IBM Tivoli and Cisco User Manual

Appendix A. Hints and tips

465

State mapping and scenarios

One way for the solution to approach a design is to consider all of the possible
states that can occur with regards to the client, its compliance state, and its
network admission state. Table 8-8 presents the possible states that should be
considered.

Table 8-8 Possible client states

As indicated by this state table, there are eight different scenarios that must be
accommodated in any design. The following list is the expected behavior for each
of these states.

Scenario 1 - Pre-admission, Security Compliance Manager not running,
noncompliant client

– NAC Appliance detects that the Security Compliance Manager Client is

not running:

i.

Pops up Temporary Access Window

ii. User clicks Update
iii. Runs TSCMAgent.bat

– TSCMAgent.bat:

i.

Sets semaphore to -1

ii. Starts Security Compliance Manager Client
iii. Runs statuscheck.exe

– Statuscheck.exe:

•

Requests rescan from Security Compliance Manager Client

State #

Security
Compliance
Manager
Client
running

Compliant to
policy

Admitted to
network

1

0

0

0

2

0

0

1

3

0

1

0

4

0

1

1

5

1

0

0

6

1

0

1

7

1

1

0

8

1

1

1