Security

Reply
Frequent Contributor II
Posts: 135
Registered: ‎07-06-2012

Using username and password for single access and Traffic analysis

Hello,

 

Can I use active directory username and password for following options:

 

1- If someone used this username/password to access the network other people are not allowed to access using the same username/password ? (in other words as long as the user using this username/password is in network other users are not allowed to use the same user/password.

 

2- I want to map this username/password to the ip grantined to users and then make a traffic analysis using this information (maybe through AirWave?). 

 

 

Guru Elite
Posts: 20,578
Registered: ‎03-29-2007

Re: Using username and password for single access and Traffic analysis

If you are using Captive Portal on the Aruba controller, you can use the "Single Session" option in the Captive Portal authentication profile to stop users with the same username from authenticating twice.  If the user is using 802.1x, you can only prevent that with a Radius Server like Clear Pass Policy Manager.

 

Using Airwave you can track the location of a user/device for the last 24 hours on the map, but track what access point they were on for a year, depending on if you have enough disk space.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 135
Registered: ‎07-06-2012

Re: Using username and password for single access and Traffic analysis

Hi Colin,

 

Do you mean tracking clints is just knowing which AP they are connected to ? we need to track their actions which server/websites/protocol/services/applications they are using and the amount of traffic and we need to match it by username to know that the guy called XYZW is visiting Facebook alot spending 10 hours connected to network and so on.

Guru Elite
Posts: 20,578
Registered: ‎03-29-2007

Re: Using username and password for single access and Traffic analysis

You would need to enable the "log" parameter in the firewall policy applied to the user.  You would then also configure an external syslog server.  The output will only show the source and destination ip address and port.  It will not resolve addresses like "facebook.com".  I would consult a commercial web proxy/filtering solution to address that need.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Moderator
Posts: 1,251
Registered: ‎10-16-2008

Re: Using username and password for single access and Traffic analysis

Scheduled for AMP 7.7, there will be a Firewall component in AMP.  This component will track destinations and applications, with drill down options to get to traceback to a user.  The controller PEF+NG license will be a prerequisite for this feature to work.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
MVP
Posts: 1,408
Registered: ‎10-25-2011

Re: Using username and password for single access and Traffic analysis

[ Edited ]

That is awesome news Rob!

 

Good to hear. Any news on release date?

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
Showing results for 
Search instead for 
Did you mean: