NAC Appliance: how to clear configuration ?

Hi!
Is it possible to clear the configuration of the Clean Access Manager (and all of its servers), if it already has lots of user-defined settings, to start configuring it from scratch?
Thx.

The Clean Access Manager can be restored to the factory default accounting configuration as follows:
1. Go to Administration > Backup to backup your database before restoring default settings.
2. Go to User Management > Auth Servers > Accounting > Server Config
3. Click the Reset Events to Factory Default button to remove the user configuration and replace it with the Clean Access Manager default accounting configuration.
4. Click OK in the confirmation dialog that appears.

Similar Messages

  • NAC Appliance design question

    I have a customer with a central site and two branch office. Routing is configured on the WAN to connect all three locations. All servers and internet access are on the central site.
    Customer wants to install NAC appliance. Do I need a NAC apliance at each location? Or do I just install it at the central location and use that NAC appliance for access control to the two remote sites as well.
    Also how does NAC appliance apply access control to users coming into the network via Citrix or Cisco VPN Clients?
    Thanks

    NAC Appliance (CAM & CAS = Clean Access Manager/Server) can be used in a Layer 3 Out Of Band design. This will provide you with centralized control.
    It works by placing all unauthenticated switch ports into a unathentication VLAN. When a switch port goes up/up, the NAC CAS follows a set of rules you have established on the CAM to make decisions about the computer and user. It then will place that switch port into a VLAN 'dynamically' as dictated by the rules. Your switches must support these features (IOS level) and only Cisco products work with the CAM/CAS (well some others might, but it's a short list). When the port goes down/down the CAS senses this and returns the port to the unauthenticated VLAN.
    For instance, if a user is a vendor, only requiring Internet access, you will have a VLAN for this purpose on all your switches and routed/trunked to your Internet Point of Presence. The CAS will see the switch port he/she jacks into come up/up. It will query the user and the computer and based upon the rules in the CAM, dynamically assign the wire port to the VLAN from the go-no-where unauthenticated VLAN.
    If it were a company user, you could set it to check Anti-virus, levels of service packs, etc. before they were allowed on the network. It could also be set up to allow the person access to only the 'Finance' VLAN (for example) based upon their role in the company. It can do this remotely.
    If you were to remediate VPN users, you could not do this in a dynamic, Out of Band fashion. You would need a second CAS (but not CAM) to operate In Band. This would then allow users in one Interface, traverse the CAS on out another interface on the appropriate VLAN. This is because it's impossible to apply multiple rules to a single port shared by multiple users. You would need a means to make decision on what VLAN the users accesses at the concentrator and move them off dynamically at the virtual interface. It's not supported.
    Remember, NAC is performed at the switch port level. Citrix users would be regarded as local users. You could perform certain rule checking to allow them only onto your Citrix VLAN.
    There is a Cisco Chalk Talk series on the NAC, use the URL below. It will teach you as much as you can absorb on the NAC appliances, how to use them and recommend their purchase to your clients.
    http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5707/ps8418/ps6128/prod_presentation0900aecd80549168.html

  • Integrate NAC Appliance with Active Directory

    We try to implement on our customer, NAC appliance integrating with Active Directory Single sign on.
    The NAC configured with L2 OOB. User first connect to switch and got the authentice Vlan, then the user will be authenticate using their domain account login, if success the user will be mapping to the Vlan assign to them.
    The agent SSO installed on Active Directory is running well, and at the CAS also the service SSO started.
    Let say i've this situation:
    1. User A has been assign to Vlan 15 Employee
    2. User A plug to switch and got dummy vlan and will authenticate using Domain account on AD, If succeded than, the port will be bounce, the user running an cisco agent on background
    3. Now user A has their on Vlan ID 15
    I've created the Authentication server on CAM for the Active Directory, but i've find it's so difficult to config mapping rules between user roles to Active directory. The guidance pdf how to implement NAC i've downloaded from cisco, not mention it how to mapping user roles to Active Directory...
    Has any one has been configured mapping rules user roles to Active directory?

    So you would create a mapping rule against your lookup server like so.
    Say the AD group membership is "Finance"
    for ADSSO you would apply the mapping rule to your LOOKUP Server
    where the expression is
    memberOf contains CN=Finance and apply it to role employee if VLAN 15 is your employee vlan then you would designate vlan 15 in your Employee role under user role configuration
    Now you cant test this with ADSSO with the test auth function so what I like to do is create an AD authentication server and test against that as long as you have some form of mapping configured the auth results will return all memberships for the userename you login with so you can get the syntax exactly right.

