LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

October 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS October 2005

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: A task that could be easier
From:	Jason Richardson <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Mon, 17 Oct 2005 11:09:42 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (137 lines)

I think that by having Rajnesh follow this listserv, participate in
these discussions, and take our suggestions back to the CCA development
team, Cisco is paying better attention to its target market for CCA. 
For those of you who don't want or need additional reporting or info
from CCA, you have your turnkey solution.  Many of us, however,
recognize a need for additional information that is fairly easy to
access as long as Cisco writes in the hooks so that we're not running
"unsupported" when we need to call TAC for assistance.  How does
enabling SNMP for some of us to access that additional information
negatively impact you or others who are not inclined to do so?

Thanks,

---
Jason Richardson
Manager, IT Security and Client Development
Enterprise Systems Support
Northern Illinois University

>>> [log in to unmask] 10/17/2005 10:17:48 AM >>>
Reading the whole SNMP discussion makes me nervous. I hope Cisco
doesn't
forget it's target market. I think most people who bought Perfigo/CCA
did so because they knew there were "open source" alternatives but
didn't have the personnel resources to implement/maintain them. I
think
people were looking for turnkey solutions. I don't think most of us
have
the desire nor inclination to want to poke, probe, and prod the box
with
SNMP or APIs to get the box to do what we want. 



Cheers,
Rand

Please STARTsafe and RUNsafe  -- www.merrimack.edu/runsafe 
--
Rand P. Hall * Director, Network Services / Merrimack College *
SunGard
* Collegis
315 Turnpike Street, North Andover MA 01845 * Tel 978-837-5000 * Fax
978-837-5434
[log in to unmask] * www.sungardcollegis.com 

CONFIDENTIALITY:  This e-mail (including any attachments) may contain
confidential, proprietary and privileged information, and unauthorized
disclosure or use is prohibited.  If you received this e-mail in
error,
please notify the sender and delete this e-mail from your system.

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Cal Frye
Sent: Monday, October 17, 2005 10:48 AM
To: [log in to unmask] 
Subject: A task that could be easier

OK, I have a question that is either a feature request or a bug in my
system.
Please forgive the long post, but I think I'm getting lost in the SNMP
discussion and want to make this clear...

I have a RIAA request to disable access for a particular IP address
based on
copyright violation. Notwithstanding the legal issues involved, here's
what I've
done so far:

I searched the online users for the IP address, found a userid, IP,
MAC,
OS
type, and date of authentication. A surprize, as often the guy I want
isn't in
the online users list at the moment I happen to look, but this time it
works.

Now I want to move him from the Authenticated Student role into my
Copyright
Violators role. I can't do that from the Online Users list directly.
I'd
like to
check his scan report, so I go over to Clean Access, which knows
nothing
of this
user, neither in the Certified Devices list nor the Network Scanner
Reports
list; searching for his userid returns nothing. That's very
interesting!

Searching for his MAC address shows him using a different IP address
and
guest
access back in August. At least that report turns up a hostname that
is
consistent with his first name; I think I have the same guy.

Checking the Clean Access Agent reports list (use is optional, still)
turns up
nothing either on the IP address or userid.

Going to the CCA server in question and consulting the DHCP assignment
list
confirms that MAC address renewed the IP assignment on Sunday; I still
have my man.

Why isn't he in my Clean Access list as an authenticated user? His
guest
access
would have expired in 24 hours.

Finally, I go to Filters, where I enter all the data I have manually
to
create a
filter to put him in the role I want him in.

I don't particularly care whether this is done via the browser
interface, or via
SNMP using client software (as long as it works on Mac and Linux in
addition to
Windows) or voodoo, I just want some single place to accomplish this
task: Given
an IP address, I want to be able to confirm the identity and change
the
assigned
user role. Why is this so hard?

-- 
--Cal Frye, Network Administrator, Oberlin College
   www.ouuf.org, www.calfrye.com 
   Say Yes Twice for Oberlin Schools!   www.oberlinyesyes.com 

  "The day after I was elected, I had my high school grades classified
Top
Secret." --Ronald Reagan (b. 1911)

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU