- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: IDM - daily statistics cleanup policy
Switches, Hubs, and Modems
1752708
Members
5945
Online
108789
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2007 02:15 PM
07-16-2007 02:15 PM
IDM - daily statistics cleanup policy
Hi,
I have implemented IDM with IAS in AD environment for MAC authentication. All works fine for each of the devices, except for some SONY NSP1 signages. These devices get authenticated alright but if they get moved from one aaa configured port to another aaa configured port they do not get authenticated unless they are rebooted. I have identified that this is because of no traffic being generated by these devices and hence the switch port loses the MAC address of it and hence cannot pass on the credentials to the IAS for authentication. I have tried heaps of scripts to generate traffic from these dumb devices but it does not help.
I have noticed that every midnight when the daily statistics clean up event is recorded in IDM events screen all of these un authenticated signages get authenticated! Does anyone know how to customise these statistics cleanup policy to make it run every hour or on demand? Please note that this is different to the sessions cleanup under IDM policy manager.
Any help would be greatly appreciated.
I have implemented IDM with IAS in AD environment for MAC authentication. All works fine for each of the devices, except for some SONY NSP1 signages. These devices get authenticated alright but if they get moved from one aaa configured port to another aaa configured port they do not get authenticated unless they are rebooted. I have identified that this is because of no traffic being generated by these devices and hence the switch port loses the MAC address of it and hence cannot pass on the credentials to the IAS for authentication. I have tried heaps of scripts to generate traffic from these dumb devices but it does not help.
I have noticed that every midnight when the daily statistics clean up event is recorded in IDM events screen all of these un authenticated signages get authenticated! Does anyone know how to customise these statistics cleanup policy to make it run every hour or on demand? Please note that this is different to the sessions cleanup under IDM policy manager.
Any help would be greatly appreciated.
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2007 10:10 PM
07-16-2007 10:10 PM
Re: IDM - daily statistics cleanup policy
You can reset the statistics manually under Preferences, IDM 'reset accounting statistics'.
Do you have RADIUS accounting for network enabled on your switches? I'd recommend enabling it if you do not.
There should be a Policy in PCM that is running the statistics cleanup every day at midnight, you should be able to edit this to run it hourly.
I'm also wondering if this may help:
Syntax: [no] aaa port-access mac-based [e] < port-list > [addr-moves]
Allows client moves between the specified ports under
MAC Auth control. When enabled, the switch allows
addresses to move without requiring a re-authentication.
When disabled, the switch does not allow moves
and when one does occur, the user will be forced to reauthenticate.
At least two ports (from port(s) and to
port(s)) must be specified. Use the no form of the
command to disable MAC address moves between ports
under MAC Auth control.
(Default: disabled â no moves allowed)
Also controlled-directions may be something to look into:
Syntax: aaa port-access controlled-directions
After you enable MAC-based authentication on specified
ports, you can use the aaa port-access controlled-directions
command to configure how a port transmits traffic
before it successfully authenticates a client and enters
the authenticated state.
both (default): Incoming and outgoing traffic is blocked
on a port configured for MAC authentication before
authentication occurs.
in: Incoming traffic is blocked on a port configured for
MAC authentication before authentication occurs. Outgoing
traffic with unknown destination addresses is
flooded on unauthenticated ports configured for web
authentication.
Do you have RADIUS accounting for network enabled on your switches? I'd recommend enabling it if you do not.
There should be a Policy in PCM that is running the statistics cleanup every day at midnight, you should be able to edit this to run it hourly.
I'm also wondering if this may help:
Syntax: [no] aaa port-access mac-based [e] < port-list > [addr-moves]
Allows client moves between the specified ports under
MAC Auth control. When enabled, the switch allows
addresses to move without requiring a re-authentication.
When disabled, the switch does not allow moves
and when one does occur, the user will be forced to reauthenticate.
At least two ports (from port(s) and to
port(s)) must be specified. Use the no form of the
command to disable MAC address moves between ports
under MAC Auth control.
(Default: disabled â no moves allowed)
Also controlled-directions may be something to look into:
Syntax: aaa port-access
After you enable MAC-based authentication on specified
ports, you can use the aaa port-access controlled-directions
command to configure how a port transmits traffic
before it successfully authenticates a client and enters
the authenticated state.
both (default): Incoming and outgoing traffic is blocked
on a port configured for MAC authentication before
authentication occurs.
in: Incoming traffic is blocked on a port configured for
MAC authentication before authentication occurs. Outgoing
traffic with unknown destination addresses is
flooded on unauthenticated ports configured for web
authentication.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP