Security

Wouldn't you like to troubleshoot a wireless device in AirWave directly from ClearPass Access Tracker ?

 

ClearPass - 6.4.4.x

AirWave - 8.0.6.1

 

- First add Airwave as a EndPoint Context Server

 

 

- Go to Access Tracker and select one of the authentication request entries

 

 

- You should be able to see to see the Open In AirWave link which should take to the Diagnostic Page in Airwave if the client is connected and if the client is no longer connected it will take you to the Client Detail page

 

Diagnostic Page

 

Hope you guys find this helpful

Hello,

 

After clicking on "Open in Airwave", I am rediracted to the page and logged in as admin but I get the following error message "Access Denied. You don`t have permission to view this object."

Do you maybe know what is the reason?

 

Best Regards,

 

Naida

 

Hi,

 

Could you share the screen shot, does the Airwave user credentials which you have provided in CPPM have full admin right?

 

When you directly login with those credentials in to Airwave, does it throwing same error message?

 

Have you checked the validate server certificate box?

 

Regards

Pavan

Hi Pavan,

 

Thanks for the quick reply. I have attached the screenshots.

 

I do not get this error message when I log in directly with these credentials.

 

Yes, I have checked it. 

 

Best Regards,

 

Naida

Hi Naida,

 

When you click on Ariwave link in access tracker, does that client which you are looking at is present in Airwave database? Could you manually search with username/mac addresses in Airwave and check?

 

Could you compare the URLs which its redirecting when you click in access tracker and manually login.

 

Regards,

Pavan

 

For example, MAC address 30-8d-99-c0-84-7b is present in the Access tracker but not in the Airwave client list. 

I have checked for 2 different MAC addresses and the same situation, they are present in CP Access Tracker but not in Airwave client list.

 

The redirect URL: https://(OUR IP ADDRESS)/client_monitoring?mac=94:57:A5:C0:23:C2

 

The manual URL: https://(OUR IP ADDRESS)/client_all

 

I have tried manually this The manual URL: https://(OUR IP ADDRESS)/client_monitoring and I get the same error message as when redirected from CPPM.

I made a mistake when typing, I tried this: https://(OUR IP ADDRESS)/client_monitoring and got the same error message as when redirected. :)

Hi,

 

When we manually login and navigate to client detail page it will take us to

https://<IP>/client_monitoring?mac=24:77:03:C4:3D:18

 

It looks page redirection URL link is correct, it is taking you to client detail page.

 

Try search mac in this format 94:57:A5:C0:23:C2 not 30-8d-99-c0-84-7b

 

 

In Airwave right top, selet highlighted option and search MAC if client not listed in Airwave then its expected behaviour.

 

Regards,

Pavan

Hi Pavan,

 

I tried searching for various MAC addresses from CPPM Acess Tracker and cannot find any of them in the client list. 

 

Do you maybe know why?

 

Best Regards,

 

Naida

Naida,

 

Does the client listed in access tracker is latest? Airwave retain the client information based on retention value we set in AMP Setup > Genreal > Historcial Retetnion setting.

 

If client is older than retention value then we no longer see in Airwave it might got purged during nighlty maintainence.

 

Client session is latest but not listed in Airwave then either NAD device which client is associated is not added in Airwave or client details are not getting updated in Airwave.

 

Regards,

Pavan

If my post addresses your query give kudos:)

Hello Pavan,

 

Yes, the client MAC addresses which I have tested are the latest.

None of the MAC addresses which are present in the Access tracker can be found in Airwave. 

I have added the CPPM nodes to the Airwave. Is there something else that I am missing?

 

Best Regards,

 

Naida

Naida,

 

We need to add controllers/APs or IAPs to which clients is associated.in Airwave. 

 

Regards,

Pavan

Thanks for the tutorial, very useful and i am looking to implement it here at my workplace. Question: does the account need admin privileges or can it be a readonly account?

You can use a read only local AirWave account



Thank you

Victor Fabian

Pardon typos sent from Mobile

Is there any similar functionality with Aruba Central On-Prem? We currently have CPPM 6.9.x but will be moving to 6.11.x

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer
------------------------------

Original Message:
Sent: Mar 07, 2018 08:05 AM
From: Victor Fabian
Subject: ClearPass Tips and Tricks : AirWave Diagnostic Link

You can use a read only local AirWave account



Thank you

Victor Fabian

Pardon typos sent from Mobile

Hi

Yes, from version 6.11.0 the same feature is also possible with Central.

From the release note:

The following new features are introduced in Endpoint Context Servers in the 6.11.0 release.

*

A new endpoint context server of type Central is now added. When an endpoint context server of this type is created and registered in either Aruba Central or Central on Premises (CoP), its information page in Central or in the CoP instance can be opened directly from the Access Tracker. To use this feature, go to the Administration > External Servers > Endpoint Context Servers > Add > Server tab, select Aruba Central as the server type, complete the rest of the configuration, and save the context server. After it is created, you can go to Monitoring > Live Monitoring > Access Tracker and click the Open in Central link in the server's Request Details form. As part of this feature, REST API support is also added in the Integrations > EndpointContextServer API. (CP‑42573)

6.11 Release Notes

------------------------------
Best Regards
Jonas Hammarbäck
MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------

Original Message:
Sent: Jul 19, 2023 08:37 AM
From: bosborne
Subject: ClearPass Tips and Tricks : AirWave Diagnostic Link

Is there any similar functionality with Aruba Central On-Prem? We currently have CPPM 6.9.x but will be moving to 6.11.x

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer

Original Message:
Sent: Mar 07, 2018 08:05 AM
From: Victor Fabian
Subject: ClearPass Tips and Tricks : AirWave Diagnostic Link

You can use a read only local AirWave account



Thank you

Victor Fabian

Pardon typos sent from Mobile