Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Access Tracker not showing failures

This thread has been viewed 2 times

  • 1.  ClearPass Access Tracker not showing failures

    Posted Jun 05, 2017 04:52 PM

    I'm in the beginning stages of deploying ClearPass and am trying to use a test laptop to connect to a guest wifi network.  I can connect to the network and have seen previously that the laptop failed auth, hitting the wrong policy due to restrictive conditions.

     

    After modifying the policy and ensuring the right conditions should have been matched, I'm now not seeing any failures at all in the access tracker.  I've tried rebooting the laptop, logging out of ClearPass and back in.  It doesn't see or record any of the failures.

     

    I want ClearPass to show -all- failures regardless of whether a previous failure occurred and they are still "locked out" or what have you.  Is there any way to do that?



  • 2.  RE: ClearPass Access Tracker not showing failures

    EMPLOYEE
    Posted Jun 05, 2017 05:17 PM
    Do you have a data filter enabled?


  • 3.  RE: ClearPass Access Tracker not showing failures

    Posted Jun 05, 2017 05:41 PM

    I do not.  I made sure to clear the filter and set the access tracker to show only the last 1 day.  I've failed login numerous times with this laptop since doing this and it hasn't shown anything for 3 hours or more.



  • 4.  RE: ClearPass Access Tracker not showing failures

    EMPLOYEE
    Posted Jun 05, 2017 05:44 PM
    Anything in Event Viewer?


  • 5.  RE: ClearPass Access Tracker not showing failures

    Posted Jun 05, 2017 05:46 PM

    There are some entries but they are related to sync with some of our other secondary CPPM nodes at other sites.  Nothing about the failures I'm looking for.



  • 6.  RE: ClearPass Access Tracker not showing failures

    Posted Jun 05, 2017 05:53 PM
    Make sure you are pointing the radius auth to ClearPass?
    Or nothing is blocking the radius traffic between clearpass and the NAD
    Can you ping ClearPass from the NAD?

    Get Outlook for iOS


  • 7.  RE: ClearPass Access Tracker not showing failures

    Posted Jun 05, 2017 05:58 PM

    The radius auth for this ssid is definitely pointing to the clearpass server.  It sent a log upon the first failure to the Access Tracker, but none after that.  We have no internal firewalls in between the device, controller, and the CPPM server.  

     

    I can ping the CPPM server from the controller, yes.



  • 8.  RE: ClearPass Access Tracker not showing failures
    Best Answer

    EMPLOYEE
    Posted Jun 05, 2017 06:00 PM
    Is the user in the user-table during those times?


  • 9.  RE: ClearPass Access Tracker not showing failures

    Posted Jun 05, 2017 06:15 PM

    It seems that when the user is still present in the user-table and they try to re-auth, it does not send any sort of failure message to CPPM.  Deleting the user from the user-table fixes this.

     

    On another topic, is there any way to have a controller auto-remove a user as soon as it disconnects from station?



  • 10.  RE: ClearPass Access Tracker not showing failures

    EMPLOYEE
    Posted Jun 05, 2017 06:44 PM
    Set the user-idle-timeout to 0 in the AAA profile.