Wireless Access

Reply
Frequent Contributor II
Posts: 110
Registered: ‎01-25-2013

Radius Auth Spam

[ Edited ]

Hey guys,

 

Just another quick one; we have a number of desktops that are using a Wifi dongle to connect to our 802.1X network, and we're noticing that these devices are authenticating to Radius (ClearPass) 5-6 times every 30-60 seconds. Now, I can only assume that these dongles are being thrown around from AP to AP due to Client Match and that each time it switches it's going to have to reauth (tried using 802.11r to compensate for this, but the network is just too large for it to be viable), but other than pushing something through our registry management tool to change the roaming tendancies on all of the dongle's drivers, is there something else that I can look at that'll help me figure out why these devices are having to re-auth so much?

 

Thank you!

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Radius Auth Spam

Let's start with the type of dongle and the driver version...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 110
Registered: ‎01-25-2013

Re: Radius Auth Spam

Sure. The dongle is the Netgear A6200 with the latest driver from Netgear's website.

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Radius Auth Spam

[ Edited ]

1.  Get the mac address of a device with the problem

2.  execute "show ap arm client-match history client-mac <client-mac> " to see if clientmatch is even involved



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 110
Registered: ‎01-25-2013

Re: Radius Auth Spam

Colin,

 

I've got one event showing Client Match moving this device to another AP, and it was successful (via CLI).

 

From the GUI, I can confirm seeing the same (1 of 1 CM successful).

 

However, via ClearPass, I see this machine re-authing (rekeying) every 15-30 seconds, sometimes more. What else should I check for?

 

Thanks!

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Radius Auth Spam

How much coverage do you have? How many access points you can see from your location? What is the power level on your access points in the area and how far apart are they?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 110
Registered: ‎01-25-2013

Re: Radius Auth Spam

Coverage minimum is -65dBm on both 2.4GHz and 5.0GHz, with Band Steer for a-radio set preferentially. There are 3 other APs within range of this dongle. Power levels are being managed by ARM, and all are within normal limits. The APs are roughly 60-75ft apart from one another.

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Radius Auth Spam

Normal limits is different for everyone.  What power are your access points currently?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 110
Registered: ‎01-25-2013

Re: Radius Auth Spam

True. On the floor where the device is, our APs are transmitting at 9 dbm on g and 22 dbm on a.

Search Airheads
Showing results for 
Search instead for 
Did you mean: