LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

August 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS August 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Computer bypassing login after filter deletion
From:	Sean A Thomas <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Tue, 29 Aug 2006 15:19:59 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (159 lines)

The device is showing up in /proc/click/mac_validation_table/activetable  I will remove that entry

-----Original Message-----
From: "Rajesh Nair (rajnair)" <[log in to unmask]>
To: [log in to unmask]
Date: Tue, 29 Aug 2006 12:10:59 -0700
Subject: Re: Computer bypassing login after filter deletion

No, there isn't.  I was only guessing as to the reason why.  If the CAS
gets the new filter information, there is no reason why it wouldn't
enforce it. 

One thing to do would be to check the Active Devices list... However,
since you are on 3.6.4 and don't have that feature, you could ssh to the
CAS and take a look at /proc/click/mac_validation_table/activetable and
/proc/clicl/mac_validation_table/table to see if the MAC address in
question is present in either of those tables. 

-Rajesh. 

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Sean A Thomas
Sent: Tuesday, August 29, 2006 11:48 AM
To: [log in to unmask]
Subject: Re: Computer bypassing login after filter deletion

I will do this during our next downtime window as it only seems to
affect a few computers.  Is there any specific reason why a filter
change is not properly propogated?

-----Original Message-----
From: "Rajesh Nair (rajnair)" <[log in to unmask]>
To: [log in to unmask]
Date: Tue, 29 Aug 2006 11:38:41 -0700
Subject: Re: Computer bypassing login after filter deletion

Just fail them in turn... Actually, you should notice the effect as soon
as you fail onto the secondary because the failover event causes the
standby to go get the latest policies from the CAM. 

-Rajesh. 

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Sean A Thomas
Sent: Tuesday, August 29, 2006 11:34 AM
To: [log in to unmask]
Subject: Re: Computer bypassing login after filter deletion

Before I do this, will I need to completely disconnect my HA pair, or
simply fail the primary and secondary in turn?

-----Original Message-----
From: "Rajesh Nair (rajnair)" <[log in to unmask]>
To: [log in to unmask]
Date: Tue, 29 Aug 2006 11:25:35 -0700
Subject: Re: Computer bypassing login after filter deletion

Sean,

From the CAM, can you disconnect/connect the CAS to ensure that the CAS
gets the new filters? 

-Rajesh. 

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Sean A Thomas
Sent: Tuesday, August 29, 2006 10:09 AM
To: [log in to unmask]
Subject: Re: Computer bypassing login after filter deletion

It doesn't show up in the certified device list.  

One thing of note:  I am able to manually go to the CAS to download the
agent, and I am able to install the agent, and it does prompt for login,
however even through all of this, the computer is never restricted.  I
have tried the computer on multiple ports on multiple switches.

Sean

-----Original Message-----
From: Deborah Hovey <[log in to unmask]>
To: [log in to unmask]
Date: Tue, 29 Aug 2006 12:04:29 -0400
Subject: Re: Computer bypassing login after filter deletion

Did you remove it from the certified device list?

>>> "Sean A. Thomas" <[log in to unmask]> 08/29/06 10:21 AM >>>
I created a filter to allow Sony PS2 devices onto the network based on
MAC address range.  We discovered that some VAIO notebooks share this
NIC, and we got one student to bring it in, so I deleted that filter.
However, even after deleting the filter, the notebook is let into the
network without requiring CCA.  Thoughts?  We are running 3.6.4 OOB.

Sean

  _____  

Sean A. Thomas, MCP, RHCT
Academic Systems Administrator
Embry-Riddle Aeronautical University
[log in to unmask]
386-226-6193 - Office

You asked for it...learn more about ERNIE at <http://it.erau.edu/ernie>
http://it.erau.edu/ernie.

------------------------------------------------------------------------
--------

Sean A. Thomas, MCP, RHCT
Academic Systems Administrator
Embry-Riddle Aeronautical University
[log in to unmask]
386-226-6193 - Office

You asked for it...learn more about ERNIE at http://it.erau.edu/ernie.

------------------------------------------------------------------------
--------

Sean A. Thomas, MCP, RHCT
Academic Systems Administrator
Embry-Riddle Aeronautical University
[log in to unmask]
386-226-6193 - Office

You asked for it...learn more about ERNIE at http://it.erau.edu/ernie.

------------------------------------------------------------------------
--------

Sean A. Thomas, MCP, RHCT
Academic Systems Administrator
Embry-Riddle Aeronautical University
[log in to unmask]
386-226-6193 - Office

You asked for it...learn more about ERNIE at http://it.erau.edu/ernie.

--------------------------------------------------------------------------------

Sean A. Thomas, MCP, RHCT
Academic Systems Administrator
Embry-Riddle Aeronautical University
[log in to unmask]
386-226-6193 - Office

You asked for it...learn more about ERNIE at http://it.erau.edu/ernie.

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU