End-System Events and Health Results Table
Use the End-Systems tab to view any events involving your end-systems, and to review the health of devices using your network. The End-Systems tab on the Control tab also includes the End-Systems Data Table, which displays detailed configuration and authentication information about the end-systems in your network.
End-System Events and Health Results Table
Select an end-system in the End-System Data Table to display data in the End-System Events and Health Results Table.
The table contains two tabs:
Select the Refresh button () at the top of the table to refresh the page.
You can manipulate the table data in several ways to customize the view for your own needs. Place the cursor over the column headings and select the drop-down arrow that lists the following options:
- Sort Ascending - Organizes the data in the column in alphabetical order from A to Z.
- Sort Descending - Organizes the data in the column in alphabetical order from Z to A.
- Columns - Enables you to select which columns display in the table.
- Filters - Manipulates the table data by only displaying rows that match the column filter you specify.
Events
The Events tab includes a table which displays detailed information about any events in which the selected end-system was involved. The Events table includes the following columns:
- State
- The end-system's connection state:
- Scan — The end-system was scanned.
- Accept — The end-system was granted access with either the Accept policy or the attributes returned from the RADIUS server.
- Quarantine —The end-system was quarantined because the assessment failed.
- Reject — The end-system was rejected because the assigned ExtremeControl profile was set to Reject, the MAC Locking test failed, or the RADIUS server was reachable but rejected the authentication request.
- Disconnected — This end-system session was disconnected, however other sessions for the end-system may still be active. For example, the end-system may have a disconnected session with an authentication type of 802.1X, but still have an active MAC authentication session. This state is only applicable for end-systems connected to switches that have RADIUS accounting enabled.
- Error — Indicates one of nine problems:
- the MAC to IP resolution failed
- the MAC to IP resolution timed out
- all RADIUS servers are unreachable
- the RADIUS request was non-compliant
- all assessment servers are unavailable
- the assessment server can't reach the end-system
- no assessment servers are configured
- the assessment server is not compatible with the current version of ExtremeCloud IQ Site Engine
- the username and password configured in the Assessment Server panel of the ExtremeControl options (Administration > Options > ExtremeControl > Assessment Server) are incorrect for the assessment server
- Access Control Engine/Source IP
- The IP address of the ExtremeControl engine on which the event occurred.
- Profile
- The name of the ExtremeControl profile assigned to the end-system when it connected to the network.
- MAC Address
- The MAC address of the end-system on which the event occurred. MAC addresses can be displayed as a full MAC address or with a MAC OUI (Organizational Unique Identifier) prefix.
- State Description
- This column provides more details about the end-system state. For example, if the end-system's connection state is Reject, this column might list the RADIUS server (primary or secondary) that rejected the authentication request.
- Reason
- Provides additional information about the reasons why the end-system is in its particular connection state. It provides information as to the reason a policy is applied to the end-system or the reason the end-system is rejected.
- Authorization
- The attributes returned by the RADIUS server. If the end-system is connected to a switch that supports multi-authentication, then this column may not reflect the actual active policy for the authenticated user. For Layer 3 ExtremeControl Controller engines, this column displays the policy assigned to the end-system for its authorization.
- Auth Type
- Identifies the authentication method used by the end-system to connect to the network. For Layer 3 ExtremeControl Controller engines, this column shows IP.
- Switch IP
- The IP address of the switch to which the end-system connected. If the end-system is connected to an ExtremeControl Controller engine, this is the ExtremeControl Controller PEP (Policy Enforcement Point) IP address.
- Switch Port Index
- The switch port index to which the end-system is connected. If the end-system is connected to a Layer 2 ExtremeControl Controller engine, this is the ExtremeControl Controller PEP (Policy Enforcement Point) port. However, for Layer 3 ExtremeControl Controller engines this column is blank.
- Switch Port
- The switch port number to which the end-system is connected. If the end-system is connected to a Layer 2 ExtremeControl Controller engine, this is the ExtremeControl Controller PEP (Policy Enforcement Point) port. However, for Layer 3 ExtremeControl Controller engines this column is blank.
- Switch Location
- The physical location of the switch to which the end-system is connected. If the end-system is connected to an ExtremeControl Controller engine, this is the ExtremeControl Controller PEP (Policy Enforcement Point) location.
- Last Scan Time
- Displays the last time ExtremeCloud IQ Site Engine scanned the end-system on which the event occurred.
- Zone
- Displays the end-system zone to which the end-system is assigned. For additional information, see End-System Zones.
- Event Source
- Displays the origin of the end-system in the network:
-
- ExtremeControl engine — An ExtremeControl engine.
- Wireless Manager — An ExtremeWireless Controller or AP.
- ExtremeXOS/Switch Engine ID Manager — An Extreme switch running ExtremeXOS/Switch Engine with the Identify Manager feature configured to send events to ExtremeCloud IQ Site Engine.
- OneFabric Connect — An ExtremeConnect module (e.g. Solutions Architecture and Innovation (SAI) integration)
- One Controller — The Extreme SDN Controller.
Health
This table displays the individual health result details for the end-system selected in the End-System Data Table. Double-click any health result detail to open the Health Result Details window that displays a description, solution, and result for the health result.
- Risk
- The risk level assigned to the problem found on the port:
- Red - High (corresponds to a Hole)
- Orange - Medium (corresponds to a Warning)
- Yellow - Low (corresponds to a Note)
- Black - No Result Available
- Score
- The score assigned to the test case. The score is a value between 0.0 and 10.0. In the case of agent-based test cases, the score will be either 0.0 for a passed test, or 10.0 for a failed test, unless specifically overwritten by the scoring override configuration.
- Scoring Mode
- The scoring mode that was used at the time the test was performed.
- Applied - The score returned by this test was included as part of the quarantine decision.
- Informational - The score returned by this test was reported, but did not apply toward a quarantine decision.
- Warning - The score returned by this test was only used to provide end user assessment warnings via the Notification portal web page.
- CVE ID
- The CVE (Common Vulnerability and Exposures) ID assigned to the security vulnerability or exposure. For more information on CVE IDs, refer to the following URL: https://cve.mitre.org/.
- Count
- The number of vulnerabilities for the end-system detected by ExtremeCloud IQ Site Engine. The column is hidden by default.
- HR ID
- An ID assigned to the health result for the vulnerability detected for the end-system. The column is hidden by default.
- ID
- An ID assigned to the vulnerability detected for the end-system. The column is hidden by default.
- Remediation Success
- For agent-based assessments, this column lists the results of remediation attempts: Remediation Successful, Remediation Failed, or Not Applicable.
- Type
- A "type" is assigned to each security risk found on a port
during an assessment, and is used to determine whether to Quarantine an end-system.
Types are configurable on the assessment agent.
There are three types:
- Hole - The port is vulnerable to attack.
- Warning - The port may be vulnerable to attack.
- Note - There may be a security risk on the port.
- Informational
- Indicates a test on the device resulted in an Informational Score.
- Warning
- Indicates a test on the device resulted in a Warning Score.
The following buttons and functions are included at the bottom of the End-Systems Events and Health Results Table:
- Paging Toolbar
- The paging
toolbar provides four buttons that let you easily page through the table: first, previous, next, and last page.
- Refresh
- Use the refresh button to update the data in the table.
- Reset
- The reset button clears the search field and search results, clears all filters, and refreshes the table.
For information on related help topics: