There is a 4 stage violation system in place when licensing has been exceeded:
- 1st Stage: Warning prompt will pop up for NetSight Administrator user only indicating licensing has been exceeded and new licenses should be purchased.
- 2nd Stage: Warning prompt will pop up for all NetSight users indicating licensing has been exceeded and new licenses should be purchased.
- 3rd Stage: Includes warning from stage 2 and all end systems that are over the licensing threshold will not have their end system events populated. All end systems will authenticate normally, just no information for all end systems over the threshold.
- 4th Stage: Includes stages 2 and 3. All End systems that authenticate over the threshold will automatically be dropped into the "Catch-all" rule in the NAC rules engine.
For stages 3 and 4:
- These conditions will only affect users that are over the licensing limit
- If you have 5000 end system licenses, only the 5001 and higher end systems will be subject to this behavior
- End system count is based on unique systems that have authenticated in a 24 hour period
- You can see this counter by going into OneView > Identity and Access > System
There is a minimum of 120 days from Stage 1 to Stage 4 violation. You will hit the next stage after 40 days of non-compliance. Once in compliance it will take 7 days to clear the status of the violation, so you will see the violation warning until the violation status has completely cleared.
The Access Control/NAC appliance will indicate in the /var/log/tag.log
if the system has gone to Stage 4.
The error is[NacRuleEngine] System is oversubscribed, using catch-all profile…