Alcatel-Lucent 6850-48 Guida Di Rete
Verifying Access Guardian Users
Configuring Access Guardian
page 34-44
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
Logging Users out of the Network
In the event that it becomes necessary to manually log a user out of the network, the
command is available to the switch admin user. The following parameters are available with this command
to specify which users to log out:
to specify which users to log out:
• mac-address—Logs out the user device with the specified source MAC address. For example:
-> aaa admin-logout mac-address 00:2a:95:00:3a:10
• port slot/port—Logs out all users connected to the specified slot and port number. For example:
-> aaa admin-logout port 1/9
• user user_name—Logs out the user device accessing the network with the specified user name account.
For example:
-> aaa admin-logout user j_smith
• user-network-profile name profile_name—Logs out all users classified with the specified profile
name. For example:
-> aaa admin-logout user-network-profile name marketing
Logging a group of users out of the network is particularly useful if configuration changes are required to
any Access Guardian features. For example, if the Host Integrity Check (HIC) feature is globally disabled
for the switch, all User Network Profiles (UNP) with the HIC attribute enabled no longer check devices
for compliance. This could allow users that don’t comply with security requirements to access the
network. The solution:
any Access Guardian features. For example, if the Host Integrity Check (HIC) feature is globally disabled
for the switch, all User Network Profiles (UNP) with the HIC attribute enabled no longer check devices
for compliance. This could allow users that don’t comply with security requirements to access the
network. The solution:
1 Log out all users associated with the profile using the aaa admin-logout command.
2 Disable the HIC feature for the switch using the
disable
command.
3 Make any necessary configuration changes to the HIC feature (for example, add a remediation server to
the HIC exception list).
the HIC exception list).
4 Enable the HIC feature for the switch using the
enable
command. When HIC is enabled, all
users associated with the HIC-enabled UNP are checked for compliance.
Note. The aaa admin-logout command is only available to the switch admin user. The admin account,
however, is protected from any attempts to log out the admin user.
however, is protected from any attempts to log out the admin user.
For more information about HIC and user profiles, see