Iris FAQs and Known Issues

CITES > Iris > FAQ

This page provides information about frequently asked questions and known issues about Iris. Iris's changes from version to version are documented in the Recent Changes in Iris page.

Frequently asked questions

Iris's scope

Only CITES-managed switches can be viewed using Iris. Repeaters and departmentally managed switches do not show up in Iris.

In addition, some port options such as Portfast cannot be set from Iris. You also cannot add additional networks to a switch through Iris. For these types of tasks, a netadmin should email net-trouble@uiuc.edu or contact the CITES Operations Center to request that it be added.

Problems or error messages

If you have a problem using Iris or receive an error message, contact the CITES Operations Center at 244-1000.

Iris read or write permissions for a network

If you do not have read or write access for a particular network and you need to be added to that network's list of authorized administrators, see the Who Can Use Iris? page for guidance in locating the appropriate contact person through Contact Manager.

If you need to grant read or write permissions to another user, the Who Can Use Iris? page also explains how to determine whether you have Change Contacts permissions for a switch or network in order to assign permissions to others.

Training

The CITES Operations Center staff can train new Iris users about Iris usage, campus network naming conventions, and more. The Iris Scenarios pages also provide an overview of how to perform the most frequently needed tasks.

Feature requests

If you would like to see additional features in Iris, contact the Iris service managers at iris@uiuc.edu.

Known issues - version 5.3

Port security and Cisco switches

1) No visual indicator of Intrusion status

As explained in the Port Security Scenario, you won't be visually informed when a security situation has been triggered on a "Filtered" port on a Cisco or Foundry switch.

The "Filter" port security will still apply, and packets from an unapproved computer will be dropped while packets from an approved computer will be transmitted.

(On a port set to "Disable," of course, the port will be shut off at an intrusion.)

2) Leave an approved computer plugged in and networked when resetting after an intrusion

In order to be able to re-enable a Cisco switch port disabled by an intrusion, you'll need to leave an approved computer in place and networked while you reset the port security.

Because of the way Cisco switches report error conditions, a switch is considered disabled until new communication has successfully taken place.

If you remove both an intruding computer and the permitted computer before hitting reset, Iris will not be able to clear the intrusion status message because the Cisco switch will still return an error message even though the port has been re-enabled.

However, if the permitted computer remains in place and is allowed to communicate with the port, clicking Reset will be followed by successful communication from the permitted computer. At that point, the Cisco switch stops returning an error message and Iris will reset its intrusion display to its normal, neutral state.

Port security and Foundry switches

1) No visual indicator of Intrusion status

As explained in the Port Security Scenario, you won't be visually informed when a security situation has been triggered on a "Filtered" port on a Cisco or Foundry switch.

The "Filter" port security will still apply, and packets from an unapproved computer will be dropped while packets from an approved computer will be transmitted.

(On a port set to "Disable," of course, the port will be shut off at an intrusion.)

2) Delay in Port Security functionality

On some new Foundry switches, port security may not be immediately functional. It may take between an hour and a week for new Foundry switches to have port security enabled. If you need assistance with port security on a newly installed Foundry switch, email net-trouble@uiuc.edu.

Internet Explorer and checkboxes

Internet Explorer users will find that any checked row checkboxes will become unchecked when you re-sort a table. If you have marked checkboxes, avoid re-sorting a table after making your selections.

skip navigation	\| Home \| Help Desk \| Status \| CIO \| Site Map \| Search
Services by Audience New to Campus? Students Faculty & Staff Instructors Researchers Tech Support Providers Services by Category Calendaring Classroom Technologies Computer Facilities Computing Accounts Educational Technologies Electronic Directory Email File Storage & Web Publishing Networking & Remote Access Passwords Security Services For Departments Software Telecommunications Complete List of Services General Information Training Computing/Networking 101 Contacts Glossary About CITES Job Openings go to navigation	Iris FAQs and Known Issues CITES > Iris > FAQ This page provides information about frequently asked questions and known issues about Iris. Iris's changes from version to version are documented in the Recent Changes in Iris page. Frequently asked questions Iris's scope Only CITES-managed switches can be viewed using Iris. Repeaters and departmentally managed switches do not show up in Iris. In addition, some port options such as Portfast cannot be set from Iris. You also cannot add additional networks to a switch through Iris. For these types of tasks, a netadmin should email net-trouble@uiuc.edu or contact the CITES Operations Center to request that it be added. Problems or error messages If you have a problem using Iris or receive an error message, contact the CITES Operations Center at 244-1000. Iris read or write permissions for a network If you do not have read or write access for a particular network and you need to be added to that network's list of authorized administrators, see the Who Can Use Iris? page for guidance in locating the appropriate contact person through Contact Manager. If you need to grant read or write permissions to another user, the Who Can Use Iris? page also explains how to determine whether you have Change Contacts permissions for a switch or network in order to assign permissions to others. Training The CITES Operations Center staff can train new Iris users about Iris usage, campus network naming conventions, and more. The Iris Scenarios pages also provide an overview of how to perform the most frequently needed tasks. Feature requests If you would like to see additional features in Iris, contact the Iris service managers at iris@uiuc.edu. Known issues - version 5.3 Port security and Cisco switches 1) No visual indicator of Intrusion status As explained in the Port Security Scenario, you won't be visually informed when a security situation has been triggered on a "Filtered" port on a Cisco or Foundry switch. The "Filter" port security will still apply, and packets from an unapproved computer will be dropped while packets from an approved computer will be transmitted. (On a port set to "Disable," of course, the port will be shut off at an intrusion.) 2) Leave an approved computer plugged in and networked when resetting after an intrusion In order to be able to re-enable a Cisco switch port disabled by an intrusion, you'll need to leave an approved computer in place and networked while you reset the port security. Because of the way Cisco switches report error conditions, a switch is considered disabled until new communication has successfully taken place. If you remove both an intruding computer and the permitted computer before hitting reset, Iris will not be able to clear the intrusion status message because the Cisco switch will still return an error message even though the port has been re-enabled. However, if the permitted computer remains in place and is allowed to communicate with the port, clicking Reset will be followed by successful communication from the permitted computer. At that point, the Cisco switch stops returning an error message and Iris will reset its intrusion display to its normal, neutral state. Port security and Foundry switches 1) No visual indicator of Intrusion status As explained in the Port Security Scenario, you won't be visually informed when a security situation has been triggered on a "Filtered" port on a Cisco or Foundry switch. The "Filter" port security will still apply, and packets from an unapproved computer will be dropped while packets from an approved computer will be transmitted. (On a port set to "Disable," of course, the port will be shut off at an intrusion.) 2) Delay in Port Security functionality On some new Foundry switches, port security may not be immediately functional. It may take between an hour and a week for new Foundry switches to have port security enabled. If you need assistance with port security on a newly installed Foundry switch, email net-trouble@uiuc.edu. Internet Explorer and checkboxes Internet Explorer users will find that any checked row checkboxes will become unchecked when you re-sort a table. If you have marked checkboxes, avoid re-sorting a table after making your selections.
	CITES welcomes comments about our services and comments about our web site. Return to the top of this page. Last modified May 3, 2007

Services by Audience

Services by Category

General Information

Iris FAQs and Known Issues

Frequently asked questions

Iris's scope

Problems or error messages

Iris read or write permissions for a network

Training

Feature requests

Known issues - version 5.3

Port security and Cisco switches

Port security and Foundry switches

Internet Explorer and checkboxes