Header Only - DO NOT REMOVE - Extreme Networks

Automatic purging old records in Control (formerly - Identity and Access) in Netsight


Userlevel 4
Hello, everybody!

I've detected hundreds of devices using Identity Management feature on Summits and brought this data into the Netsight.

State of some devices is Disconnected, others are Accept.

My question is: will the disconnected devices be removed automatically in a period of time?

They really saturate the table...

How long Netsight keeps information for End-Systems?

Many thanks in advance,

Ilya

3 replies

Userlevel 6
Hello,

By default EMC will age out end systems after 90 days of inactivity.

In NAC Manager click tools --> options --> Data Persistence

This will give you options to modify this scope.

Inactivity means that the end system has not seen accounting, DHCP, or any other event that has updated the end systems "last seen" timestamp

Thanks
-Ryan
Userlevel 4
Yacobucci, Ryan wrote:

Hello,

By default EMC will age out end systems after 90 days of inactivity.

In NAC Manager click tools --> options --> Data Persistence

This will give you options to modify this scope.

Inactivity means that the end system has not seen accounting, DHCP, or any other event that has updated the end systems "last seen" timestamp

Thanks
-Ryan

Thank you, Ryan!

I am thinking...

I've got a user on a certain port by Kerberos. The question is: what if tomorrow I'll get another user on the same port?

Will Netsight store both users or clear the earlier one? What will happen?

Thank you!
Userlevel 6
Yacobucci, Ryan wrote:

Hello,

By default EMC will age out end systems after 90 days of inactivity.

In NAC Manager click tools --> options --> Data Persistence

This will give you options to modify this scope.

Inactivity means that the end system has not seen accounting, DHCP, or any other event that has updated the end systems "last seen" timestamp

Thanks
-Ryan

It would depend on if the user logged into the same end system, or if they both had different end systems.

The "hinge" in NAC is always the end system. The way the system works is EMC tracks end systems, and receives updates from potentially multiple sources (mainly EAC) that update the end system. There is an "end system" record, and then there are "end system events"

When events come in, they are shown historically by event to give you an idea of when certain information was populated at what time, or what happened to the end system over time. These events are used to updated the "end system" to display all the currently known information on an end system in the "end systems" table.

If these are two different end systems, then you'll see there was an event that was populated by either kerberos snooping, or identity management, that snooped the username and will populate it as the username for both users. EMC will not make the assuming that the user has logged off because there was another authentication event on the same port. EMC will only show the user as disconnected if the switch sends the appropiate information that indicates that session was disconnected.

If two different users log into the same end system on the same switch port then you'll see two different end system events with two different usernames, and the username that logged in last will be displayed as the username for the end system.

Thanks
-Ryan

Reply