Network Management

Reply
Frequent Contributor I
Posts: 85
Registered: ‎04-05-2011

Airwave Client IP history

[ Edited ]

I am running Airwave 7.7.1, and i was given a request to try and track down a student who was bit torrenting a movie yesterday.  I swear that in the older versions of airwave i was able to go into "clients" and then "all" to see historical clients, and then view the IP address they were assigned.  i dont see that in 7.7.1, and IP address is not listed as one of the available columns to view.  Am i missing something?  Maybe there is a better way to do it, all I need is go back and see all the clients that were using the IP at a certain point in time yesterday.  Is this possible? 

 

Thanks.

 

Edit: Sorry wrong forum, can a mod move this to the Airwave forum?  Thats what happens when yo have to many tabs open.... 

Moderator
Posts: 1,244
Registered: ‎10-16-2008

Re: Airwave Client IP history

[ Edited ]

The Clients -> All page is designed to show all clients who've ever appeared in your network (based on AMP Setup -> Historical Data Retention).  Since the IP addressing of a client can vary and is re-used, that column is not shown on the All page.  You might be thinking of the Clients -> Connected page which shows all current connections which would include the current connected IP address.

---------------------------

When focusing on a specific time period, the better way to go about this is to start by running a report.  Run a client session report for the time span of the period in question (include details for each client and each session).  Then sort the client sessions by usage.  Then drill down into the client's detail pages that show usage that could fit that of bittorrenting movies.  This is just guessing though since streaming a movie could appear similar to bittorrenting a movie.

 

The correlation of this works better if you tie in the data with the Firewall tab (requires controller to be on at least AOS 6.3, PEFNG license, and controller needs to point AMON data to AirWave).  The span of data stored is based on available disk space, so you may get lucky and have enough space to have multiple days of history in relation to firewall data (depends largely on client count).  This data will give you a breakdown of users across applications and destinations.  The controller translates the applications to show bittorent/youtube/etc.  Destinations will translate to google.com or mail.school.edu.  Then you can correlate the traffic to the user.

 

Here's an example:

firewall overview.jpg

Youtube is one of the top 10 destinations of clients for the past 2 hours (time range is configurable).  And then there's capability to drill down further and see who's using youtube.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Search Airheads
Showing results for 
Search instead for 
Did you mean: