Specifications
11-31
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 11 Monitoring and Troubleshooting Agent Sessions
Online Users list
A device listed on the View Online Users page but not in the Clean Access Certified Devices List
generally indicates the device is in the process of certification.
In-Band Users
Clicking the In-Band link brings up the View Online Users page for In-Band users (Figure 11-24). The
In-Band Online Users list tracks the In-Band users logged into the Clean Access network.
The Clean Access Manager adds a client IP and MAC address (if available) to this list after a user logs
into the network either through web login or the Agent.
Removing a user from the Online Users list logs the user off the In-Band network.
Figure 11-24 View Online Users Page—In-Band
Note For AD SSO users, the Provider field displays AD_SSO, and the User/User Name field lists both the
username and domain of the user (for example,
user1@domain.name.com.) on the Online Users and
Certified Devices pages.
Out-of-Band Users
Clicking the Out-of-Band link brings up the View Online Users page for Out-of-Band users
(Figure 11-25).
The Out-of-Band Online Users list tracks all Out-of-Band authenticated users that are on the Access
VLAN (on the trusted network). The CAM adds a user IP address to the Out-of-Band Online Users list
after a client is switched to the Access VLAN.
Note The “User IP” of Out-of-Band online users will be the IP address of the user on the Authentication
VLAN. By definition CCA does not track users once they are on the Access VLAN; therefore OOB
users are tracked by the Auth VLAN IP address they have while in the CCA network.
When a user is removed from the Out-of-Band Online Users list, the following typically occurs:
1. The CAM bounces the switch port (off and on).
2. The switch resends SNMP traps to the CAM.
3. The CAM changes the VLAN of the port based on the configured Port Profile associated with this
controlled port.