Cisco Cisco NAC Appliance 4.1.0
8-14
Cisco NAC Appliance - Clean Access Server Installation and Administration Guide
OL-12213-01
Chapter 8 Integrating with Cisco VPN Concentrators
View Active VPN Clients
Figure 8-13
Systray Icon and Login Status
Note
Web login always works in L2 or L3 mode, and L3 capability cannot be disabled.
View Active VPN Clients
The Active VPN Clients page lists IP addresses known to the CAS through VPN Single Sign-On (SSO)
This page is intended for troubleshooting and is available in both the CAS management pages and CAS
direct access console. The Active VPN Clients page shows a list of all users for which the CAS has
received valid Radius accounting START packets.
This page is intended for troubleshooting and is available in both the CAS management pages and CAS
direct access console. The Active VPN Clients page shows a list of all users for which the CAS has
received valid Radius accounting START packets.
Anytime the CAS receives a valid Radius Accounting START packet for a particular client machine, the
CAS adds it to the Active VPN Clients list:
CAS adds it to the Active VPN Clients list:
•
If a client appears in this list, the client is able to perform SSO.
•
If the client does not appear in this list, then most likely the START packet did not make it to the
CAS or it was in an incorrect format.
CAS or it was in an incorrect format.
The key things the packet format must include are:
•
Account-Status-type = 1 (indicating it is a START packet)
•
Calling-station-Id (showing end machine's IP address)
To view active VPN clients:
1.
Go to Device Management > CCA Servers > List of Servers > Manage [CAS_IP] >
Authentication > VPN Auth > Active Clients
Authentication > VPN Auth > Active Clients
Logged in
(& disabled)
(& disabled)