Security, WIDS/WIPS and Aruba ECS

Reply
Contributor I
Posts: 27
Registered: ‎05-13-2010

Client Reconnects with Bogus credentials and he can pass traffic

I have the same default settings in 6.1.2.3

User idle timeout = 300 seconds
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes
User Interim stats frequency = 600 seconds


I am not sure if I have something similar. When a client disconnects from the WLAN and tries to connect to it again but uses bogus credentials he is able to join the network. If we wait for 5 - 10 minutes he doesn't authenticate.
Guru Elite
Posts: 20,337
Registered: ‎03-29-2007

Re: Client Reconnects with Bogus credentials and he can pass traffic

Moved this to a new thread.

When you say you put in bogus credentials, are you using Enterprise Encryption or Captive Portal for Client authentication?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 27
Registered: ‎05-13-2010

Re: Client Reconnects with Bogus credentials and he can pass traffic

We used Enterprise Encryption. So lets say that funtimes\larryc logs onto the wireless device and gets authenticated. No he signs off and we try funtimes\bogus the controller authenticates him and I am just curious as to why it would allow him onto the wireless network and not ask the radius server for someone new even though it is the same machin?
Guru Elite
Posts: 20,337
Registered: ‎03-29-2007

Re: Client Reconnects with Bogus credentials and he can pass traffic

It should and we should see that happening. When a user logs off, we should see a deauthenticate from that client.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 866
Registered: ‎04-13-2009

Re: Client Reconnects with Bogus credentials and he can pass traffic

Hi scarvin33,

Can you verify this is what's occurring?

If you do "show user | include " what user do you see? Also note the MAC address.

I'd suggest to connect to the wireless with funtimes\larryc then disconnect then connect with funtimes\bogus then do "show auth-tracebuf | include ".

Can you post the result back here so we can have a look?
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
Showing results for 
Search instead for 
Did you mean: