User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER

351

352

353

354

355

356

357

358

359

360

OmniAccess SafeGuard OS Administration Guide

359

Chapter 9: End Point Validation

Example 1: The example below shows the summary view of the user table. In the state

column (header SATE) the E field indicates the current EPV state. Note that IP

172.16.145.2 (user echua) is healthy, IP 172.16.145.5 (user alice) has not even attempted an

EPV scan and IP 172.16.145.126 (user bob) is unknown:

(CS107) #show aaa users

Port IP User Role SATE Login Time

---- --------------- ---------------- ----------------

---- -----------------

0/20 172.16.145.2 echua kerberos-users

skHh Nov 28 2006 18:26:53

0/20 172.16.145.5 alice radius-users

srH- Nov 28 2006 20:06:38

0/20 172.16.145.126 bob cp-users

scHu Nov 28 2006 20:07:18

Code:

(S)tate: "f"=failed, "s"=success

(A)uthType: "k"=kerberos, "c"=captive-portal, "m"=mac-radius, "r"=radius

"x"=802.1x, "w"=white-list

(T)ype: "H"=host, "R"=router

(E)PV State: "-"=not scanned "u"=unknown "h"=healthy

Configuring EPV Rescan Timers

The number of minutes between ICS rescans of a host is configurable via both the

CTOOL web interface, as well as through the device

epv rescan-interval command.

This command has the following syntax:

epv rescan-interval [minutes]

Configuring Refresh Window

In the default configuration, once the user has been successfully scanned they are

presented with a popup window that stays open for the remainder of their session. This

window periodically reloads, causing the ICS component to rescan the host. This

command has the following syntax:

epv refresh-window

The window can also be disabled by using the no form of the command. In this case, the

rescan will not happen in the background. If the user is found to be unhealthy they will

be re-hijacked by the device. The syntax of the

no form of the command is:

no epv refresh-window

Following is an example of this command:

(SafeGuardOS) #configure terminal

Syntax Description minutes This is the number of minutes between rescans. The

default value is 15 minutes. The minimum value is 1

minute, the maximum value is 9999 minutes.