Network Management

Reply
Regular Contributor I

Airwave question about connected user graphs

Can anyone tell me whether the number of clients displayed in the "Clients" graph (Home tab) includes ONLY authenticated clienst or does it also contain devices which are in the pre-auth role?

 

This is in the context of our open (CP) SSID on campus. We're actually trying to get a sense of how many devices are sitting in the pre-auth role with no intention of authenticating. Knowing this will help us determine whether too many devices are eating up limited IPv4 addresses and that we need to consider a diferent approach.

 

Thanks,

Mike

Guru Elite

Re: Airwave question about connected user graphs

Mdickson,

 

That list contains any devices in the user table which are in the pre-auth role, as well.

 

You probably want to run a Daily Client session report by role to see the breakdown for the period.  You should enable "session data by role" and then also report only on the SSID you want information about.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: Airwave question about connected user graphs

Thanks Colin,

 

I ran the report against our open (CP) SSID and am not sure how to interpret the results.
I'm attaching an image of the Role breakdown.

 

Ultimately I want to learn what percentage of devices on campus stay in the pre-auth role and never move into the post-auth role.

 

Screen Shot 2014-01-29 at 1.31.00 PM.png

Guru Elite

Re: Airwave question about connected user graphs

At minimum, 7870 did not progress pass the pre-auth role in that period.  The role with the dash, means that we did not have role information when we polled the controller at the time.  I have to check on that to see what else that could mean...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Airwave question about connected user graphs

Usually the dash means that information came via SNMP-Trap and the trap itself doesn't contain role information if I am not mistaken

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite

Re: Airwave question about connected user graphs

Pasquale,

 

Thank you!



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: Airwave question about connected user graphs

This report was run from "24 hours ago" until "now.

 

If I understand correctly that means at least 7870 devices (32.08%) sat in the CP pre-auth role for the last 24 hours and never went on to the authneticated role..never logged in.

 

One might conclude users of these devices have no intention of logging in via captive portal. According to the report the majority of these devices are iPhones and Androids. One might further conclude that these devices are using cellular data or pwerhaps our 802.1x ssid (is there a fast way in Airwave to check whether these devices that are "sitting-in-pre-auth" are actually using our 802.1x ssid?).

 

A question comes to mind. Leaping ahead to where this info is leading us, has anyone  taken the step of blocking smartphone access  on the open ssid and explaining to users that they can either configure for 802.1x or use cellular data when on campus?

 

This is all in the context of trying to better utilize limited IPv4 space on our wireless network.

 

Mike

Re: Airwave question about connected user graphs


mldickson wrote:

This report was run from "24 hours ago" until "now.

 

If I understand correctly that means at least 7870 devices (32.08%) sat in the CP pre-auth role for the last 24 hours and never went on to the authneticated role..never logged in.

 

One might conclude users of these devices have no intention of logging in via captive portal. According to the report the majority of these devices are iPhones and Androids. One might further conclude that these devices are using cellular data or pwerhaps our 802.1x ssid (is there a fast way in Airwave to check whether these devices that are "sitting-in-pre-auth" are actually using our 802.1x ssid?).

 

A question comes to mind. Leaping ahead to where this info is leading us, has anyone  taken the step of blocking smartphone access  on the open ssid and explaining to users that they can either configure for 802.1x or use cellular data when on campus?

 

This is all in the context of trying to better utilize limited IPv4 space on our wireless network.

 

Mike


mldickson

 

>>If I understand correctly that means at least 7870 devices (32.08%) sat in the CP pre-auth role for the last 24 hours and never went on to the authneticated role..never logged in.

 

Actually this means that within the 24-hour period for this reporting time, 7870 users were found to be in the CP pre-auth role never actually going into the post-auth role.

 

>One might conclude users of these devices have no intention of logging in via captive portal. According to the report the majority of these devices are iPhones and Androids. One might further conclude that these devices are using cellular data or pwerhaps our 802.1x ssid (is there a fast way in Airwave to check whether these devices that are "sitting-in-pre-auth" are actually using our 802.1x ssid?).

 

Does the 802.1x SSID provide captive portal? If so, yes a pre-auth role is definitely assigned to the user.

You can run a client session report against that SSID only and filter on the pre-auth role to see how many users you have.

 

>>A question comes to mind. Leaping ahead to where this info is leading us, has anyone  taken the step of blocking smartphone access  on the open ssid and explaining to users that they can either configure for 802.1x or use cellular data when on campus?

 

See this thread for some more information on how to do this as it is possible.

http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/How-can-I-filter-smart-phones-from-connecting-to-my-WLAN/m-p/111101/highlight/true#M23821

 

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Regular Contributor I

Re: Airwave question about connected user graphs


pmonardo wrote:

mldickson

 

>>If I understand correctly that means at least 7870 devices (32.08%) sat in the CP pre-auth role for the last 24 hours and never went on to the authneticated role..never logged in.

 

Actually this means that within the 24-hour period for this reporting time, 7870 users were found to be in the CP pre-auth role never actually going into the post-auth role.

 

>One might conclude users of these devices have no intention of logging in via captive portal. According to the report the majority of these devices are iPhones and Androids. One might further conclude that these devices are using cellular data or pwerhaps our 802.1x ssid (is there a fast way in Airwave to check whether these devices that are "sitting-in-pre-auth" are actually using our 802.1x ssid?).

 

Does the 802.1x SSID provide captive portal? If so, yes a pre-auth role is definitely assigned to the user.

You can run a client session report against that SSID only and filter on the pre-auth role to see how many users you have.

 

>>A question comes to mind. Leaping ahead to where this info is leading us, has anyone  taken the step of blocking smartphone access  on the open ssid and explaining to users that they can either configure for 802.1x or use cellular data when on campus?

 

See this thread for some more information on how to do this as it is possible.

http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/How-can-I-filter-smart-phones-from-connecting-to-my-WLAN/m-p/111101/highlight/true#M23821

 

 

 


 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: