Cisco Cisco Clean Access 3.5
12-3
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 12 Monitoring
Online Users List
Online Users List
Two Online Users lists are viewed from the Monitoring > Online Users > View Online Users tab:
•
In-Band Online Users
–
Tracks in-band authenticated users logged into the network. In-band users with active sessions
on the network are listed by characteristics such as IP address, MAC address (if available),
authentication provider, and user role.
on the network are listed by characteristics such as IP address, MAC address (if available),
authentication provider, and user role.
–
Removing a user from the In-Band Online Users list logs the user off the in-band network.
•
Out-of-Band Online Users
–
Tracks all authenticated out-of-band users that are on the Access VLAN (trusted network).
Out-of-band users can be listed by Switch IP, Port, and Access VLAN, in addition to IP address,
MAC address (if available), authentication provider, and user role.
Out-of-band users can be listed by Switch IP, Port, and Access VLAN, in addition to IP address,
MAC address (if available), authentication provider, and user role.
–
Removing a user from the Out-of-Band Online Users list causes the CAM to bounce the port
(unless port bouncing is disabled for OOB VGW), the switch to resend SNMP traps to the CAM,
and the CAM to change the VLAN of the port as specified in the Port Profile.
(unless port bouncing is disabled for OOB VGW), the switch to resend SNMP traps to the CAM,
and the CAM to change the VLAN of the port as specified in the Port Profile.
Both Online Users lists are based on the IP address of users. Note that:
•
For L2 deployments the User MAC address field is valid
•
For L3 deployments the User MAC address field is not valid (for example, 00:00:00:00:00:00)
Only the Certified List is based on client MAC addresses, and therefore the Certified List never applies
to users in L3 deployments.
to users in L3 deployments.
For Out-of-Band deployments, OOB users always display first in the In-Band Online Users list, then in
the Out-of-Band Online Users list. When user traffic is coming from a controlled port of a managed
switch, the user shows up first in the In-Band Online Users list during the authentication process, then
is moved to the Out-of-Band Online Users list after the user is authenticated and moved to the Access
VLAN.
the Out-of-Band Online Users list. When user traffic is coming from a controlled port of a managed
switch, the user shows up first in the In-Band Online Users list during the authentication process, then
is moved to the Out-of-Band Online Users list after the user is authenticated and moved to the Access
VLAN.
Finally, the Display Settings tab let you choose which user characteristics are displayed on each
respective Online Users page.
respective Online Users page.
Interpreting Active Users
Once logged onto the Cisco Clean Access network, an active user session persists until one of the
following events occurs:
following events occurs:
•
The user logs out of the network through the browser logout page or Clean Access Agent
logout.
logout.
Once on the network, users can remain logged on after a computer shutdown/restart. A user can log
out of the network using the web logout page or Clean Access Agent logout.
out of the network using the web logout page or Clean Access Agent logout.
•
The Clean Access Agent user logs off Windows or shuts down Windows machine.
With 3.5(7) or above CAM/CAS and 3.5.9+ Clean Access Agent, you can configure the CAM and
Agent to log off In-Band users only from the Clean Access system when the user logs off from the
Windows domain (i.e. Start->Shutdown->Log off current user) or shuts down the machine
(Start->Shutdown->Shutdown machine).
Agent to log off In-Band users only from the Clean Access system when the user logs off from the
Windows domain (i.e. Start->Shutdown->Log off current user) or shuts down the machine
(Start->Shutdown->Shutdown machine).
•
An administrator manually drops the user from the network.
The Monitoring > Online Users > View Online Users page (IB or OOB) can be used to drop users
from the network, without deleting their clients from the Certified List.
from the network, without deleting their clients from the Certified List.