11-30-2010 06:25 AM - edited 03-09-2019 11:17 PM
can someone tell me the differences between these messages in our CAM version 4.7.2 ?
what are the differences between the three?
Authentication | 2010-11-30 09:13:36 | [00:0B:6B:01:D6:A3 ## 10.122.18.97] lindsey.hunter - Logged out successfully |
Administration | 2010-11-30 09:11:25 | [70:1A:04:8C:15:73 ## 172.31.156.78] bmcstudent - forcefully logged out by Administrator |
Authentication | 2010-11-30 09:11:21 | Unable to ping 172.31.156.78, going to logout user bmcstudent |
Solved! Go to Solution.
11-30-2010 11:51 AM
Hi Bryan,
Authentication | 2010-11-30 09:13:36 | [00:0B:6B:01:D6:A3 ## 10.122.18.97] lindsey.hunter - Logged out successfully |
This is a user being logged out based on something the user did - either logging out of the agent or, if you have "Logoff NAC Agent users from network on their machine logoff or shutdown" checked, by their computer logging off or shutting down.
Administration | 2010-11-30 09:11:25 | [70:1A:04:8C:15:73 ## 172.31.156.78] bmcstudent - forcefully logged out by Administrator |
Authentication | 2010-11-30 09:11:21 | Unable to ping 172.31.156.78, going to logout user bmcstudent |
These two logs go together. It looks like you have a heartbeat timer set - so in this case, the earlier error (9:11:21) is the heartbeat timer expiring, and the latter is the user being logged out due to it. Heartbeat timers are configured under User Management > User Roles > Schedule, and basically just check using ARP that a user is still reachable. So if you have the timer set to 5 minutes, if the CAS doesn't get a response from the user for over 5 minutes, it'll log them out. Here's the section from the guide on heartbeat timers: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cam/m_trfpol.html#wp1047194
Does that make sense?
Thanks,
Lauren
11-30-2010 11:51 AM
Hi Bryan,
Authentication | 2010-11-30 09:13:36 | [00:0B:6B:01:D6:A3 ## 10.122.18.97] lindsey.hunter - Logged out successfully |
This is a user being logged out based on something the user did - either logging out of the agent or, if you have "Logoff NAC Agent users from network on their machine logoff or shutdown" checked, by their computer logging off or shutting down.
Administration | 2010-11-30 09:11:25 | [70:1A:04:8C:15:73 ## 172.31.156.78] bmcstudent - forcefully logged out by Administrator |
Authentication | 2010-11-30 09:11:21 | Unable to ping 172.31.156.78, going to logout user bmcstudent |
These two logs go together. It looks like you have a heartbeat timer set - so in this case, the earlier error (9:11:21) is the heartbeat timer expiring, and the latter is the user being logged out due to it. Heartbeat timers are configured under User Management > User Roles > Schedule, and basically just check using ARP that a user is still reachable. So if you have the timer set to 5 minutes, if the CAS doesn't get a response from the user for over 5 minutes, it'll log them out. Here's the section from the guide on heartbeat timers: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cam/m_trfpol.html#wp1047194
Does that make sense?
Thanks,
Lauren
12-01-2010 08:07 AM
great - thanks lauren
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide