Wireless Access

last person joined: 20 minutes ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.

802.1x clients losing Priviledges granted through clearpass accounting proxy

  • 1.  802.1x clients losing Priviledges granted through clearpass accounting proxy

    Posted Sep 17, 2018 12:27 PM


    started using an 802.1x ssid this year,  all is working great except for the accounting proxy.  The proxy target is a web filtering appliance.  It would seem,  as we come in for the day and get onto the wireless, I am granted my privileged internet access.  

    As I am walking around through out the building or buildings, I am no longer a privileged user, and the web filtering appliance reports it does not know who I am (no username on the reported traffic).

    If I go onto the controller, and aaa user del myself.  After re-auth, all is good with the world and I am able to look at instagram again (my only peace in the day).  Here are my specs,  any thoughts?

    Aruba 7240 controllers,  running Version
    CPPM v6.7.5

    Here is my AAA Auth Profile

    Parameter                           Value
    ---------                           -----
    Initial role                        denyall
    MAC Authentication Profile          NA
    MAC Authentication Default Role     denyall
    MAC Authentication Server Group     default
    802.1X Authentication Profile       HS-Secure-dot1x_prof
    802.1X Authentication Default Role  denyall
    802.1X Authentication Server Group  cppm_srvgrp
    Download Role from CPPM             Disabled
    Set username from dhcp option 12    Disabled
    L2 Authentication Fail Through      Disabled
    Multiple Server Accounting          Disabled
    User idle timeout                   NA
    Max IPv4 for wireless user          2
    RADIUS Accounting Server Group      cppm_srvgrp
    RADIUS Roaming Accounting           Disabled
    RADIUS Interim Accounting           Enabled
    XML API server                      NA
    RFC 3576 server                     NA
    User derivation rules               NA
    Wired to Wireless Roaming           Enabled
    SIP authentication role             N/A
    Device Type Classification          Enabled
    Enforce DHCP                        Disabled
    PAN Firewall Integration            Disabled
    Open SSID radius accounting         Disabled