Reading the whole SNMP discussion makes me nervous. I hope Cisco doesn't
forget it's target market. I think most people who bought Perfigo/CCA
did so because they knew there were "open source" alternatives but
didn't have the personnel resources to implement/maintain them. I think
people were looking for turnkey solutions. I don't think most of us have
the desire nor inclination to want to poke, probe, and prod the box with
SNMP or APIs to get the box to do what we want.
Cheers,
Rand
Please STARTsafe and RUNsafe -- www.merrimack.edu/runsafe
--
Rand P. Hall * Director, Network Services / Merrimack College * SunGard
* Collegis
315 Turnpike Street, North Andover MA 01845 * Tel 978-837-5000 * Fax
978-837-5434
[log in to unmask] * www.sungardcollegis.com
CONFIDENTIALITY: This e-mail (including any attachments) may contain
confidential, proprietary and privileged information, and unauthorized
disclosure or use is prohibited. If you received this e-mail in error,
please notify the sender and delete this e-mail from your system.
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Cal Frye
Sent: Monday, October 17, 2005 10:48 AM
To: [log in to unmask]
Subject: A task that could be easier
OK, I have a question that is either a feature request or a bug in my
system.
Please forgive the long post, but I think I'm getting lost in the SNMP
discussion and want to make this clear...
I have a RIAA request to disable access for a particular IP address
based on
copyright violation. Notwithstanding the legal issues involved, here's
what I've
done so far:
I searched the online users for the IP address, found a userid, IP, MAC,
OS
type, and date of authentication. A surprize, as often the guy I want
isn't in
the online users list at the moment I happen to look, but this time it
works.
Now I want to move him from the Authenticated Student role into my
Copyright
Violators role. I can't do that from the Online Users list directly. I'd
like to
check his scan report, so I go over to Clean Access, which knows nothing
of this
user, neither in the Certified Devices list nor the Network Scanner
Reports
list; searching for his userid returns nothing. That's very interesting!
Searching for his MAC address shows him using a different IP address and
guest
access back in August. At least that report turns up a hostname that is
consistent with his first name; I think I have the same guy.
Checking the Clean Access Agent reports list (use is optional, still)
turns up
nothing either on the IP address or userid.
Going to the CCA server in question and consulting the DHCP assignment
list
confirms that MAC address renewed the IP assignment on Sunday; I still
have my man.
Why isn't he in my Clean Access list as an authenticated user? His guest
access
would have expired in 24 hours.
Finally, I go to Filters, where I enter all the data I have manually to
create a
filter to put him in the role I want him in.
I don't particularly care whether this is done via the browser
interface, or via
SNMP using client software (as long as it works on Mac and Linux in
addition to
Windows) or voodoo, I just want some single place to accomplish this
task: Given
an IP address, I want to be able to confirm the identity and change the
assigned
user role. Why is this so hard?
--
--Cal Frye, Network Administrator, Oberlin College
www.ouuf.org, www.calfrye.com
Say Yes Twice for Oberlin Schools! www.oberlinyesyes.com
"The day after I was elected, I had my high school grades classified
Top
Secret." --Ronald Reagan (b. 1911)
|
