Search for End-Systems Window

This window lets you search your NAC Manager database for end-systems and end-system events that match the search criteria you specify. You can search for full or partial matches on MAC address, IP address, switch IP address, user name, hostname, or custom, registration, or group information. Enter the full or partial value you are searching for and click the Search button. Search results are displayed in the End-Systems tab (presented as a separate window).

You can access the Search for End-Systems window by selecting Tools > End-System Operations > Search for End-Systems from the menu bar or clicking the Search for End-Systems toolbar button .

Use the Search for Events checkbox to search end-system events for the specified information. When searching for events, NAC Manager matches the criteria you specify against historical end-system connection information. The search scans through the end-system event cache and stops after finding 1,000 matches or reaching the end of the cache. Results are displayed in an End-System Events Search Results table. Click on the Search for Older Events button at the bottom of the results table to extend the search to older events stored in the database outside of the cache. The maximum search parameters for this extended search are configured in the End-System Event Cache options in the NAC Manager Options view (Tools > Options). The extended search is ended when any one of the search parameters is reached:

Maximum number of results to return from search
Maximum time to spend searching for events (in seconds)
Maximum number of days to go back when searching

For advanced end-system search features, select the Advanced Search checkbox. In the Advanced Search, you can specify more detailed search criteria as explained below. The search criteria you specify is matched against the last known connection state for each end-system attempting to connect. For example, if you search for end-systems with a state of Accept, the search return all end-systems currently in that state, and not end-systems that were in that state at one time or another. With the Enable Auto Complete checkbox selected, as you type search criteria into the fields in this window, NAC Manager lists possible matches based on information in the NAC Manager database.

Search window with Advanced Search feature selected.

Click areas in the window for more information.

Advanced Search for End-Systems Window

Enable Auto Complete: Select Enable Auto Complete to list possible matches based on information in the NAC Manager database as you type search criteria into the fields in this window.

With the Advanced Search checkbox selected, choose from the following advanced search criteria:

NAC Appliance: If you specify a NAC (Extreme Access Control) engine, NAC Manager only searches for end-systems last seen connecting to that engine. If you don't specify an Access Control engine, NAC Manager searches for all end-systems matching the selected criteria across all engines.

MAC Address: Search for an end-system's MAC address.

End-System IP: Search for an end-system's IP address.

Switch IP: Search by the IP address of the switch to which the end-system connected.

Hostname: Search by the hostname of the end-system.

Device Type: Search by the detected device type for the end-system. Device type can be the hardware type or the operating system.

Device Type Family: Search by the detected device type family for the end-system. Device type family can be the hardware family or the operating system family.

Username: Search by the username the end-system used to connect.

NAC Profile: Search by the name of the NAC profile that was assigned to the end-system when it connected to the network.

Authentication Type

Search by the end-system's authentication type. The following authentication types are supported in NAC Manager:

MAC - includes the following MAC authentication types
- MAC (PAP)
- MAC (EAP-MD5)
- MAC (CHAP)
IP (L3 Access Control Controller only)
PAP
CHAP
802.1X - includes the following 802.1X authentication types
- 802.1X (EAP-TLS)
- 802.1X (EAP-TTLS)
- 802.1X (EAP-MD5)
- 802.1X (EAP-PEAP)
- 802.1X (EAP-FAST)
- 802.1X (EAP-LEAP)
- 802.1X (EAP-RSA)
- 802.1X (EAP-SIM)
MS NAP (Microsoft NAP)
Registration Administration
Kerberos

State

Search by the end-system's connection state:

Accept - The end-system is granted access with either the Accept policy or the attributes returned from the RADIUS server.
Reject - The end-system was rejected because the assigned NAC profile was set to Reject, the MAC Locking test failed, or the RADIUS server was reachable but rejected the authentication request.
Scan - The end-system is currently being scanned.
Quarantine -The end-system is quarantined because the scanning test failed.
Disconnected - All sessions for the end-system are disconnected. This state is only applicable for end-systems connected to switches with RADIUS accounting enabled, or if the Session Deactivate Timeout option is enabled on the Reauthentication tab in Appliance Settings.
Error - Indicates one of nine problems:
- the MAC to IP resolution failed, if assessment is enabled
- the MAC to IP resolution timed out, if assessment is enabled
- all RADIUS servers are unreachable
- the RADIUS request was non-compliant
- all assessment servers are unavailable
- the assessment server can't reach the end-system
- no assessment servers are configured
- the assessment server is not compatible with the current version of NAC Manager
- the username and password configured in the Assessment Server panel of the NAC Manager options (Tools > Options > Assessment Server) are incorrect for the assessment server

Extended State

Search by the end-system's extended state:

Scan Requested - A scan is requested for the end-system.
Scan in Progress - The end-system re-authenticated while a scan was already in progress.
MAC to IP Resolution Failed - The scan cannot be performed because the end-system's MAC address cannot be resolved to an IP address.
Assessment Server(s) Unavailable - There are no Assessment servers available to perform a scan on the end-system.
Assessment Server Can't Reach Host - The Assessment server cannot reach the end-system to perform a scan.
No Assessment Servers Configured - A scan is required for the end-system, but no Assessment servers are configured in NAC Manager.
MAC to IP Resolution Timed Out - The scan cannot be performed because the end-system's MAC address was not resolved to an IP address in the allowed time.
Resolving IP Address - MAC to IP Address Resolution is being performed for the end-system.
Scan Complete - A scan is completed for the end-system.
RADIUS Request Missing Required Attributes - The attributes returned from the RADIUS server were not sufficient for processing.
Invalid Assessment Server Login Credentials - The login credentials supplied to communicate with the third-party assessment software (Nessus) are invalid.
Invalid Assessment Server Type for Configuration - The assessment server being used doesn't match the assessment server type specified in the assessment configuration.
There is an error with the test set configuration
Assessment Discarded - Only one scan can be running against an end-system at a time. If a scan is in progress and a Force Reauth and Scan operation is performed, the existing scan is discarded and a new scan starts. This may also occur if a scan is in progress and the agent reconnects/disconnects. In both of these cases, when the first scan is aborted, the following message displays: "assessment discarded, because of new assessment request".
License not found - The third-party assessment software (Saint) no license file.
License expired - The third-party assessment software license (Saint) is expired.
License error - Generic error concerning third-party assessment software licensing, but NAC Manager can't determine the exact cause.
Agent not connected to server - The assessment agent is not connected to the assessment server.
Assessment Incompatibility - The assessment server is not compatible with the current version of NAC Manager.
Communication Error - A communication error between Extreme Management Center Server and NAC Manager occurred during registration. The end-system was registered via Survivable Registration (if enabled) and assigned the Failsafe policy.
Unrecognized Condition
Assessment Bypass enabled - The NAC Manager assessment process is disabled using the NAC Bypass feature.
Assessment Warning - During the last scan, the end-system was put into the Assessment Warning end-system group.

State Description: Search by the end-system's state description.

Authorization: Search by the attributes returned by the RADIUS server for the end-system. For Layer 3 Access Control Controller engines, you can search by the policy assigned to the end-system for its authorization.

Last Seen: Search by the last date and time the end-system was seen by the Access Controlengine.

First Seen: Search by the first date and time the end-system was seen by the Access Controlengine.

Last Scanned: Search by the last date and time an assessment (scan) was performed on the end-system.

Custom 1-4: Search by matching the text in any of the four custom end-system information columns.

Registered User: Search by the registered username supplied by the end user during the registration process.

Registered Email: Search by the email address supplied by the end user during the registration process.

Sponsor: Search by the registered device's sponsor.

Registration 1-5: Search by the information that was entered in custom registration fields by the end user during the registration process.

Registration Descr: Search by the device description supplied by the end user during the registration process.

Groups: Search by the end-system and/or user groups to which the end-system belongs.

Group 1-3: Search by the entry description that was entered when the end-system was added to a MAC-based end-system group.

Advanced Search: Use this checkbox to display or hide the Advanced Search features.

Related Information

For information on related windows: