Filter
Top Products
Appendix A. Hints and tips 453
TimeToNextReauth = 48
Authentication Method = Dot1x
Posture = Healthy
Authorized By = Authentication Server
Vlan Policy = 10
Cisco Secure ACS server
On a Cisco Secure ACS server Web GUI, go to the reports section and look at
the Passed Authentications and Failed Attempts reports.
The Failed Attempts report shows instances where the NAC process was not
completed successfully for some reason. The Authentication Failure Code
column gives an indication of what failed. Use this report to find details about why
NAC challenges are not completing. This typically leads to something amiss in
your Cisco NAC setup, between the Cisco Trust Agent, Cisco IOS Software
NAD, and Cisco Secure ACS.
The Passed Authentications report shows NAC challenges that were completed
successfully, even if the result was that the client was quarantined. If entries are
being added to this report, your basic Cisco NAC setup is probably good and the
hosts are being quarantined due to their compliance postures. At any rate, you
can see the values that are passed from the Security Compliance Manager
Posture Plug-in for each host in this report.
Cisco Trust Agent
On the client, the Cisco Trust Agent handles all communications with the Cisco
network. The accompanying file, ppta.exe, can be used to query the Cisco Trust
Agent to see what information it is passing to the network. This file should be
placed into the %CTA_HOME% directory and executed from there. When run, it
pops up a window. Click the Update List button to display all of the registered
Posture Plug-ins on the system. You should see the IBM Security Compliance
Manager plug-in displayed in the list. Select the IBM plug-in and click the
Posture Button. The attributes and values that are passed to the network by the
IBM plug-in are displayed in the lower window. Make sure that these values are
the expected values.
Tools and tricks for the client
The information in this section is useful for problem determination and the proper
installation of the Security Compliance Manager client.
Note: You might check Tivoli user documentation and product release notes
for any additional commands or information. Commands shown below are
best aimed at providing comprehensive hints and tips for this concept.