Manuals / IBM / Computer Equipment / Network Card

IBM Tivoli and Cisco manual 40500

Models: Tivoli and Cisco

1 516
Download 516 pages 58.69 Kb
Page 472
Image 472

Security Compliance Manager client

When the Security Compliance Manager client is started, the Security Compliance Manager policy collector should listen for TCP connections on port

40500.

If a netstat -ancommand is run in a command window, you should see this line:

TCP

127.0.0.1:40500

0.0.0.0:0

LISTENING;

If this line does not appear in the list of connections, then the Security Compliance Manager client policy collector is not running correctly.

If the client is listening on port 40500, you can telnet to the client and issue the same commands that the Cisco Trust Agent would issue. This technique should be used when you have to troubleshoot the interface between the Cisco Trust Agent and the Security Compliance Manager policy collector.

In a command line window, issue the telnet localhost 40500 command to establish a connection with the client.

With the following commands, you can see what is being passed back to the network, look at the complete posture cache, and test calls to the remediation handler.

The commands pquery and pstatuschange have no arguments. pquery displays the current value of all defined posture attributes.

Note: When you issue a pquery command, the next time the network issues a pstatuschange it will receive a false response. If you issue a pquery command, you should clear the client’s cache on the router or initiate a rescan of the client on the router.

The pstatuschange command displays either true or false, reflecting how the network determines whether the client’s status has changed since the last pquery.

The print and runall commands display and refresh the posture cache. print shows the complete contents of the posture cache and is useful to see what the client sees as the state of your system. Runall runs all of the collectors again and refreshes the posture cache with fresh information.

The pnotify <REM_URL> command starts the remediation handler, with <REM_URL> being the URL of the remediation listener that can be called to handle the remediation request.

454Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 471 Page 473
Page 472
Image 472
IBM Tivoli and Cisco manual 40500
Page 471 Page 473