  • Authentication NAC appliance with ACS

    I had deployed a L3 Virtual Gateway mode for NAC appliance. There is ACS for authentication. How can I add ACS to "Auth Servers". CAM settings do not need mapping rules. Every user just anthenticate oneself's account, then CAM can pass these info to ACS. What should I do, Thank you?
    Is there any configuration example, e-mail to [email protected]

    http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a00809b8e3b.shtml

  • How to clear vendor open items if vendor invoice currency and payment currency different

    Hi All.
    How to clear vendor open items through f-44 if vendor invoice currency is EUR , payment currency is USD  but local currency is INR
    while clearing through f-44 system showing error as "to large for clearing clearing is not possible"
    I checked all configuration, configuration wise no problem
    BR.
    Chandra

    Hi Chandra,
    You chose any one of the currency i.e. EUR/INR/USD for clearing in F-44. After selecting line items for clearing, system will show a difference. Click on over view button and manually write off the difference by selecting any one account i.e. dummy or small diff.account, after that click on process open items then system will show the difference 0 and simulate the document, here system will post gain/loss exchange GL postings along with other line items. After save the document, manually pass journal entry to dummy account and gain/loss account. I have explained clearly in the below example.
    Invoice is in USD - 1000 & INR - 60000
    Payment is in INR - 60000
    Now I am going to clear these in INR currency in F-44 on 31.03.2015. On this date the exchange rate for USD is 60.10. At the time of clearing system will post the below entry
    Vendor A/c Dr 60000 (invoice)
    Vendor A/c Cr 60000 (Payment)
    Gain from exchange rate A/c Cr  100 (60000 - 60100)
    Small diff.write off A/c (or) Dummy A/c Dr 100
    After done the above posting, we have to pass below manual JV in FB01
    Gain from exchange rate A/c Dr  100
    Small diff.write off A/c (or) Dummy A/c Cr 100
    Regards,
    Mukthar

  • How to clear outbound Queue in  SXMB_MONI

    HI Experts,
    Unable to process the file in SXMB_MONI as a result the files are getting strucked with the QUEUE and now how to clear this queues for processsing the file...
    and another i have configure the server with 611 client but while executing the client of the server is showing 001 and we didn't observe initially as it is working fine but when we observed now it is found
    is this has an impact..
    do we need to do any other certain configurations at the Server end..
    regards,
    Kishore

    > There is no URL in SXMB_ADM, how to provide an url there, and even before we didn't get this problem as the files are successfully processsing for the past 3 months in PDN, and now we are getting this problem.
    >
    Hello,
    I have understood your problem but you are not following the steps which we are mentioning here.
    For your above problem you need to follow ONLY step no1 & 2 mentioned in the blog since steps are common for acitvating the proxy and thats way you are getting confused that why I am asking you to follow that blog.
    In the blog step 1 will simply help you creat the RFC destination.
    Step 2 will help you to use the above RFC destinaiton as an url.
    In opionion if you resolve this problem first then it will be easier to solve your queue problem.
    Please let me know if you need more help/clarification in this regard i will help you.
    Regards,
    Sarvesh

  • How to Clear Deployment History in Essbase Studio 11.1.2

    Hi All,
    I was unable to export the entire catalog in Essbase Studio 11.1.2.So,I posted the issue with Oracle Support and got reply as follows
    "found the failure for the export of entire catalog could be related to a large deployment history. In this case there are two options for 11.1.2.0.00 release
    1. Try to increase memory setting but on Windows 32-bit platforms ensure it should be below the maximum setting of 2048 MB.
    2. If it doesn't help, please try to clean-up deployment history."
    Which setting I have to increase
    (or)
    How to clear the deployment history for a Cube Schema Model.Thanks in Advance
    Regards,
    SatyaB

    increasing the memory have a read of section "Configuring Virtual Memory" - http://download.oracle.com/docs/cd/E17236_01/epm.1112/est_user.pdf
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • How can I configure ReFS to NOT fail read operations when a checksum error is detected (on non-Storage-Spaces volumes where data integrity streams are enabled)?

    According to William Stanek, in his Windows Server 2012 R2 Inside Out: Configuration, Storage & Essentials book, this is apparently possible: (pg. 615 - here it is on Google Books: https://books.google.ca/books?id=0IyfBAAAQBAJ&pg=PT819&lpg=PT819&dq=read+operation )
        Integrity can be enabled when the system is not running on Storage Spaces. When
        integrity is enabled and ReFS detects a checksum mismatch, ReFS logs an event and
        fails the read operation by default. If you don’t want the read operation to fail, you
        can configure ReFS to continue with the read operation. A related event will be logged
        regardless.
    So then how do I configure it to do that???
    (And just to make it super-clear, I'm NOT using Storage Spaces, so there is no redundancy via mirroring/parity, and I'm not expecting any file repair - just detection of corruption. It's just a basic volume formatted with ReFS and
    with integrity streams enabled, via format E: /fs:ReFS /i:enabled
    For those who want more details, here's the situation: 
    I try to perform a read operation on a file with corrupted data (purposely done for testing using a low-level disk editor), I get a the following error message:
    And an event ID 133 from ReFSv1 gets logged in the System log:
    Clicking "Try Again" just brings up the same message, and clicking "Skip" skips the operation entirely.
    This is indeed the correct default behaviour.
    What I want instead is for the read operation to be allowed to complete, with corrupt data and all, and ONLY for the event to be logged. And according to William Stanek, this is supposed to be configurable somewhere - and after hours of searching, I haven't
    been able to find anything.

    Hi Tommy,
    >>How can I configure ReFS to NOT fail read operations when a checksum error is detected
    We can use PowerShell command Set-FileIntegrity to configure this. The specific parameter for controlling this behavior is
    -Enforce <Boolean>which indicates whether to enable blocking access to a file if integrity streams do not match the data.  
    Regarding this point, the following article can be referred to as reference.
    Set-FileIntegrity
    https://technet.microsoft.com/en-us/library/jj218351.aspx
    Best regards,
    Frank Shen
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • What is the purpose of F-03 clearing? How to clear GL account there in F-03

    HI,
    What is the purpose of F-03 clearing? How to clear GL account there in F-03.Please help me in understanding the concept.
    Thanks
    Supriya

    Hello,
    There are cases where you pass some manual entries which might not have cleared against the other related item, THOUGH the balance has been ZERO.  Like cases where you reverse logistics invoice through MR8M, then entry gets reversed but they are still open items. Like some GRIR accounts might have debit and credit entries for same purchase order and the balance MIGHT have become ZERO, but still they are open item. To clear all these open itesm (changing the status of the open items to cleared items, you need to use F-03)
    Please go to F-03 and give the GL account which want to manually clear the debit and credit items.
    Normally you will this kind of activity for clearing account, where there is no automatic clearing mechanism explained in OB74.
    now click on open items. (if you know any specific things like document number etc. you can fill them, then they will act as a FILTER and only those document numbers you feeded will be appeared)
    Now select the items you want to clear. Deselected all other you do not want to clear. Selected items will be in blue colour and the difference at the end of the screen MUST be ZERO to post (unless you configured otherwise)
    Click on save button.
    The entries passed will GL Account A Dr and GL Account B Cr. Meaning that there is no implication but posting the debit and crediting the same account and clearing the status of the line items from OPEN to CLEARED.
    Hope I am clear.
    Regards,
    Ravi

  • How to clear the hung calls in CUBE?

    I'm installing a new CUBE as SIP-SIP gateway in Cisco 2921, IOS: 15.1(4)M3. When i tried few test calls, I saw couple of hung calls in it.
    I tried clearing them manually with the below command but it didn't help.
    clear call voice causecode identifier{id identifier | media-inactive | calling-number number | called-number number}
    >> https://supportforums.cisco.com/docs/DOC-34379
    The call legs are still in connecting status.
    2    : 2152 13:36:28.319 CET Tue Feb 11 2014.1 +-1 pid:200 Answer 222022029 connecting
    dur 00:00:00 tx:0/0 rx:0/0
    IP X.X.X.97:24578 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g711ulaw TextRelay: off
    media inactive detected:n media contrl rcvd:n/a timestamp:n/a
    long duration call detected:n long duration call duration:n/a timestamp:n/a
    2    : 2157 13:38:54.589 CET Tue Feb 11 2014.1 +-1 pid:200 Answer 222022029 connecting
    dur 00:00:00 tx:0/0 rx:0/0
    IP X.X.X.97:24582 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g711ulaw TextRelay: off
    media inactive detected:n media contrl rcvd:n/a timestamp:n/a
    long duration call detected:n long duration call duration:n/a timestamp:n/a
    Also, I tried enabling media inactivity timer but it would clear only the calls in 'Connected' status If I understand correctly.
    how to clear those hung calls? and what could be the cause of it?
    Any help would be much appreciated.
    Thanks in advance
    Suresh

    Suresh have you tried this:
    ip rtcp report interval 5000
    gateway
    timer media-inactive 5
    The challenge you may face is that the media inactivity was not configured before this call started, hence it cant activate the time for this particular call...
    Give it a go, lets know if it works. Even if it doesnt I suggest you enable this on your CUBE going forward, so you dont haver hung calls in the future
    example: You can use the debug ccsip events to see the media inactivity timer kicking in for a call...
    Router# debug ccsip events
    00:04:29: sipSPICreateAndStartRtpTimer: Valid RTP/RTCP session found and CLI ena
    bled to create and start the inactivity timer
    00:04:29: sipSPICreateAndStartRtpTimer:Media Inactivity timer created for call.
    Mfactor(from CLI): 5 RTCP bandwidth: 500
    RTCP Interval(in ms): 5000
    Normalized RTCP interval (in ms):25000
    Please rate all useful posts
    "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"

  • How to clear the down payment against the vendor invoice in the payment program?

    A down payment is made $25 Later an invoice is posted for $100 Now i want to Pay $75 to Vendor But the Automatic payment program  is not clearing the down payment against the vendor invoice. Could you please help how to clear the down payment against the vendor invoice in the payment program?

    Swathi,
    Need your help i have a strange situation
    1) F-48 and document posted with document no = 15..... in company code = L002 with payment block getting populated automatically
    2) F-48 and document posted with document no= 15..... in company code = Us11 without payment block and the screen does not even show payment block, I had to check this from BSEG table
    My question is
    a) How and where does this payment block is triggered through configured and how to process next steps.
    b) when I use F-48, how do we do the actual payment, is there a check printing and linking it to the KZ document or is check printing done outside the system and the KZ document type does not have any linkage.
    c) If I do FB60 for a higher amount how do we pay partial amount.
    Your response is appreciated.

  • GR in one GL Code and IR in different GL code -how to clear?

    hi,
    If the
    gl a/c during GR differ from gl a/c during Invoice verification then
    what configuration we need to do so that these accounts  get cleared
    automatically?
    For example
    During  GR  the GR/IR clearing a/c was 307213 and during Invoice
    Verification the GR/IR clearing A/c is 307212.What
    configuration is needed to clear these two?

    Hi laxmi
    sorry I dont think it will work. Presently for this particular client the GR and IR getting posted in the same a/c for that particular valuation class.
    for example valuation class is 3009.
    for this valuation class GR and IR both the a/c NOW is 307213.
    But in between they have some GR and IR for which they have different accounts. How to clear those?

  • How to clear the Residual & partial payment through app

    Hi Experts,
    How to clear the Residual and partial payment through app in accounts payable i tried but i am not getting the out put so plz clarify the my question and any other configuration for that give answer with example...
    Thanks for advance
    Regards,
    Nivas99

    Hi Nivas,
    Partial payment is possible throw app but not possible residual payment.
    Partial payment u create a payment request p as a special indication u can try.
    I hope this is help full u.
    regards,
    venkatesh

  • How to clear cache for XML data source?

    Hi All,
    I'm facing a problem loading XML data into Oracle using Oracle Data Integrator. The problem is ODI will cache the data of the XML file at the first time loading the data. And afterwards, when the XML file changed, ODI will load data from the cache.
    I did serveral testing on this. If I run the interface in local agent of the designer, I must restart the designer to clear the cache. If I run the interface in an agent, I must restart the agent to clear the cache.
    Below is my configuration:
    ODI version: 10.1.3.5.0
    The technology of the source: XML.
    JDBC driver: com.sunopsis.jdbc.driver.xml.SnpsXmlDriver
    Does anybody know how to clear the cache of the agent or XML?
    Thanks.

    Hi ,
    Use drop_on_disc or dod in your JDBC URL .
    example ,
    jdbc:snps:xml?f=C:\mutation.xml&d=C:\mutation.xsd&lf=C:\mutation.log&ro=true&dod=yes
    The dod (drop_on_disc) drop automatically the schema when closing the JDBC connection.
    dod option must be the last option of the URL.
    This option removes the reference to the schema from the driver, and if the schema is store in memory, it also drops the schema. If the schema is stored in an external database (set via db_props), the driver tries to drop the database schema.
    Thanks,
    Sutirtha

  • How to clear the power up reset states

    my pci 7344 is  in the power up reset state. How to clear the power up reset state of an 7344 programmatically. Using clear power up reset state in block diagram doesnt seem to work. Give a possible solution

    This is the VI I use to initialize a motion controller. It clears the power up reset if needed and then initialize the controller with the specified configuration (previously created with MAX).
    Sorry for the french comments.
    Attachments:
    Initialiser interface avec gestion power up reset (LV8).vi ‏26 KB

Maybe you are looking for