beautypg.com

HP Identity Driven Manager Software Series User Manual

Page 33

background image

Getting Started

Using IDM as a Monitoring Tool

The default IDM settings are:

"Allow unknown users to access the network", and "Do not assign a
VLAN." This provides unknown user access (unrestricted by IDM) and
allows IDM to learn information about users from the RADIUS server.

You can configure IDM to restrict access by:

Selecting "Assign Unknown users to this VLAN" and specifying
the VLAN the unknown user can access.

Deselect "Allow unknown users". This will deny network access
to unknown users.

"User session accounting" is also enabled so you can monitor users
on the network, and collect data for User Login and Bandwidth usage
reports in IDM. If you disable User session accounting, IDM will not
collect data for the Bandwidth Usage and User Session reports.

"Generate Session Start and Session Stop events" option is selected,
which means user’s session start and stop events will be displayed in
the IDM Events list. If you de-select the option, session history and
statistical information will still be collected, but the start and stop
events are not displayed in the IDM Events list.

"Reset accounting statisticswhen management server starts " option
is disabled. If you click to enable this option, all session accounting
information is reset when the PCM/IDM server is restarted. Any open
sessions will be closed, and RADIUS Server totals are reset to zero.

Click "Reset accounting statistics now" to reset all accounting infor­
mation immediately (after confirmation). Any open sessions are
closed, and RADIUS Server totals are reset to zero.

If the status of users -- whether they are logged on or off -- seems to be
incorrect, it is possible that the session accounting has somehow gotten out
of sync. You can correct this problem by using the "Reset accounting statics
now" option. This will close any open session (this has no effect on the user,
only on the IDM accounting), and it will reset login counts for users back to
zero.

Once you have been running IDM long enough to capture and configure the
necessary Realms, Access profiles, and assign users to Access Profile Groups,
you can alter these Identity Management preferences to restrict access for
unknown users.

If you are using Web-Auth or MAC-Auth for user authentication, the user
session statistics are not collected, since the data is unavailable from the
switch. User logins and Bandwidth Usage data is still available.

2-15