Filter
Top Products
454 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
Security Compliance Manager client
When the Security Compliance Manager client is started, the Security
Compliance Manager policy collector should listen for TCP connections on
port
40500
.
If a netstat -an command is run in a command window, you should see this line:
TCP 127.0.0.1:40500 0.0.0.0:0 LISTENING;
If this line does not appear in the list of connections, then the Security
Compliance Manager client policy collector is not running correctly.
If the client is listening on port 40500, you can telnet to the client and issue the
same commands that the Cisco Trust Agent would issue. This technique should
be used when you have to troubleshoot the interface between the Cisco Trust
Agent and the Security Compliance Manager policy collector.
In a command line window, issue the telnet localhost 40500 command to
establish a connection with the client.
With the following commands, you can see what is being passed back to the
network, look at the complete posture cache, and test calls to the remediation
handler.
The commands pquery and pstatuschange have no arguments. pquery displays
the current value of all defined posture attributes.
The print and runall commands display and refresh the posture cache. print
shows the complete contents of the posture cache and is useful to see what the
client sees as the state of your system. Runall runs all of the collectors again and
refreshes the posture cache with fresh information.
The pnotify <REM_URL> command starts the remediation handler, with
<REM_URL> being the URL of the remediation listener that can be called to
handle the remediation request.
Note: When you issue a pquery command, the next time the network issues a
pstatuschange it will receive a
false response. If you issue a pquery command,
you should clear
the client’s cache on the router or initiate a rescan of the
client on the router.
The pstatuschange command displays either true or false, reflecting how the
network determines whether the client’s status has changed since the last
pquery.