LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

January 2007

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS January 2007

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Clearing devices from roles
From:	"Hague, Jeff" <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Wed, 10 Jan 2007 13:12:25 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (53 lines)

The project that brought up my earlier post is presenting yet another
issue...
I am trying to set up a role to allow game consoles to do what they need
to do without having to manually register their addresses. I compiled
all the info I could find from this list and (originally) created 2
roles, one for Xbox and the other for Playstation. Then I added wildcard
MAC address entries and assigned them to the game roles. It didn't take
long for someone with a Sony PC to call and, sure enough, her machine
had been added to the Playstation role. First I deleted wildcard MAC
addresses for Sony but her machine remained listed in the playstation
role so I then had to delete the role as well. At that point, her
machine and a few others with 00:01:4A:* addresses remained in the
"active" list but showed no role. Slowly, they dropped off the list - I
am assuming that means they shut down.
In the meantime, my Xbox role didn't work either so I scrapped that too
and decided to just create 1 role that blocks the main stuff - HTTP,
AIM, etc - and allows everything else. I kept the Microsoft wildcard
masks and figured I would just add the Sonys by hand. As soon as my new
role was in place, I noticed that the machine I had trouble with earlier
as well as a few others now show up on the Active list in the new role
even though the 00:01:4A:* entry is gone.
Do I need to shut down and restart to really get rid of it?

Jeff

-----Original Message-----
From: Hague, Jeff 
Sent: Wednesday, January 10, 2007 11:10 AM
To: 'Cisco Clean Access Users and Administrators'
Subject: Why all the different machine lists?

Does anyone know what all the different lists of machines really mean?
On the CAM, there is an online users list, a list on the filters page,
and another list on the Clean Access page. On the CAS, there is a
devices list and a clean access list both on the filters page. Each of
these lists seems to have its own little set of information and some of
them allow you to kick users off while others do not - it's terribly
confusing!
How do machines get listed as certified on the Filters page without
being actually added? In addition to the machines I have added, there
are 40 or so machines listed as certified and in the authenticated role.
They are all Macintosh's according to their MAC address. What I don't
understand is, if there really are 40 Macs out there, why do I only see
1 or 2 when I look at the online users list? Also, I can't seem to kick
these machines off from the filters page, how do I kick them out so they
have to re-authenticate? Do I have to kick everyone out? I just did that
over the winter break and I am having a hard time believing that 40 Macs
are back on campus already. Actually, I would be surprised if we even
had 40 Mac users in the dorms...
Any help would be appreciated.

Jeff

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU