Security

Up till the start of this week, every time I've looked at our 25K license CPPM  cluster we've been using "about" 16K licenses. Nothing has changed on our nework but this week the CPPM GUI started telling us that we'd exceeded our 25K license limit to the tune of 500 - 600 devices above the 25K which means we've had a sudden jump of ~4.5K  licensed cppm users but according to AirWave, our average daily ussage is constant at about 13K

 

. CPPM is predominately used for wireless access at the moment with some wired connectivity.

 

Found this in another article here :-

 

Licensing is based on the number of unique authenticating endpoints (devices) per day.

• This is averaged across a 7 day period to take into account normal peaks and valleys to determine whether or not you are exceeding your limit.
• If you exceed your limit you will get a warning in the WebUI
• If it was an abnormal week, nothing will happen and that warning will disappear.
• If you exceed your license count for 4 out of 6 months, administrator will be prevented from making any policy changes, running any usage reports or troubleshooting any connectivity issues that might arise.
• At no point will the system stop authenticating users – even if you exceed the license limit.

Trying to find out why we've had this sudden jump. I've heard that iOS9 and windows 10 make use of randomly generated  mac addresses hen connected to wireless. Given that licensing is based upon active authenticating endpoints, might this be confusing the license manager in cppm into thinking we've more active authentications than there are present?

 

A

Are you using load balancing on your server group? 

How does this server compare to the others on regards to number of authentications per day? 


Thanks, 
Tim

We have a 5 VM cluster (clearpass0-4])  of 5K licensed VMs giving a license pool size of 25K. Auth requests are load balanced across clearpass[1-4] leaving the master publisher free to do "its thing" and not have to wory about authentication.

 

Auth authentication load balancing is handled by a F5 box that performs "Sticky persistence" based upon client calling station id. All traffic from a given mac address is pointed at a particular back end server for a fixed period long enough for an EAP dialogue to happen.

 

When I log onto the master publisher I get a warning about exceeding recommended capacity.

 

A

 

Was there a conference or other large event?

Also, can you run a 1 day and 7 day client session report from AirWave and post the number of unique clients (it's all the way at the bottom).

 

iOS only randomizes pre-association packets and Windows 10 can do per SSID MAC address but most devices don't support it. 


Thanks, 
Tim

Well, max 1 day count for yesterday was 12303, 7 day count was 12380

Got aprox 2.5K's worth of possible wired mac/dot1x auths that'll use our cppm cluster as well.

 

A