAID |
LSI Logic MPT 53c1030 SCSI Raid |
- |
|||
|
OmniPro Systems |
SuperServer 5013C-M |
- |
- |
3.5(0)+ |
- |
|
Sun |
LX50 Server |
- |
- |
3.5(0)+ |
- |
|
Sun Fire V60x Server |
- |
- |
- |
||
|
Sun Fire V65x Server |
- |
- |
- |
|
1 When connecting high availability (failover) pairs via serial cable, BIOS redirection to the serial port must be disabled for NAC-3300 series appliances, and for any other server hardware platform that supports the BIOS redirection to serial port functionality. See Disable BIOS Redirection for Serial HA (Failover) Connections for details. 2 Server configurations listed here have been tested with the Cisco Clean Access software and are supported platforms. If a server configuration is not listed, it may not have been tested with the Cisco Clean Access and is not supported. If problems are encountered with installation of CCA software on a particular server model, the customer should contact TAC and provide exact configuration information. 3 The "+" designation in the Min. CCA Version column indicates the server configuration is supported starting from the CCA version listed and for subsequent versions. 4 SATA controllers are not supported for CCA 3.5(x) and 3.4(x). 5 SATA RAID is not supported for Dell PowerEdge 750. 6 For 4.1(x)/4.0(x)/ 3.6(x) on Dell PowerEdge 750, you must Disable Serial Port Settings. 7 CAMs running on non-appliance platforms with 1GB or less memory (e.g. Dell 750/850/860 with standard 512K memory) do not support web upgrade of CAS to 4.1(6) via CAM web console and will display HTTP status 500 error messages. 8 Perform a Custom Installation if installing CCA software on a Dell PowerEdge 1750. 9 RAID controllers are not supported for CCA 3.5(x) and 3.4(x) on Dell PowerEdge 1850. Only LSI SCSI controllers supported. 10 Dell PowerEdge 1850 supports CD installation of CCA 4.1(3) only; software upgrade is not supported. 11 Release 4.1(1) is not supported on Dell PowerEdge 1850/1950. 12 Some hardware with LSI Logic SCSI drives, such as Dell PowerEdge 1850, might require issuing an installation directive (either "DL140" or "serial_DL140") at the boot prompt when performing new software installation via CD. Refer to Required Installation Directives and caveat CSCsg98960 for details. 13 For IBM x306, SATA controllers are identified by motherboard chipset. |
Additional Required Steps
This section details additional required steps you may need to perform for certain server configurations. Follow the instructions (if any) listed in the Additional Required Steps column of Table 3 "Current Supported Customer-Supplied Server Hardware Configurations" or Table 4 "Non-Orderable Supported Customer-Supplied Server Hardware Configurations (Sheet 1 of 4)" for the specified server model.
•Disable BIOS Redirection for Serial
HA (Failover) Connections
•Upgrade BCM5702/5703/5704 NICs
•DL140 G3 Required BIOS Settings
•DL140 G3 Required BIOS/Firmware
Upgrades
•Required Installation
Directives
Disable BIOS Redirection for Serial HA (Failover) Connections
When connecting high availability (failover) pairs via serial cable, BIOS redirection to the serial port must be disabled for NAC-3300 series appliances, HP ProLiant DL140 G3, HP ProLiant DL360 G5, and any other server hardware platform that supports the BIOS redirection to serial port functionality.
If you are planning to connect an HA pair of NAC-3310, NAC-3350, or NAC-3390 appliances via serial cable, disable the BIOS redirection as follows:
Step 1 While the machine is booting up, press [F9] to access
the BIOS Setup screen.
Note If you see the RBSU> prompt after pressing [F9], perform the
steps in Changing RBSU (ROM-Based Setup Utility)
from Text Mode to Menu Mode first before continuing.
Step 2 Select the "BIOS Serial Console & EMS" menu
option.
Step 3 Change the "BIOS Serial Console Port" setting to
"Disabled."
Step 4 Change the "EMS Console" setting to "Disabled."
Step 5 Save your settings and reboot the machine.
Changing RBSU (ROM-Based Setup Utility) from Text Mode to Menu Mode
To switch RBSU (ROM-Based Setup Utility) from CLI mode to Menu mode, use the following steps:
Step 1 Enter "SHOW CONFIG BIOS INTERFACE MODE" to see the
current setting and available options.
Step 2 Enter "SET CONFIG BIOS INTERFACE MODE 1" to switch to
menu mode.
Step 3 Enter "EXIT" to exit RBSU.
For additional details on RBSU, see the HP ROM-Based Setup Utility User Guide: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00191707/c00191707.pdf
Upgrade BCM5702/5703/5704 NICs
For CCA release 4.1(x)/4.0(x)/3.6(x) only, server models which use the Broadcom 5702/5703/5704 NIC chipset for network interface cards require a firmware upgrade from HP. Affected server models may include Dell PowerEdge 850, CCA-3140-H1, and HP ProLiant DL140 G2/DL360/DL380. If your server machine is affected, perform the steps described below.
Verify NIC Controller
1. Verify the type of NIC controller being used on your
CAM/CAS server machine by looking at the output of the lspci -v command.
Apply Firmware Upgrade
2. If your machine uses the 5702/5703/5704 Broadcom
chipset and is running CCA 4.1(x)/4.0(x)/3.6(x), you must apply the
firmware upgrade from HP available at:
http://h18023.www1.hp.com/support/files/networking/us/download/24056.html.
Note You can apply the firmware upgrade from HP before or
after upgrading to 4.1(x), 4.0(x) or 3.6(3)+.
CCA 3.6(2) and Below— BCM5702/5703/5704 NIC Cards
If your machine is running CCA release 3.6(2), 3.6(1), or 3.6(0) and uses the 5702/5703/5704 Broadcom chipset, you must:
1. Apply Firmware Upgrade, and
2. Either apply the CCA 3.6.2.1 patch (see
http://www.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/cca/cca36/36rn.htm#wp240662),
3. Or, upgrade to CCA 3.6(3) or above.
CCA 3.6(2) and Below — BCM57xx NIC Cards
If your server machine is running CCA release 3.6(2) or below and uses other BCM 57xx NIC cards (i.e. other than 5702/5703/5704), you will need to either apply the CCA 3.6.2.1 patch, or upgrade your system to CCA 3.6(3) or above.
Note The fundamental cause of this issue is a firmware bug
in the Broadcom chipsets used in HP servers. Refer to caveat
CSCsd74376 in Release Notes for Cisco Clean Access (NAC Appliance) Version 3.6(4)
for additional details.
DL140 G3 Required BIOS Settings
The default BIOS settings for the HP ProLiant DL140 G3 server need to set as follows.
Step 1 While the machine is booting up, press [F9] to access
the BIOS Setup screen.
Step 2 Select "Advance Chipset Control"
Step 3 Select "Serial ATA: [Enabled]"
Step 4 Select "Native Mode Operation: [Auto]"
Step 5 Select "SATA Controller Mode Option: [Compatible]"
Step 6 Save your settings and reboot the machine.
Note These settings are the default BIOS settings shipped
with the Cisco NAC-3310 Appliance.
Note The following BIOS customization is provided on
NAC-3310 Appliance:
1. Console Redirection: Enabled
2. Console Type: VT100
DL140 G3 Required BIOS/Firmware Upgrades
The Cisco NAC-3310 appliance is based on the HP ProLiant DL140 G3 server and is subject to any BIOS/firmware upgrades required for the DL140 G3.
Table 5 lists the current supported default system BIOS/Firmware version for NAC-3310. Make sure the BIOS version on your NAC-3310 appliance matches the latest supported version listed in Table 5.
Table 5 BIOS/Firmware Updates for NAC-3310 (Based on HP DL140 G3)
|
HP DL140 G3 System BIOS Version
|
Download Filename
|
BMC Firmware Version
|
|---|---|---|
|
1.14 (2007.08.13) A |
2.11 |
Note HP external links are subject to change at any time at
HP's discretion. For a list of all HP BIOS versions for the HP
DL140 G3, refer to the "Revision History" tab of the Systems ROMPaq Firmware Upgrade Diskette for HP ProLiant DL140 G3 Servers
website at the following location:
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=1842838&swItem=MTX-7357cb60dffc4e22a507f6abe1&prodNameId=3285485&swEnvOID=2025&swLang=8&taskId=135&mode=5
Required Installation Directives
Note Release 4.5 and later do not require installation
directives for the NAC-3310.
For CCA release 4.1(x) and earlier only, you are required to type either the DL140 or serial_DL140 installation directive at the "boot:" prompt to install new system software via CD-ROM on the following hardware:
•HP ProLiant DL140 G3 servers
•NAC-3310 appliance (based on DL140 G3)
•Certain servers with LSI Logic SCSI drivers (e.g. Dell
1850)
For these server models, type either:
•DL140—if you are directly
connected (monitor, keyboard, and mouse) to the machine
•serial_DL140—if you are
installing the software via serial console connection
For example:
Cisco Clean Access Installer (C) 2007 Cisco Systems, Inc.
Welcome to the Cisco Clean Access Installer!
