LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

September 2010

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS September 2010

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: NAC Notifications and Testing
From:	Calvin Krzywiec <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Fri, 24 Sep 2010 12:54:04 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (96 lines)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, answers inline.

- --
Cal A. Krzywiec, CCNA, CCDA
Network Engineer
The University of Scranton
Phone: (570) 941-6748
Email: [log in to unmask]


On 9/24/2010 10:32 AM, King, Ronald A. wrote:
> Does anyone have any scripts to automate testing NAC connectivity and
> functionality?  We are looking for ways to get notifications when the NAC
> appliances fail, such as:
> 
> .         CAM/CAS loss in communication
> 
> .         Switch/CAM loss in communication
> 
> .         RADIUS communication failure
> 
> .         General authentication failure through the java plugin
> 
> .         General authentication failure through the agent
> 
> .         Errors internally to the CAS/CAM such as service down
> 
> .         Threshold based login failures such as x number of unable to login
> within x minutes
> 
> .         Any others that I cannot think of
> 

We export the event logs as syslog to Splunk and build saved searches there with email notifications.

> These are a result of failures this week.  One where DNS did not resolve the
> CAM correctly for to the RADIUS server, effectively preventing anyone from
> logging in including the ability to manage the CAM, and, one where we lost
> all communication to the switches, causing users to receive a message they
> were logged into too many locations at once.  We have no idea how either
> happened and TAC could not give a reason for the loss in global switch
> communication.  Maybe the two are related.
> 
>  

We saw something similar where the CAM stopped responding to snmp traps. BugID: CSCsr95757.

> 
> We also would like to give prospective and new students the ability to check
> their computer's functionality with NAC prior to coming on campus.  I
> imagine the Java plugin could be presented from the outside and redirect
> them to a "Congratulations" screen, but, what could we do from the posture
> assessment side?  Any ideas on this would be welcome.
> 
>  
> 
> Any ideas on any of the above would be very helpful!!!  Thanks in advance.
> 
>  
> 
> Ronald King
> 
> Security Engineer
> 
> Norfolk State University
> 
> Marie V. McDemmond Center for Applied Research
> 
> Suite 401
> 
> 700 Park Ave.
> 
> Norfolk, Virginia  23504
> 
> Phone:  757-823-3918
> 
> Fax: 757-823-2128
> 
> Email:  <mailto:[log in to unmask]> [log in to unmask]
> 
>  <http://security.nsu.edu> http://security.nsu.edu
> 
>  
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)

iEYEARECAAYFAkyc16wACgkQF/8PDUxaTEq7mgCcDdylBEVlW/RgIwn+CZKDjtsZ
52cAni9dgps7nGUa3iCu2fuWHetY3mAV
=gMiS
-----END PGP SIGNATURE-----

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU