Network Management

Reply
Regular Contributor I
Posts: 195
Registered: ‎02-10-2014

Airwave and Mobility Access Switches

Is there a way to collect client data from an Aruba Mobility Access switch that is not tunneled to the controller?

 

For example. I have my desktop connected to a Port on my switch. I do not have it tunneling back to the controller (no need since I am not doing authentication on the port) If I go into airwave and type in my IP it will not return my computer. 

 

I do see my switches under APs/Devices, but I don't seem to get this info back. 

 

 

Airwave Version 8.0.5

Access Switch S2500 Version 7.3.1.0

 

 

Guru Elite
Posts: 8,015
Registered: ‎09-08-2010

Re: Airwave and Mobility Access Switches

Are your ports trusted or untrusted? 

 

When you look at the switch in AMP, do you see users listed?


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor I
Posts: 195
Registered: ‎02-10-2014

Re: Airwave and Mobility Access Switches

Ports are Trusted (The Gui says 'Enabled')

 

In AMP I do not see user data on the switches.

 

I wouldn't necessarily expect to see a username though, as devices on these ports would not be authenticating. I would expect the MAC of the device or something similar I suspect. 

Guru Elite
Posts: 20,379
Registered: ‎03-29-2007

Re: Airwave and Mobility Access Switches

ereader22,

 

"Trusted" traffic is not collected or reported on, in general.  Generally, you can expect reporting on traffic that is in the user table of a device.  If it is not in the user table, it is trusted, and data is not aggregated in specific for that device.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 195
Registered: ‎02-10-2014

Re: Airwave and Mobility Access Switches

So because it is trusted I do not recieve any information about users?

 

I would expect to see at least a MAC address, as that's the lowest level I'd expect to be stored in a switch. 

 

Is there any way to enable reporting on trusted traffic? 

Aruba
Posts: 429
Registered: ‎05-30-2012

Re: Airwave and Mobility Access Switches

Ereader22,

When a port is trusted, there is no authentication taking place so there are no "users". Effectively we are behaving like a traditional L2 switch. The MAC address table is read by Airwave but not exposed in the UI, this actually applies to all network devices in Airwave.

 

The only way to see "users" is to make the ports untrusted. Now if you just want to see the users but not do any type of user enforcement, you can put a simple AAA profile on the ports where the inital role is set to "authenticated".

 

Best regards,

 

Madani

Regular Contributor I
Posts: 195
Registered: ‎02-10-2014

Re: Airwave and Mobility Access Switches

That's actually a brilliant idea. I had not thought about that as an option. That should suit my needs well.

 

 

Thanks for your help!

Regular Contributor I
Posts: 195
Registered: ‎02-10-2014

Re: Airwave and Mobility Access Switches

I just want to clarify.

 

So there are two ways of doing this I can think of off the top of my head. The First is tunneling traffic to the controller so that I don't have to make any real changes to the switches. (since Authenticated is already setup there for our RAPs)

 

The other way, would be creating a AAA profile on the switch itself and applying that to the ports. 

 

Correct?

 

 

When I go in the GUI on the switch Configuration > Authentication 

 

It gets stuck saying Please Wait..., can you direct me to a CLI way of creating this profile on the switch?

Guru Elite
Posts: 8,015
Registered: ‎09-08-2010

Re: Airwave and Mobility Access Switches

[ Edited ]
aaa profile <name>
   initial-role authenticated
!

 

interface-group gigabitethernet "ACCESS-PORTS"
   apply-to 0/0/1
   lldp-profile "LLDP-PROF-1"
   poe-profile "POE-PROFILE-1"
   switching-profile "ACCESS-10"
   aaa-profile <name>
   no trusted port
!

 


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Aruba
Posts: 429
Registered: ‎05-30-2012

Re: Airwave and Mobility Access Switches

Yes you could tunnel the traffic to the controller but the easier solution assuming all you want to know is where a device is plugged in, what it's IP is, etc, would be to use the following:

 

!
aaa profile "SIMPLE-AUTH"
   initial-role "authenticated"
!
interface-group gigabitethernet "ACCESS-PORTS"
   apply-to 0/0/0-0/0/23
   aaa-profile "SIMPLE-AUTH"
   no trusted port
!

Search Airheads
Showing results for 
Search instead for 
Did you mean: