Security, WIDS/WIPS and Aruba ECS

Reply
Contributor I
Posts: 55
Registered: ‎09-05-2011

Guest User DHCP Auditing

I am configuring a Captive Portal solution using the controller's DHCP server (I am only expecting ten guest users or less at any time) and I can log the guest user traffic using the firewall policy but I can't seem to match the IP address assigned via DHCP to the local user account created by the receptionist for the guest user. Is there any way to log which guest user was assigned which IP address via DHCP? For example, Bob Smith from ABC Company was assigned 10.50.100.10 at 09:30 and Bob Smith from ABC Company released the 10.50.100.10 address at 10:30?


Crowdie
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Guest User DHCP Auditing

You would type "show audit-trail x" which would tell who created what user.

You would then turn on user logging authentication, which would show which user logged on with what ip address http://airheads.arubanetworks.com/vBulletin/showthread.php?t=2042


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 55
Registered: ‎09-05-2011

Re: Guest User DHCP Auditing

Colin,

Thanks for that mate.

Will the authmgr logging also log when a user releases the IP address?



Crowdie
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Guest User DHCP Auditing


Colin,

Thanks for that mate.

Will the authmgr logging also log when a user releases the IP address?



Crowdie




It will not, unfortunately...... A lot of clients when they roam out of coverge, of the user closes down the laptop, do not release their ip address, anyway...


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 55
Registered: ‎09-05-2011

Re: Guest User DHCP Auditing

If we use the DHCP server in the controller can we configure the logging so that we can see when the DHCP server releases the IP address?



Crowdie
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Guest User DHCP Auditing

It does not log when it releases, unfortunately.

You can see what you can see via DHCP using the instructions here: http://airheads.arubanetworks.com/vBulletin/showthread.php?t=2373


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 55
Registered: ‎09-05-2011

Re: Guest User DHCP Auditing

What is the best way to audit guest users connecting through a captive portal?

In particular we need:


  • Who the user is and what IP address they have received via DHCP
  • What traffic that user has generated
  • When the user left the captive portal


The reason we need this is that the New Zealand government just passed a law (http://www.legislation.govt.nz/act/public/2011/0011/latest/DLM2764312.html) that makes the gateway owner responsible for illegal downloads (music, software, movies, etc.). On the issuing of a third warning for illegal software downloading the gateway owner can be charged with fines up to NZ$15,000. Therefore, all guest wireless installations now need some very serious auditing.
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Guest User DHCP Auditing

Probably the best way is to configure a radius accounting server in the AAA profile and then send radius accounting records to that server. You can then use a software package to parse the radius accounting data. I do not endorse the package here: http://www.radiusreporting.com/, but from looking at it you can understand what you can get from radius accounting logs.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: