Network Management

last person joined: 2 hours ago 

Keep an informative eye on your network with IMC and Airwave network management solutions.
Expand all | Collapse all

Airwave and Mobility Access Switches

Jump to Best Answer
  • 1.  Airwave and Mobility Access Switches

    Posted Dec 16, 2014 03:46 PM

    Is there a way to collect client data from an Aruba Mobility Access switch that is not tunneled to the controller?

     

    For example. I have my desktop connected to a Port on my switch. I do not have it tunneling back to the controller (no need since I am not doing authentication on the port) If I go into airwave and type in my IP it will not return my computer. 

     

    I do see my switches under APs/Devices, but I don't seem to get this info back. 

     

     

    Airwave Version 8.0.5

    Access Switch S2500 Version 7.3.1.0

     

     



  • 2.  RE: Airwave and Mobility Access Switches

    Posted Dec 16, 2014 04:20 PM

    Are your ports trusted or untrusted? 

     

    When you look at the switch in AMP, do you see users listed?



  • 3.  RE: Airwave and Mobility Access Switches

    Posted Dec 16, 2014 04:25 PM

    Ports are Trusted (The Gui says 'Enabled')

     

    In AMP I do not see user data on the switches.

     

    I wouldn't necessarily expect to see a username though, as devices on these ports would not be authenticating. I would expect the MAC of the device or something similar I suspect. 



  • 4.  RE: Airwave and Mobility Access Switches

    Posted Dec 16, 2014 07:23 PM

    ereader22,

     

    "Trusted" traffic is not collected or reported on, in general.  Generally, you can expect reporting on traffic that is in the user table of a device.  If it is not in the user table, it is trusted, and data is not aggregated in specific for that device.



  • 5.  RE: Airwave and Mobility Access Switches

    Posted Dec 17, 2014 09:38 AM

    So because it is trusted I do not recieve any information about users?

     

    I would expect to see at least a MAC address, as that's the lowest level I'd expect to be stored in a switch. 

     

    Is there any way to enable reporting on trusted traffic? 



  • 6.  RE: Airwave and Mobility Access Switches
    Best Answer

    Posted Dec 17, 2014 10:51 AM

    Ereader22,

    When a port is trusted, there is no authentication taking place so there are no "users". Effectively we are behaving like a traditional L2 switch. The MAC address table is read by Airwave but not exposed in the UI, this actually applies to all network devices in Airwave.

     

    The only way to see "users" is to make the ports untrusted. Now if you just want to see the users but not do any type of user enforcement, you can put a simple AAA profile on the ports where the inital role is set to "authenticated".

     

    Best regards,

     

    Madani



  • 7.  RE: Airwave and Mobility Access Switches

    Posted Dec 17, 2014 10:53 AM

    That's actually a brilliant idea. I had not thought about that as an option. That should suit my needs well.

     

     

    Thanks for your help!



  • 8.  RE: Airwave and Mobility Access Switches

    Posted Dec 17, 2014 11:43 AM

    I just want to clarify.

     

    So there are two ways of doing this I can think of off the top of my head. The First is tunneling traffic to the controller so that I don't have to make any real changes to the switches. (since Authenticated is already setup there for our RAPs)

     

    The other way, would be creating a AAA profile on the switch itself and applying that to the ports. 

     

    Correct?

     

     

    When I go in the GUI on the switch Configuration > Authentication 

     

    It gets stuck saying Please Wait..., can you direct me to a CLI way of creating this profile on the switch?



  • 9.  RE: Airwave and Mobility Access Switches
    Best Answer

    Posted Dec 17, 2014 11:45 AM
    aaa profile <name>
       initial-role authenticated
    !
    

     

    interface-group gigabitethernet "ACCESS-PORTS"
       apply-to 0/0/1
       lldp-profile "LLDP-PROF-1"
       poe-profile "POE-PROFILE-1"
       switching-profile "ACCESS-10"
       aaa-profile <name>
       no trusted port
    !

     



  • 10.  RE: Airwave and Mobility Access Switches
    Best Answer

    Posted Dec 17, 2014 11:48 AM

    Yes you could tunnel the traffic to the controller but the easier solution assuming all you want to know is where a device is plugged in, what it's IP is, etc, would be to use the following:

     

    !
    aaa profile "SIMPLE-AUTH"
       initial-role "authenticated"
    !
    interface-group gigabitethernet "ACCESS-PORTS"
       apply-to 0/0/0-0/0/23
       aaa-profile "SIMPLE-AUTH"
       no trusted port
    !