Table of Contents
Advertisement
Chapter 3
Installing the Clean Access Manager and Clean Access Server
After the configuration is complete, press Enter to reboot the CAS.
Step 29
Configuration is complete.
Changes require a REBOOT of Clean Access Server.
Enter the following command to reboot the CAS after configuration is complete:
Step 30
# reboot
The CAS initial configuration is now complete. Once the Clean Access Manager is also installed and
initially configured, use the CAM web administration console to add the CAS to the CAM as described
in the
Step 31
Following CAS installation and initial configuration:
a.
b.
c.
If after installation you need to reset the initial configuration settings for the Clean Access Server,
connect to the CAS machine directly or through SSH and use the
Important Notes for SSL Certificates
1.
2.
3.
OL-20326-01
Cisco NAC Appliance - Clean Access Manager Configuration Guide, Release
Ping the eth0 interface address from a command line. If working properly, the interface should
respond to the ping.
For a FIPS-compliant CAS, verify FIPS functionality as follows:
–
Ensure the FIPS card operation switch is set to "O" (for operational mode).
Log into the CAS console interface as
–
Navigate to the /perfigo/common/bin/ directory.
–
Enter
–
./test_fips.sh info
Installed FIPS card is nCipher
Info-FIPS file exists
Info-card is in operational mode
Info-httpd worker is in FIPS mode
Info-sshd up
If the CAS is not responding, try connecting to the CAS using SSH (Secure Shell). Connect with the
username and password. Once connected, try pinging the gateway and/or an external website
root
from the CAS to see if the CAS can reach the external network.
If both tests fail, make sure that you have configured the IP address correctly and that the other
network settings are correct.
You must generate the temporary SSL certificate during CAS installation or you will not be able to
access your CAS. Before deploying in a live environment, obtain a trusted certificate for the CAS
from a Certificate Authority to replace the temporary certificate.
After CAM and CAS installation, make sure to synchronize the time on the CAM and CAS via the
web console interface before regenerating a temporary certificate on which a Certificate Signing
Request (CSR) will be based.
In order to establish the initial secure communication channel between a CAM and CAS, you must
import the root certificate from each appliance into the other appliance's trusted store so that the
CAM can trust the CAS's certificate and vice-versa.
.
root
and verify the following output:
Cisco NAC Appliance Hardware Installation Guide
Installing the Clean Access Server
4.8(3).
service perfigo config
command.
3-33
Hide quick links:
Advertisement
Table of Contents