- To install a Cisco Clean Access device, press the <ENTER> key.
- To install a Cisco Clean Access device over a serial console,
enter serial at the boot prompt and press the <ENTER> key.
boot: DL140
Disable Serial Port Settings
If installing CCA version 4.1(x)/4.0(x)/3.6(x) software on Dell PowerEdge 750 or 1850, perform the following steps:
To disable serial port settings on a Dell 750:
1. Power up the box.
2. Press F2 to enter Setup (BIOS) mode.
3. Go to "Console Redirection."
4. Make sure "Console Redirect" is set to "Off", and
"Redirection After Boot" is set to "Disabled."
5. Select "Save Changes and Exit."
6. Reboot the machine with the CCA software installation
CD. The software should boot up correctly.
To disable serial port settings on a Dell 1850:
1. Power up the box.
2. Enter BIOS mode.
3. Go to "Integrated Devices" and disable "Serial
Redirect".
4. Disable "Redirect after Boot".
5. Select "Save Changes".
6. Reboot the machine. The software should boot up
correctly.
Disable Onboard NICs
If running CCA version 3.5(x)/3.4(x) on Cisco MCS-7825-I1-ECS1, or IBM eServer xSeries 306 servers with Adaptec 79xx SCSI controllers, disable the onboard NICs and use the following Intel/Broadcom PCI NICs instead:
•PWLA8492MT = Intel PRO/1000 MT Dual Port Server
Adapter (copper)
•PWLA8492MF = Intel PRO/1000 MF (dual SX fiber LC
connectors)
To disable onboard NICs for each CAM/CAS installation server:
1. Power up the box.
2. Press F1 to enter BIOS mode.
3. Disable on-board Ethernet Controllers 1 and 2.
4. Save and exit.
Disable SATA RAID
If installing CCA version 4.1(x)/4.0(x)/3.6(x)/3.5(x)/3.4(x) on the Cisco MCS-7825-I1-ECS1 (IBM x306-based platform), perform the following steps to disable SATA RAID.
For each CAM installation server:
1. Power up the box.
2. Press F1 to enter BIOS mode.
3. Go to "Devices and I/O Ports" and disable "SATA RAID
Enable".
For each CAS installation server:
1. Power up the box.
2. Press F1 to enter BIOS mode.
3. Go to "Devices and I/O Ports" and disable "SATA RAID
Enable".
4. Disable "Onboard LAN 1" and "Onboard LAN 2" to disable
the on-board NICs.
5. Install one of the following types of PCI NICs
instead, and reboot the box.
•PWLA8492MT = Intel PRO/1000 MT Dual Port Server
Adapter (copper)
•PWLA8492MF = Intel PRO/1000 MF (dual SX fiber LC
connectors)
Notes for 3.6.0/3.6.0.1
CCA versions 3.6(0) and 3.6.0.1 only require that the "IPMI-asf" feature be turned off on servers with Broadcom NIC controllers.
To Disable IPMI (CCA 3.6.0/3.6.0.1 Only)
Note The following workaround is NOT needed for CCA version
3.6(1) and later.
To alter the IPMI-asf setting on the Broadcom controllers, you will need to download a utility from Broadcom.
1. Download the utility from
http://www.driverlot.com/broadcom_netxtreme_bcm57xx_ethernet_nic_dos_diagnostic_utilities_830_.html
and follow the instructions on the web page to start the download.
Then, follow the instructions below.
2. Save the user_diag-8.30.zip utility to your workstation, and
unzip the file.
3. Copy the contents of the user_diag folder onto a
bootable DOS floppy or CD-ROM.
4. Boot the machine into DOS.
5. At the DOS prompt, type: b57udiag -cmd
Wait for a prompt to appear. This might take a while.
6. At the prompt, type: setasf -d @
7. After this is done, at the prompt, type: exit
8. Eject the CD-ROM and reboot the machine.
Note For additional details, see "Important Notes for
3.6(0) Clean Access Server Machines with Broadcom NIC Controllers"
at the following URL:
http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/36/36rn.html#wp41908.
Custom Installation
Note Custom installation applies to CCA release 3.5(x) or prior ONLY.
Custom installation is not needed starting from CCA release 3.6(x)
and should not be used.
Some servers may require custom installation when installing Cisco Clean Access software. For example, when installing CCA 3.5(x)/3.4(x) on a HP ProLiant DL360/380, IBM x306, or Dell PowerEdge 1750/1850, custom installation is required. Note the following:
•Each controller that is not supported via the Cisco
Clean Access CD-ROM needs to be downloaded from Cisco Secure
Software and put on a driver disk so that the installation program
can access the device
•An anaconda (installation program) patch must also be
applied.
If installing CCA software on a server that requires custom installation, follow the instructions below:
Pre-ISO Setup
Note You must have these steps completed before you can
boot from the ISO CD-ROMs.
Step 1 Download a copy of rawrite. You can obtain rawrite
from http://www.freedos.org/software/?prog=rawrite
Step 2 Save this rawrite file to C:\
Step 3 Download the Driver and Update image files by logging
into Cisco Secure Software and accessing the Cisco Clean Access
System Drivers folder under: http://www.cisco.com/cgi-bin/tablebuild.pl/CCA-drivers
Step 4 Download the appropriate driver.img file, depending on
the server on which you are installing:
•For HP DL360/380, you will need
the SmartArray 6i Driver disk.
•For IBM 306, you will need the
Adaptec SCSI 79xx Driver disk.
•For Dell 1750/1850, you will need
the LSI SCSI Driver disk.
Step 5 Download the update.img file (General Update). You will need to create an update.img
disk to apply the anaconda (installation program) patch.
Step 6 Save the Driver and Update files in the same C:\
directory as the rawrite file.
Step 7 Open a command tool and type:
C:\rawrite
Step 8 Enter the full name of the source file(s) and the
destination onto a floppy disk.
You might need to change the filenames to something shorter, i.e.
less than 10 characters. Do this for each image. Typically, use the
names driver.img and update.img.
Custom CD Install
To perform a custom installation for each Clean Access Manager and Clean Access Server machine:
Step 1 Insert the distribution CD-ROM that contains the CAM
or CAS .iso file into the CD drive of the installation server
machine.
Step 2 Connect to the machine directly with a keyboard and
monitor, or by terminal emulation console over a serial connection.
Step 3 Reboot the machine. The installation script starts
automatically after the machine restarts.
Step 4 At the "boot:" prompt, type custom and press Enter.
Step 5 The program will prompt you for the driver diskette,
then the update diskette. The installation then proceeds normally.
Make sure to use the appropriate driver diskette for
the platform. Troubleshooting Network Card Driver Support Issues
Note The instructions in this section apply only to
customer-supplied hardware platforms running Release 4.1(x) or
earlier. This section does not apply to Release 4.5 which only
supports the CCA-3140, NAC-3310, NAC-3350, NAC-3390, and NME-NAC
Cisco NAC Appliance hardware platforms.
Typically, the Cisco NAC Appliance (Cisco Clean Access) installation program automatically detects the network cards on the target machine and loads the appropriate drivers. In some cases, such as when NIC cards are changed on the server hardware, you may need to manually load drivers if they are not automatically loaded. The instructions below describe how to do this. Note that you must follow the instructions specific to the version of Cisco Clean Access version being run:
•Loading Drivers for Cisco NAC
Appliance Version 4.1(x)/4.0(x)/3.6(x)
•Loading Drivers for CCA Version
3.5(x)
Loading Drivers for Cisco NAC Appliance Version 4.1(x)/4.0(x)/3.6(x)
Note Cisco NAC Appliance versions 4.1(x)/4.0(x)/3.6(x) use
the tg3 driver for Broadcom 5700 NIC cards.
To manually load drivers for server machines running Cisco NAC Appliance version 4.1(x), 4.0(x) or 3.6(x), perform the following steps:
1. Verify Driver Loads Correctly
3. Hardcoding Speed/Duplex for the
Intel e1000 Driver (if applicable), or
4. Hardcoding Speed/Duplex for the
Broadcom tg3 Driver (if applicable)
Verify Driver Loads Correctly
Step 1 Connect to the server machine (Clean Access Manager or
Clean Access Server) by serial cable or KVM and console into the
box.
Step 2 Type the following command: modprobe <driver_name>
•For example, for Broadcom NICs, type: modprobe tg3
•For Intel Gigabit NICs, type: modprobe e1000
Manually Load the Driver
If the above steps result in no errors, perform the next steps:
Step 3 Edit the file /etc/modprobe.conf with vi or another editor. Add
the following two lines:
alias eth0 <driver>
alias eth1 <driver>
For example, for Broadcom NICs insert:
alias eth0 tg3
alias eth1 tg3
For Intel Gigabit NICs (e1000-based) insert:
alias eth0 e1000
alias eth1 e1000
Step 4 If the network card's operating parameters, such as
speed and duplex, need to be hardcoded in the configuration file,
perform the steps appropriate for your NIC drivers as described
below:
•Hardcoding Speed/Duplex for the
Intel e1000 Driver (if applicable), or
•Hardcoding Speed/Duplex for the
Broadcom tg3 Driver (if applicable)
Hardcoding Speed/Duplex for the Intel e1000 Driver (if applicable)
To hardcode Intel e1000 Gigabit cards (eth0
and eth1) for 100Mbps full duplex, add the following options line to the file /etc/modprobe.conf (after the alias lines):
alias eth0 e1000
alias eth1 e1000
options e1000 Speed=100,100 Duplex=2,2
Table 8 lists the Intel e1000 NIC driver options available for Cisco NAC Appliance versions 4.1(x)/4.0(x)/3.6(x).
Table 6 Cisco NAC Appliance Version 4.1(x)/4.0(x)/3.6(x)—Intel e1000 NIC Driver Options
Hardcoding Speed/Duplex for the Broadcom tg3 Driver (if applicable)
Note The Broadcom tg3 driver does not take options.
Step 5 For Cisco NAC Appliance 4.0(x)/3.6(x), you can
temporarily change settings on Broadcom tg3 NIC cards (eth0 and
eth1) in order to test which settings work for your drivers. You
can use the following sequence of commands to first turn
auto-negotiation off, then set the speed and duplex:
# ethtool -s eth0 autoneg off
# ethtool -s eth0 speed 1000
# ethtool -s eth0 duplex full
Note that these settings are lost after a
reboot. If you want manually configured settings to be preserved
during every reboot, add the above lines that work for your system
into the file /etc/rc.local.
Table 8 lists the
Broadcom tg3 NIC driver parameters you can modify using the
ethtool command for Cisco NAC
Appliance versions 4.1(x)/4.0(x)/3.6(x).
Table 7 Cisco NAC Appliance Version 4.1(x)/4.0(x)/3.6(x)—Broadcom tg3 NIC ethtool Parameters
|
NIC Type
|
Interface
|
Parameter
|
Value
|
|---|---|---|---|
|
tg3 |
eth0 eth1 |
autoneg |
on / off |
speed |
10/100/1000 |
||
duplex |
full/half |
Save and Reboot
Step 6 Save and close the files.
Step 7 Reboot the server using the following command:
service perfigo reboot
Loading Drivers for CCA Version 3.5(x)
Note CCA version 3.5(x) and earlier use the bcm5700 driver
for Broadcom 5700 NIC cards.
To manually load drivers for server machines running Cisco Clean Access version 3.5(x), perform the following steps:
1. Verify Driver Loads Correctly
3. Hardcode Speed/Duplex for the
Driver
Verify Driver Loads Correctly
Step 1 Connect to the server machine (Clean Access Manager or
Clean Access Server) by serial cable or KVM and console into the
box.
Step 2 Change to the driver directory as follows (where
<driver_name> is the NIC card driver, such as bcm5700 or e1000):
cd /lib/modules/kernel-2.4.9-perfigo/drivers/addon/<driver_name>
Step 3 Type the following command: insmod ./<driver>.o
•For example, for Broadcom NIC cards, type:
insmod ./bcm5700.o
•For Intel e1000-based NIC cards type: insmod ./e1000.o
Manually Load the Driver
If the steps above result in no errors, perform the next steps:
Step 4 Edit the file /etc/modules.conf with vi or another editor. Add
the following two lines:
alias eth0 <driver>
alias eth1 <driver>
For example, for Broadcom 5700-based NICs, insert:
alias eth0 bcm5700
alias eth1 bcm5700
Or, for Intel e1000-based NICs, insert the following lines instead:
alias eth0 e1000
alias eth1 e1000
Hardcode Speed/Duplex for the Driver
Step 5 If the network card's operating parameters, such as
speed and duplex, need to be hardcoded in the configuration file,
add the appropriate option.
For example, to hardcode Intel e1000 gigabit cards (eth0 and eth1)
for 100Mbps full duplex, add the following line to the file
/etc/modules.conf:
options e1000 Speed=100,100 Duplex=2,2
Table 8 lists the NIC driver options available for CCA version 3.5(x).
Table 8 CCA Version 3.5(x)—NIC Driver Options
Save and Reboot
Step 6 Save and close the files.
Step 7 Reboot the server using the following command:
# service perfigo reboot
System Requirements
This section describes the minimum configuration recommended for server machines running the Cisco Clean Access Manager and Clean Access Server software. It also describes minimum requirements for browsers and for client systems running the Clean Access Agent.
•Cisco NAC Appliance Sizing
Guidelines
•CAS High Availability (HA)
Requirements
•Cisco NAC Appliance Web Admin
Console Requirements
•Cisco NAC Appliance Agents System
Requirements
•Linux Operating System Client
Support
Cisco NAC Appliance Sizing Guidelines
With the introduction of the Cisco NAC Appliance 3300 Series, server and user count determinations are dependent on the type of license and NAC-3300 hardware platform purchased.
For comprehensive sizing and ordering information, refer to the Cisco NAC Appliance Ordering Guide.
For additional details, see also Cisco NAC Appliance Service Contract / Licensing Support.
Note•The maximum user count available for a CAS installed
on customer-supplied hardware is 1500 users.
•The maximum number of CASs that can be managed by a
CAM installed on customer-supplied hardware is 20 failover CAS
bundles.
•The 2500- and 3500-user Clean Access Servers and the
Super CAM are not available as software-only products.
•Customers who wish to buy CCA as software only must
use legacy SKUs (e.g. CCA-SVR-K9) and cannot use new appliance SKUs
(e.g NAC3350-1500-K9). Refer to the
Cisco NAC Appliance End-of-Life / End-of-Sales Notices
for additional information.
Clean Access Manager (CAM)
The following minimum configuration is recommended for customer-supplied server machines running the CAM software
|
Component
|
Minimum Requirement
|
|---|---|
|
CPU |
Single 2.4 GHz, or greater |
|
Memory |
1 GB, or greater 1 |
|
NIC 2 |
Dual Fast Ethernet or Gigabit Ethernet (Intel or Broadcom recommended) |
|
Hard Disk Space |
10 GB |
|
1 Consider 2 GB of memory or greater if planning to deploy the CAM with a large number of device filters, traffic policies, local users, and/or multiple CASs fully loaded with >1000 users. 2 Unless deploying for High Availability, the Clean Access Manager only requires a single NIC. |
Note Super CAM software runs only on the NAC-3390 hardware
platform. See Cisco NAC Appliance Hardware
Platforms.
Note For serial cable connection for high availability (for
either HA-CAM or HA-CAS pairs), the serial cable must be a "null
modem" cable. For details, refer to http://www.nullmodem.com/NullModem.htm.
Clean Access Server (CAS)
The following minimum configuration is recommended for customer-supplied server machine(s) running the CAS software.
|
Component
|
Minimum Requirement
|
|---|---|
|
CPU |
Single 2.4 GHz, or greater |
|
Memory |
1 GB, or greater 1 |
|
NICs |
Dual Fast Ethernet or Gigabit Ethernet (Intel or Broadcom recommended) |
|
Hard Disk Space |
10 GB |
|
1 Consider 2 GB of memory or greater if deploying the CAS as a DHCP Server, configuring /30 subnets, or supporting 1500 users. 1 GB is typically sufficient otherwise. |
CAS High Availability (HA) Requirements
Note You must use identical appliances (e.g. NAC-3350 and
NAC-3350) in order to configure High Availability (HA) pairs of
Clean Access Managers (CAMs) or Clean Access Servers (CASs).
Cisco recommends the use of a dedicated connection for failover heartbeat on Clean Access Server high-availability pairs. You can use:
•A serial null-modem cable, or
•UDP heartbeat over eth0 and a
serial null-modem cable
Note When connecting high availability (failover) pairs via
serial cable, BIOS redirection to the serial port must be disabled
for NAC-3300 series appliances, and for any other server hardware
platform that supports the BIOS redirection to serial port
functionality. See Disable BIOS Redirection for
Serial HA (Failover) Connections for details.
Note For serial cable connection for high availability (for
either HA-CAM or HA-CAS pairs), the serial cable must be a "null
modem" cable. For details, refer to http://www.nullmodem.com/NullModem.htm.
Cisco NAC Appliance Web Admin Console Requirements
•The CAM/CAS web console supports Internet Explorer 6.0
for all releases, and the IE 7.0 browser with release 4.1(0) and
later.
•The CAM/CAS web console requires high encryption (64
or 128 bit) and does not accept 56-bit encryption (with release
3.5(7) and later).
•High encryption (64 or 128 bit) is also required for
client browsers for web login and Clean Access Agent
authentication.
Note Cisco NAC Appliance does not support beta versions of
third-party software, except where specifically noted.
Cisco NAC Appliance Agents System Requirements
Note Table 9 lists Clean Access
Agent information for Cisco NAC Appliance Release 4.1.x and earlier
only. For details on Cisco NAC Appliance Agents in Release 4.5,
refer to Support for Cisco NAC Appliance Agents, Release 4.5 and Later,
available at
http://www.cisco.com/en/US/products/ps6128/products_device_support_tables_list.html.
Table 9 lists the minimum configuration recommended to install and authenticate with the Clean Access Agent on Windows/Mac OS X client systems. See Linux Operating System Client Support for additional details.
Table 9 Clean Access Agent System Requirements
|
Requirements
|
Min. Agent Version 1
|
Min. CAM/ CAS Version
1
|
|---|---|---|
|
Required Hard Drive Space
|
||
|
Minimum of 10 MB of free hard drive space |
All |
All |
|
Required Hardware
|
||
|
No minimum hardware requirements (works on various client machines) |
All |
All |
|
Supported Client Operating Systems
|
||
|
Windows XP Professional, Windows XP Home, Windows 2000 2 , Windows 98, Windows SE, Windows ME |
All |
All |
|
Windows XP Media Center Edition, Windows XP Tablet PC |
4.0.2.0+ |
4.0(3)+ |
|
4.1.0.0+ |
4.1(x)+ |
|
|
Windows Vista Home, Windows Vista Business, Windows Vista Ultimate, Windows Vista Enterprise 3 , 4 Note Note |
4.0.4.0+ |
4.0(4)+ |
|
4.1.1.0+ |
4.1(1)+ |
|
|
Japanese Windows XP Professional SP2, Japanese Windows XP Home Edition, Japanese Windows 2000 Professional SP4 5 , 6 , 7 |
4.0.2.0+ |
4.0.3.2+ |
|
4.1.0.0+ |
4.1(0)+ |
|
|
Japanese Windows Vista Home, Windows Vista Business, Windows Vista Ultimate, Windows Vista Enterprise 5, 6, 7 Note |
4.0.4.0+ |
4.0(4)+ |
|
4.1.1.0+ |
4.1(1)+ |
|
|
Korean Windows XP Professional SP2, Korean Windows 2000 Professional SP4 5, 6, 7 |
4.1.2.1+ |
4.1.2.1+ |
|
Korean Windows Vista Home, Windows Vista Business, Windows Vista Ultimate, Windows Vista Enterprise 5, 6, 7 Note |
4.1.2.1+ |
4.1.2.1+ |
|
Windows XP SP2 with Simplified Chinese |
4.1.0.0+ |
4.1(0)+ |
|
Mac OS 10.5, 10.5.1 (Leopard)8 —Authentication and auto-upgrade |
4.1.3.0+ |
4.1(3)+ |
|
Japanese Mac OS 10.5, 10.5.1 (Leopard)8—Authentication and auto-upgrade |
||
|
Mac OS X (10.2, 10.3, 10.4)—Authentication only |
4.1.0.0+ |
4.1(0)+ |
|
Japanese Mac OS X (10.2, 10.3, 10.4)—Authentication only |
||
|
64-bit Windows OS—Authentication-only 9 Windows XP Professional x64, Windows Vista Home Basic x64, Windows Vista Home Premium x64, Windows Vista Business x64, Windows Vista Ultimate x64, Windows Vista Enterprise x64 Japanese Windows XP Professional x64,Japanese Windows Vista Home Basic x64, Japanese Windows Vista Home Premium x64, Japanese Windows Vista Business x64, Japanese Windows Vista Ultimate x64 Note |
4.0.6.1+ |
4.0.6.1+ |
|
4.1.2.1+ |
4.1.2.1+ |
|
|
Cisco NAC Web Agent Support
|
||
|
Supported OS: • • • |
4.1.3.9 |
4.1(3)+ |
|
Supported Web Browsers: • • |
||
|
Java Applet Support: JVM 1.4.2 |
||
|
Supported Localized Language Templates
10
|
||
|
French (Canada) |
4.1.6.0+ |
4.1(6)+ |
|
Dutch, Hungarian, Portuguese, Japanese |
4.1.3.0+ |
4.1(3)+ |
|
German, Italian, Finnish, Czech, Norwegian, Spanish, Danish, French, Russian11 , Swedish, Turkish, Serbian, and Catalan |
4.1.0.0+ |
4.1(0)+ |
|
Supported OS Locales 12
|
||
|
English, International English, French, Italian, German, Spanish, Norwegian, Swedish, Japanese |
All |
All |
|
Supported Browsers (Windows)
13
|
||
|
Internet Explorer 6.0, |
All |
All |
|
Internet Explorer 7.0, |
3.6.5.0+ |
3.6.4.3 |
|
4.0.2.0+ |
4.0(3)+ |
|
|
4.1.0.0 |
4.1(0) |
|
|
Supported Browsers (Macintosh)
|
||
|
Mac OS X: Safari 3, Firefox 2 |
4.1.0.0+ |
4.1(0)+ |
|
iPhone, iPod Touch: Safari (default browser) 14 |
4.1.3.0+ |
4.1(3)+ |
|
1 The "+" designation in the Min. Version columns indicates the feature is supported starting from the Agent and CAM/CAS versions listed and for later versions in the same release branch (e.g. 4.0.x). 2 4.1.3.0 Agent login to Windows 2000 system with Local DB authentication (to CAM) and requirements configured requires a system restart. 3
Windows Vista support (except for stub installer) starts with
release 4.0(4)/4.0.4.0 Agent and release 4.1(1)/ 4.1.1.0 Agent.
4 For checks/rules/requirements, the Agent can detect "N" (European) versions of the Windows Vista operating system, but the CAM/CAS treat "N" versions of Vista as their US counterpart. 5 For Japanese/Korean Windows OS, Windows user names must be ASCII. 6 For Japanese/Korean Windows OS, only ASCII characters are supported for rules/checks. 7 Japanese/Korean Windows XP/2000 clients only are affected by caveats CSCsg38702 and CSCse86581 for Trend AV products. Refer to Release Notes for Cisco NAC Appliance (Cisco Clean Access) Version 4.0(x) for additional details. 8 Mac OS 10.5 and 1.0.5.1 users can only authenticate to the 4.1(3) CAM/CAS. Mac OS 10.5/10.5.1 is not supported on earlier Cisco NAC Appliance versions. 9 The Clean Access Agent only fully supports authentication/posture assessment/remediation on 32-bit operating systems. Any client OS not listed is not supported, even if the Agent can be installed on the client (e.g. Embedded XP is not supported). 10 The Agent picks the correct language template based on the local computer Locale (under Control Panel > Regional and Language Options). Cisco recommends using the localized Agent in the localized version of Windows (e.g. French Agent in French Windows). Agent language template support only controls what the viewer sees after the Agent is installed; it does not include support for different client operating systems for the Agent Installer or for AV/AS products. 11 For Russian localized template, the Agent must run on Russian Windows to be able display all characters correctly. 12 For releases 4.0(x)/3.6(x)/3.5(x) and below, there is no localization provided for non-English languages (for example, Clean Access Agent installs/authenticates on German Windows but displays all information and instructions in English). 13 High encryption (64 or 128 bit) is required for Agent authentication (starting from release 3.5(7)) 14 Cisco NAC Appliance supports basic web login on Macintosh operating systems—whether Mac OS X, iPhone, or iPod Touch—as long as clients use the Safari or Firefox browsers. |
Linux Operating System Client Support
For Web Login on Linux operating system clients, the Java Applet web client used for L3 MAC address/OS detection and for OOB IP refresh/renew after posture assessment is supported for the Cisco NAC Appliance release, web browser version and Java version listed in Table 10.
Table 10 Cisco NAC Appliance 4.1(x) Support for Linux OS Clients
|
Operating System
(English OS Language) |
CAM/ CAS Version
|
L3 MAC (Applet) Version 1
|
Supported Browsers
|
Java Version 2
|
|---|---|---|---|---|
|
Linux Fedora 4 |
4.1(x) |
2.0.3.0/ 2.2.2.0 |
Mozilla Firefox 1.0.4 |
Sun JRE 1.4.2 |
|
4.1(8) |
2.0.3.0/ 2.2.2.0 |
Mozilla Firefox 3.0.6, 2.0.0.16 |
Sun JRE 1.6.0_07-b06 |
|
|
4.1(8) |
2.0.3.0/ 2.2.2.0 |
Mozilla Firefox 3.0.6 |
Sun JRE 1.6.0_12-b04 |
|
|
4.1(8) |
2.0.3.0/ 2.2.2.0 |
Mozilla Firefox 3.0.4 |
Sun JRE 1.6.0_12-b04 |
|
1 For Linux OS clients, Web Login is supported in L2/L3 IB modes, and L2 OOB mode. In L3 OOB mode, the L3 MAC Address Detection Java Applet is required to obtain the MAC address of the client and refresh the IP address when necessary. 2 Java version 1.4.2 is the minimum version required for Java Applet support. 3 To support IP refresh/renew, "#Defaults requiretty" must be commented out in the /etc/sudoers file on the Linux client. If not commented, the applet used for IP refresh/renew fails with error "sudo: sorry, you must have a tty to run sudo" if the script is called by the applet. PortBounce occurs on Fedora 8/9/10 clients during the IP Refresh after authentication. 4 Supported for root and non-root users. Tested for Cisco NAC Appliance Release 4.5(1) and 4.1(8). |
Note Refer to Support for Cisco NAC Appliance Agents, Release 4.5 and Later,
available at
http://www.cisco.com/en/US/products/ps6128/products_device_support_tables_list.html
for additional client support details for Release 4.5 and later.