Security

Reply
Frequent Contributor I

ClearPass Access Tracker not showing failures

I'm in the beginning stages of deploying ClearPass and am trying to use a test laptop to connect to a guest wifi network.  I can connect to the network and have seen previously that the laptop failed auth, hitting the wrong policy due to restrictive conditions.

 

After modifying the policy and ensuring the right conditions should have been matched, I'm now not seeing any failures at all in the access tracker.  I've tried rebooting the laptop, logging out of ClearPass and back in.  It doesn't see or record any of the failures.

 

I want ClearPass to show -all- failures regardless of whether a previous failure occurred and they are still "locked out" or what have you.  Is there any way to do that?

Wireless newb
Guru Elite

Re: ClearPass Access Tracker not showing failures

Do you have a data filter enabled?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: ClearPass Access Tracker not showing failures

I do not.  I made sure to clear the filter and set the access tracker to show only the last 1 day.  I've failed login numerous times with this laptop since doing this and it hasn't shown anything for 3 hours or more.

Wireless newb
Guru Elite

Re: ClearPass Access Tracker not showing failures

Anything in Event Viewer?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: ClearPass Access Tracker not showing failures

There are some entries but they are related to sync with some of our other secondary CPPM nodes at other sites.  Nothing about the failures I'm looking for.

Wireless newb

Re: ClearPass Access Tracker not showing failures

Make sure you are pointing the radius auth to ClearPass?
Or nothing is blocking the radius traffic between clearpass and the NAD
Can you ping ClearPass from the NAD?

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I

Re: ClearPass Access Tracker not showing failures

The radius auth for this ssid is definitely pointing to the clearpass server.  It sent a log upon the first failure to the Access Tracker, but none after that.  We have no internal firewalls in between the device, controller, and the CPPM server.  

 

I can ping the CPPM server from the controller, yes.

Wireless newb
Guru Elite

Re: ClearPass Access Tracker not showing failures

Is the user in the user-table during those times?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: ClearPass Access Tracker not showing failures

It seems that when the user is still present in the user-table and they try to re-auth, it does not send any sort of failure message to CPPM.  Deleting the user from the user-table fixes this.

 

On another topic, is there any way to have a controller auto-remove a user as soon as it disconnects from station?

Wireless newb
Guru Elite

Re: ClearPass Access Tracker not showing failures

Set the user-idle-timeout to 0 in the AAA profile.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: