Manuals / IBM / Computer Equipment / Network Card

IBM Tivoli and Cisco manual Tools and tricks for the client, Cisco Secure ACS server

Models: Tivoli and Cisco

1 516
Download 516 pages 58.69 Kb
Page 471
Image 471

TimeToNextReauth

= 48

Authentication Method

= Dot1x

Posture

= Healthy

Authorized By

=

Authentication Server

Vlan Policy

=

10

Cisco Secure ACS server

On a Cisco Secure ACS server Web GUI, go to the reports section and look at the Passed Authentications and Failed Attempts reports.

The Failed Attempts report shows instances where the NAC process was not completed successfully for some reason. The Authentication Failure Code column gives an indication of what failed. Use this report to find details about why NAC challenges are not completing. This typically leads to something amiss in your Cisco NAC setup, between the Cisco Trust Agent, Cisco IOS Software NAD, and Cisco Secure ACS.

The Passed Authentications report shows NAC challenges that were completed successfully, even if the result was that the client was quarantined. If entries are being added to this report, your basic Cisco NAC setup is probably good and the hosts are being quarantined due to their compliance postures. At any rate, you can see the values that are passed from the Security Compliance Manager Posture Plug-in for each host in this report.

Cisco Trust Agent

On the client, the Cisco Trust Agent handles all communications with the Cisco network. The accompanying file, ppta.exe, can be used to query the Cisco Trust Agent to see what information it is passing to the network. This file should be placed into the %CTA_HOME% directory and executed from there. When run, it pops up a window. Click the Update List button to display all of the registered Posture Plug-ins on the system. You should see the IBM Security Compliance Manager plug-in displayed in the list. Select the IBM plug-in and click the Posture Button. The attributes and values that are passed to the network by the IBM plug-in are displayed in the lower window. Make sure that these values are the expected values.

Tools and tricks for the client

The information in this section is useful for problem determination and the proper installation of the Security Compliance Manager client.

Note: You might check Tivoli user documentation and product release notes for any additional commands or information. Commands shown below are best aimed at providing comprehensive hints and tips for this concept.

Appendix A. Hints and tips 453

Page 470 Page 472
Page 471
Image 471
IBM Tivoli and Cisco manual Tools and tricks for the client, Cisco Secure ACS server
Page 470 Page 472