Security

Reply
Contributor II
Posts: 37
Registered: ‎05-18-2014

CPPM Access Tracker - Multiple auth requests in short periods of time

As the title says, I see devices that appear to be authenticating against CPPM multiple times in the span of minutes. The attached screenshot shows my iPad hitting CPPM on a Sunday morning. I was the only one at work, so all of those entries in the access tracker are from my one device.

 

My questions are the following:

1 - Does each entry in the access tracker correlate to an authentication request?

2 - If so, based on this screenshot why would my iPad be attempting to authenticate against CPPM so often?

3 - What could be configured to correct this? Mac auth?

Guru Elite
Posts: 8,048
Registered: ‎09-08-2010

Re: CPPM Access Tracker - Multiple auth requests in short periods of time

1) Yes

2) What generation iPad? It could be going to sleep and completely turnng its radio off.

3) Why do you want to correct it? There's nothing wrong with what's happening.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor II
Posts: 37
Registered: ‎05-18-2014

Re: CPPM Access Tracker - Multiple auth requests in short periods of time

It's whatever the latest gen iPad is. I can't keep track anymore, they all look/work the same. :)

 

I had assumed that maybe something was configured wrong as the access tracker shows auth attempts within seconds of other auth attempts. I'm still very new to CPPM so I'm learning how these things actually work while going live with our deployment.

 

How many of these access requests can the 25K HW appliance handle at a time?

Guru Elite
Posts: 8,048
Registered: ‎09-08-2010

Re: CPPM Access Tracker - Multiple auth requests in short periods of time

Try and see if you see the same behavior during the day when people are actively using the devices.

The HW 25k can (in theory) do between 250 and 300 authentications per second.

Sent from Surface Pro 3

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Aruba
Posts: 1,536
Registered: ‎06-12-2012

Re: CPPM Access Tracker - Multiple auth requests in short periods of time

All clear pass is doing is responding to the auth requests that are coming in from the NAS devices. I've see this before where the device is in a spot that is between two APs and the devices cant decide which one to stay on.

What are the APs. Aruba, Cisco etc and are they instant, controller based?
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor II
Posts: 37
Registered: ‎05-18-2014

Re: CPPM Access Tracker - Multiple auth requests in short periods of time

We're a new Aruba deployment, so this testing is being done in my office lab (one AP225, 7220, 25k HW appliance).

 

The attached screen is an iPhone 4S. It hit CPPM like 10 times in the span of a minute. This took place right after the phone was connected to our 802.1x SSID, so it wasn't sleep/idle/low power mode.

 

Other devices in the lab are showing multiple auth requests, but not nearly as often. Is this specific to Apple devices?

Contributor II
Posts: 37
Registered: ‎05-18-2014

Re: CPPM Access Tracker - Multiple auth requests in short periods of time

Just an update, in case other people are seeing something similar on their Aruba controller/CPPM setups.

 

Had TAC on the phone for another issue in CPPM and they noticed in the access tracker that certain users appeared to be sending auth requests repeatedly (some displayed multiple reqs at the exact same second). Via the controller CLI we verified via the auth trace buffer that despite its appearance only one auth request was being sent after radius accept. Everything appears to be working as it should.

 

I'm going to test this some more with iDevices as they seem to be the ones that are showing multiple auth reqs in CPPM. If I figure anything out I'll be sure to update this thread. :)

Contributor II
Posts: 48
Registered: ‎03-16-2014

Re: CPPM Access Tracker - Multiple auth requests in short periods of time

What you see in access tracker is simply the requests that had been sent to CPPM from the NAS-IP so modify your settings on NAS and you may got what yo are looking for.

Islam Zidan │ Professional Services Engineer | ACCP,ACMP,CWDP,CWNA,CCNP,MCITP,Competia A+
If you Found My Post Helping you kindly Give KUDOS and if it solved your question Kindly hit Accept as a solution box.
Search Airheads
Showing results for 
Search instead for 
Did you mean: