Security

I see in the configuratiion of the server on the top right of the screen there is a clear machine authentication cache link. This is good for clearning either per node or system-wide (appears to be a system wide option in 6.7) but is there a way to clear a specific targeted machine auth vs the entire cache? Also can you view the machine auth cache DB to dteremine time left for systems? 

You cannot remove a single machine from the cache or you cannot view the entire cache to see when a system's cache time is up? Which one, or do you mean no to both? Thank you for the reply and the help! I just need some clarification. 

Jeff 

Okay thank you very much for the assistance with this. 

One last question on the machine cache. Since we are using PEAP and MS-CHAP for the inner, does CPPM see the same system via the system name regardless of wired or wireless connection? Scenario, PC boots up on wired and does a successful machine auth. User logs in and CPPM checks to ensure the a previous machine auth occured which it will find in the cache. User is then allowed on (mach + user auth required). When the same user switches to wireless and the wireless authentciation happens, I assume that a machine auth will not be required since the wired auth occured and the system is still cached. I know the MAC's are different but system name is the same. My concern is when a user switches to wireless they are being allowed on, and no machine auth shows in access tracker and I am just curious how CPPM is tying the wireless attempt to the wired machine auth given no system name has been sent by the machine for the wireless connection. Do we have a configuratioon error in CPPM possibly? 

Thank you, we have switched to EAP-TLS as the machine auth method at this poitn and things are working much better. THank you for the advice. I did notice in the on teh clearpass server for the EAP-TLS authetication method that there are a couple options checked that I am unsure of. Session resumption and session timeout. I think I know what session resumption provides, and for that to work I would need the fast reconnect configured on the supplicant correct? 

ANd I am not sure what the session timeout is all about. We have customized that down to 1 hour from 6, but that was done awhile ago and I have no idea why. Could you please advise what that setting is all about? I have drawn no info on the searches so far. Thank you for all the help! 

Jeff 

Really?  thank you for that. We are running 6.7.7, still hold true for that version? 

Tim you're a rock star, thank you very much!! 

Jeff