Table of Contents
Advertisement
Chapter 3
Installing the Clean Access Manager and Clean Access Server
Change directories to
Step 2
You will need to edit two files:
Step 3
Locate the
Step 4
Add
Step 5
caserver1_hostname
CATALINA_OPTS="-server -Xms64m -Xmx${MAX}m -Xincgc
-Djava.util.logging.config.file=${CATALINA_HOME}/conf/redirect-log.properties
-Dperfigo.jmx.context=${PERFIGO_SECRET}
-Djava.security.auth.login.config=${CATALINA_HOME}/conf/sso-login.conf
-Dsun.net.inetaddr.ttl=60 -Dsun.net.inetaddr.negative.ttl=10
-Djava.security.egd=file:/dev/urandom"
-Djava.rmi.server.hostname=caserver1"
Restart the CAS by entering the
Step 6
Repeat the preceding steps for each Clean Access Server in your deployment.
Step 7
Connect to the Clean Access Manager by SSH or using a serial console. Login as
Step 8
Change directories to
Step 9
Edit the hosts file by appending the following line:
Step 10
<public_IP_address>
where:
•
•
The Clean Access Server(s) should now be addressable behind the firewall.
Connectivity Across a Wide Area Network
When deploying the CAM/CAS across a WAN, you must prioritize all CAM/CAS traffic and SNMP
traffic, and include the eth0/eth1 IP addresses of the CAM and CAS in addition to the Service IP address
for HA pairs.
Configuring Additional NIC Cards
The Configuration Utility script requires that the CAM and CAS machines come with eth0 (NIC1) and
eth1 (NIC2) interfaces by default and prompts you to configure these during initial installation. If your
system has additional network interface cards (e.g. NIC3, NIC4), you can use the following instructions
to configure the additional interfaces (e.g. eth2, eth3) on those cards. Typically, eth2 needs to be
configured when setting up CAS systems for High Availability (HA). For HA, once the eth2 (NIC3)
interface is configured with the proper addressing, it can then be configured as the dedicated and/or
redundant UDP heartbeat interface for the HA-CAM/CAS.
Note
•
OL-20326-01
/perfigo/access/bin/
variable definition in each file.
CATALINA_OPTS
-Djava.rmi.server.hostname=<caserver1_hostname>
with the host name of the server you are modifying. For example:
.
/etc/
<caserver1_hostname> <caserver2_hostname>
<
> – The address that is accessible outside the firewall.
public_IP_address
<
> – The host name of each Clean Access Server behind the firewall.
caservern_hostname
For Cisco NAC Appliance hardware, the following instructions assume that the NIC is plugged in
and "working" (i.e. recognized by BIOS and by Linux).
.
and
restartweb
starttomcat
service perfigo restart
Cisco NAC Appliance Hardware Installation Guide
Connectivity Across a Wide Area Network
.
to the variable, replacing
command.
root
.
3-37
Hide quick links:
Advertisement
Table of Contents
