09-23-2015 06:12 AM
ok. having just got eap-tld and eap-peap authenticating from 1 service, I've rolled out the config to our eduroam service on our production box and again I've got peap and tls work together from one service.
However, we've got about 15K peap users on this ssid and currently 1 tls user. Under Live Monitoring/Acess Tracker, how can I search for TLS auth types? I would have thought the filter attribute Auth-type would have done it, but when I select it, there's nothing in the field ( cppm 6.5.2)
On my dev serverthere's nothing but dev traffic so the logs don't get swamped.
Solved! Go to Solution.
09-23-2015 06:14 AM - edited 09-23-2015 06:21 AM
Unfortunately you can't filter access tracker by EAP method.
You could however try to use a data filter, but you'd have to flip back and forth.
EDIT: That data filter won't work
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
09-23-2015 07:23 AM
09-23-2015 07:34 AM
Good idea, already generate a batch of roles based upon user/machine os,service used for our eap and macauth services, just haven'tt done it yet for TLS.
I suspect that TLS is going to be one of those things that sneaks up on us and ends up being important. We've got Apple TVs, wireless VOIP phones, (possible) Android based information systems and airwatch managed mobile devices that need network connectivity with multi-user support.
Given that clearpass lets you generate your own CA and also provides you with an OCSP service, saves doing things from the CLI with a standalone OCSP server and openssl so its going to be easy to meet TLS requriements than it was before.