Clients Table
Configuration > Overlays & Security > Security > Clients Table
The Clients Table tab provides at-a-glance details about LAN-side client devices in your network, which can assist in monitoring LAN-side hosts and troubleshooting issues. The Clients table on this tab lists client devices for all appliances in your network or those selected in the appliance tree. Client devices discovered by RADIUS snooping and/or Network Access Control (NAC) are listed in the table.
The maximum number of rows displayed in the Clients table is limited to 10,000. The maximum number of rows displayed for each appliance is 10,000 divided by the total number of appliances in your network or the number selected in the appliance tree. The following indicators are provided above the table:
-
Displayed – Number of displayed clients (up to 10,000).
-
Matched – Number of clients that match your query as defined by the filter selections.
The following filters, displayed at the top of the tab, work together to filter the Clients table:
-
IP/Subnet – Filters on the specified user device IP address or subnet range (for example, 192.168.11.0/24).
-
Segment – Filters on the selected segment. This filter is available only if routing segmentation is enabled.
-
MAC Address – Filters on the specified user device MAC address (format XX:XX:XX:XX:XX:XX).
-
Effective Role – Filters on the selected user device role.
After selecting the filtering criteria, click Apply. To clear filtering criteria, click Clear.
Descriptions of fields in the Clients table follow.
NOTE: The Clients table does not show real-time data.
Field | Description |
---|---|
Appliance | Name of the appliance. NOTE: If an appliance is not running on an ECOS version that corresponds with the current version of Orchestrator, relevant data for the appliance will not be collected nor displayed in this table. |
MAC Address | MAC address of the user device. |
User IP | IP address of the user device. |
User Segment | Segment to which the client device is associated. |
Interface | Interface through which the user device has been authenticated. Obtained from NACD. |
User Name | Name of the user device. Obtained by RADIUS snooping. |
User Group | User group assigned to the user device. |
User Device | Operating system used for the user device. |
User State | Current state of the user device. Active – Indicates active flows have occurred. Expired – Indicates no flows have occurred in the last hour. IP not acquired – Indicates that the user device IP address is not known, but the MAC address is known. |
Authentication Method | Type of authentication method used (802.1x or MAC authorization). Obtained from NACD. “snooped” indicates that this was obtained by RADIUS snooping. |
Effective Role | Role assigned to the user device. NOTE: Specific NADC and RADIUS snooping roles are in the NACD Role and Radius Snooping Role fields, which are not displayed in the table by default. |
Session Start Time | Time when the user device was authenticated and the session was started. |