Security

 View Only
last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass REJECT

This thread has been viewed 30 times
  • 1.  ClearPass REJECT

    Posted 15 days ago
    I am seeing multiple REJECT messages in Asset Tracker.  The end-host Id is the Airwave server IP address and the Access device is the Mobility Master.  The username is admin.   If Airwave trying to connect to Mobility Master using an admin account?


  • 2.  RE: ClearPass REJECT

    MVP GURU
    Posted 15 days ago
    Could you share more? Perhaps screenshots of the access tracker records?

    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 3.  RE: ClearPass REJECT

    Posted 15 days ago
      |   view attached
    The alert message is "user not found".  But I'm trying to understand if/why Airwave is trying to access Mobility Master with an admin account.  As mentioned, the End-Host is the Airwave server and the Access device is the Mobility master.


  • 4.  RE: ClearPass REJECT

    MVP GURU
    Posted 15 days ago
    Someone must have configured Airwave to query the Mobility Conductor with the account "admin". This can be found under the communication settings in airwave. This must be hitting a service that is not created to handle logins from airwave.

    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 5.  RE: ClearPass REJECT

    Posted 15 days ago
    You are right.  I went under Communication and selected edit for "aruba" from default credentials list and I see that there is a telnet/SSH username "admin".  What is the purpose of this account?  How do I stop this from querying the Mobility Conductor?

    ------------------------------
    Peter
    ------------------------------



  • 6.  RE: ClearPass REJECT

    EMPLOYEE
    Posted 11 days ago
    Could it be that under Device Setup / Discover, you configured discovery scans? Those will do a credential scan with the default credentials and may be what you see.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 7.  RE: ClearPass REJECT

    Posted 11 days ago
    I beleive you are correct.  I see that I created an "admin" telnet/SSH under Device Setup > Communication > Aruba (edit)

    ------------------------------
    Peter
    ------------------------------