Security

Reply
Frequent Contributor I
Posts: 77
Registered: ‎12-07-2015

Filter Access Tracker - Unique Rejects

Hi All, I'm implementing MAC auth and a few devices are failing as expected. However, the AT is full of rejects, many of them the same devices and it is becoming a bit hard to weed through it. Is there a way to filter unique rejects? And then possibly only display rejects that have not changed to accepts? 

 

Thank you,

 

-n

Guru Elite
Posts: 8,781
Registered: ‎09-08-2010

Re: Filter Access Tracker - Unique Rejects

Depending on the NAD you’re using, you could send accepts and then blackhole them at the controller/AP/switch.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 96
Registered: ‎04-09-2007

Re: Filter Access Tracker - Unique Rejects

Not sure you can get this from the access tracker directly...... you are going to see many MAC rejects- that's how they get to the captive portal page...

 

you could enable access to the insight database... setup some sql to grab users that had more than x number of rejects in a timeframe from the auth table with no success or perhaps a  join on radius_auth with radius_acct and select macs that only show up in radius_auth (ie never got a session, only rejects)

 

Hmm that could be interesting... but I think it'll still be many macs and no info about whom they belong too.... useful for a wall of shame perhaps?

Search Airheads
Showing results for 
Search instead for 
Did you mean: