Security

I am seeing multiple REJECT messages in Asset Tracker.  The end-host Id is the Airwave server IP address and the Access device is the Mobility Master.  The username is admin.   If Airwave trying to connect to Mobility Master using an admin account?

Could you share more? Perhaps screenshots of the access tracker records?

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Aug 04, 2022 03:26 PM
From: Peter Abene
Subject: ClearPass REJECT

I am seeing multiple REJECT messages in Asset Tracker.  The end-host Id is the Airwave server IP address and the Access device is the Mobility Master.  The username is admin.   If Airwave trying to connect to Mobility Master using an admin account?

The alert message is "user not found".  But I'm trying to understand if/why Airwave is trying to access Mobility Master with an admin account.  As mentioned, the End-Host is the Airwave server and the Access device is the Mobility master.
Original Message:
Sent: Aug 04, 2022 03:29 PM
From: Dustin Burns
Subject: ClearPass REJECT

Could you share more? Perhaps screenshots of the access tracker records?

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Aug 04, 2022 03:26 PM
From: Peter Abene
Subject: ClearPass REJECT

I am seeing multiple REJECT messages in Asset Tracker.  The end-host Id is the Airwave server IP address and the Access device is the Mobility Master.  The username is admin.   If Airwave trying to connect to Mobility Master using an admin account?

Someone must have configured Airwave to query the Mobility Conductor with the account "admin". This can be found under the communication settings in airwave. This must be hitting a service that is not created to handle logins from airwave.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Aug 04, 2022 03:53 PM
From: Peter Abene
Subject: ClearPass REJECT

The alert message is "user not found".  But I'm trying to understand if/why Airwave is trying to access Mobility Master with an admin account.  As mentioned, the End-Host is the Airwave server and the Access device is the Mobility master.
Original Message:
Sent: Aug 04, 2022 03:29 PM
From: Dustin Burns
Subject: ClearPass REJECT

Could you share more? Perhaps screenshots of the access tracker records?

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Aug 04, 2022 03:26 PM
From: Peter Abene
Subject: ClearPass REJECT

I am seeing multiple REJECT messages in Asset Tracker.  The end-host Id is the Airwave server IP address and the Access device is the Mobility Master.  The username is admin.   If Airwave trying to connect to Mobility Master using an admin account?

You are right.  I went under Communication and selected edit for "aruba" from default credentials list and I see that there is a telnet/SSH username "admin".  What is the purpose of this account?  How do I stop this from querying the Mobility Conductor?

------------------------------
Peter
------------------------------

Original Message:
Sent: Aug 04, 2022 04:04 PM
From: Dustin Burns
Subject: ClearPass REJECT

Someone must have configured Airwave to query the Mobility Conductor with the account "admin". This can be found under the communication settings in airwave. This must be hitting a service that is not created to handle logins from airwave.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Aug 04, 2022 03:53 PM
From: Peter Abene
Subject: ClearPass REJECT

The alert message is "user not found".  But I'm trying to understand if/why Airwave is trying to access Mobility Master with an admin account.  As mentioned, the End-Host is the Airwave server and the Access device is the Mobility master.
Original Message:
Sent: Aug 04, 2022 03:29 PM
From: Dustin Burns
Subject: ClearPass REJECT

Could you share more? Perhaps screenshots of the access tracker records?

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Aug 04, 2022 03:26 PM
From: Peter Abene
Subject: ClearPass REJECT

I am seeing multiple REJECT messages in Asset Tracker.  The end-host Id is the Airwave server IP address and the Access device is the Mobility Master.  The username is admin.   If Airwave trying to connect to Mobility Master using an admin account?

Could it be that under Device Setup / Discover, you configured discovery scans? Those will do a credential scan with the default credentials and may be what you see.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Aug 04, 2022 04:12 PM
From: Peter Abene
Subject: ClearPass REJECT

You are right.  I went under Communication and selected edit for "aruba" from default credentials list and I see that there is a telnet/SSH username "admin".  What is the purpose of this account?  How do I stop this from querying the Mobility Conductor?

------------------------------
Peter

Original Message:
Sent: Aug 04, 2022 04:04 PM
From: Dustin Burns
Subject: ClearPass REJECT

Someone must have configured Airwave to query the Mobility Conductor with the account "admin". This can be found under the communication settings in airwave. This must be hitting a service that is not created to handle logins from airwave.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Aug 04, 2022 03:53 PM
From: Peter Abene
Subject: ClearPass REJECT

The alert message is "user not found".  But I'm trying to understand if/why Airwave is trying to access Mobility Master with an admin account.  As mentioned, the End-Host is the Airwave server and the Access device is the Mobility master.
Original Message:
Sent: Aug 04, 2022 03:29 PM
From: Dustin Burns
Subject: ClearPass REJECT

Could you share more? Perhaps screenshots of the access tracker records?

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Aug 04, 2022 03:26 PM
From: Peter Abene
Subject: ClearPass REJECT

I am seeing multiple REJECT messages in Asset Tracker.  The end-host Id is the Airwave server IP address and the Access device is the Mobility Master.  The username is admin.   If Airwave trying to connect to Mobility Master using an admin account?

I beleive you are correct.  I see that I created an "admin" telnet/SSH under Device Setup > Communication > Aruba (edit)

------------------------------
Peter
------------------------------

Original Message:
Sent: Aug 08, 2022 04:03 AM
From: Herman Robers
Subject: ClearPass REJECT

Could it be that under Device Setup / Discover, you configured discovery scans? Those will do a credential scan with the default credentials and may be what you see.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Aug 04, 2022 04:12 PM
From: Peter Abene
Subject: ClearPass REJECT

You are right.  I went under Communication and selected edit for "aruba" from default credentials list and I see that there is a telnet/SSH username "admin".  What is the purpose of this account?  How do I stop this from querying the Mobility Conductor?

------------------------------
Peter

Original Message:
Sent: Aug 04, 2022 04:04 PM
From: Dustin Burns
Subject: ClearPass REJECT

Someone must have configured Airwave to query the Mobility Conductor with the account "admin". This can be found under the communication settings in airwave. This must be hitting a service that is not created to handle logins from airwave.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Aug 04, 2022 03:53 PM
From: Peter Abene
Subject: ClearPass REJECT

The alert message is "user not found".  But I'm trying to understand if/why Airwave is trying to access Mobility Master with an admin account.  As mentioned, the End-Host is the Airwave server and the Access device is the Mobility master.
Original Message:
Sent: Aug 04, 2022 03:29 PM
From: Dustin Burns
Subject: ClearPass REJECT

Could you share more? Perhaps screenshots of the access tracker records?

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Aug 04, 2022 03:26 PM
From: Peter Abene
Subject: ClearPass REJECT

I am seeing multiple REJECT messages in Asset Tracker.  The end-host Id is the Airwave server IP address and the Access device is the Mobility Master.  The username is admin.   If Airwave trying to connect to Mobility Master using an admin account?