03-19-2015 08:24 AM
One of my customers is experiencing an odd issue whereby some Known clients are changed back to Unknown within seconds in the Endpoint Database.
This is not directly related to a client's access request and will happen at any time, alhought it does not affect all clients.
An Aruba Support case has been created for this, but I thought about asking here in cae anybody else has seen this before.
03-19-2015 08:26 AM
That should not happen so quickly, unless you have a rule that changes the known/unknown status of those devices. The value should stay put, at least for 24 hours with no issue....
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
03-25-2015 02:34 AM
"The value should stay put, at least for 24 hours with no issue...."..
euhm.. I'll put this to weird phrasing but.. the only reason why an endpoint would change known to unknown is if the endpoint was removed (cleanup) and rediscovered or changed by an enforcement policy right?
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
03-25-2015 02:39 AM
Annoyingly enough, the issue has now stopped manifesting itself (right after I had escalated the case to Aruba TAC).
In terms of enforcement, the policy used was the Sample Allow All, but what's more important is that the reverting back to unknown did not jut happen upon connection to a wireless network. It happen as soon as the endpoint was manually marked a known by the administrator.
One clue that is missing from the description is that ClearPass was synchronising with Airwatch to import known endpoints. However, when the issue begun, we deleted Airwatch altogether from the list of Context servers and the issue carried on happening even when manually deleting, recreating the endpoint.
All the Database cleanup times were and still are set to default.
I've sent the logs to support in the hope the captured some relevant information, but I am now waiting for the issue to appear again.