Network Management

last person joined: yesterday 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

Airwave question about connected user graphs

This thread has been viewed 2 times

  • 1.  Airwave question about connected user graphs

    Posted Jan 29, 2014 12:36 PM

    Can anyone tell me whether the number of clients displayed in the "Clients" graph (Home tab) includes ONLY authenticated clienst or does it also contain devices which are in the pre-auth role?

     

    This is in the context of our open (CP) SSID on campus. We're actually trying to get a sense of how many devices are sitting in the pre-auth role with no intention of authenticating. Knowing this will help us determine whether too many devices are eating up limited IPv4 addresses and that we need to consider a diferent approach.

     

    Thanks,

    Mike



  • 2.  RE: Airwave question about connected user graphs

    EMPLOYEE
    Posted Jan 29, 2014 12:53 PM

    Mdickson,

     

    That list contains any devices in the user table which are in the pre-auth role, as well.

     

    You probably want to run a Daily Client session report by role to see the breakdown for the period.  You should enable "session data by role" and then also report only on the SSID you want information about.



  • 3.  RE: Airwave question about connected user graphs

    Posted Jan 29, 2014 01:37 PM

    Thanks Colin,

     

    I ran the report against our open (CP) SSID and am not sure how to interpret the results.
    I'm attaching an image of the Role breakdown.

     

    Ultimately I want to learn what percentage of devices on campus stay in the pre-auth role and never move into the post-auth role.

     

    Screen Shot 2014-01-29 at 1.31.00 PM.png



  • 4.  RE: Airwave question about connected user graphs

    EMPLOYEE
    Posted Jan 29, 2014 01:40 PM

    At minimum, 7870 did not progress pass the pre-auth role in that period.  The role with the dash, means that we did not have role information when we polled the controller at the time.  I have to check on that to see what else that could mean...



  • 5.  RE: Airwave question about connected user graphs

    Posted Jan 29, 2014 02:01 PM

    Usually the dash means that information came via SNMP-Trap and the trap itself doesn't contain role information if I am not mistaken

     



  • 6.  RE: Airwave question about connected user graphs

    EMPLOYEE
    Posted Jan 29, 2014 02:05 PM

    Pasquale,

     

    Thank you!



  • 7.  RE: Airwave question about connected user graphs

    Posted Jan 29, 2014 02:19 PM

    This report was run from "24 hours ago" until "now.

     

    If I understand correctly that means at least 7870 devices (32.08%) sat in the CP pre-auth role for the last 24 hours and never went on to the authneticated role..never logged in.

     

    One might conclude users of these devices have no intention of logging in via captive portal. According to the report the majority of these devices are iPhones and Androids. One might further conclude that these devices are using cellular data or pwerhaps our 802.1x ssid (is there a fast way in Airwave to check whether these devices that are "sitting-in-pre-auth" are actually using our 802.1x ssid?).

     

    A question comes to mind. Leaping ahead to where this info is leading us, has anyone  taken the step of blocking smartphone access  on the open ssid and explaining to users that they can either configure for 802.1x or use cellular data when on campus?

     

    This is all in the context of trying to better utilize limited IPv4 space on our wireless network.

     

    Mike



  • 8.  RE: Airwave question about connected user graphs

    Posted Jan 29, 2014 02:26 PM
    @mldickson wrote:

    This report was run from "24 hours ago" until "now.

     

    If I understand correctly that means at least 7870 devices (32.08%) sat in the CP pre-auth role for the last 24 hours and never went on to the authneticated role..never logged in.

     

    One might conclude users of these devices have no intention of logging in via captive portal. According to the report the majority of these devices are iPhones and Androids. One might further conclude that these devices are using cellular data or pwerhaps our 802.1x ssid (is there a fast way in Airwave to check whether these devices that are "sitting-in-pre-auth" are actually using our 802.1x ssid?).

     

    A question comes to mind. Leaping ahead to where this info is leading us, has anyone  taken the step of blocking smartphone access  on the open ssid and explaining to users that they can either configure for 802.1x or use cellular data when on campus?

     

    This is all in the context of trying to better utilize limited IPv4 space on our wireless network.

     

    Mike

    @mldickson

     

    >>If I understand correctly that means at least 7870 devices (32.08%) sat in the CP pre-auth role for the last 24 hours and never went on to the authneticated role..never logged in.

     

    Actually this means that within the 24-hour period for this reporting time, 7870 users were found to be in the CP pre-auth role never actually going into the post-auth role.

     

    >One might conclude users of these devices have no intention of logging in via captive portal. According to the report the majority of these devices are iPhones and Androids. One might further conclude that these devices are using cellular data or pwerhaps our 802.1x ssid (is there a fast way in Airwave to check whether these devices that are "sitting-in-pre-auth" are actually using our 802.1x ssid?).

     

    Does the 802.1x SSID provide captive portal? If so, yes a pre-auth role is definitely assigned to the user.

    You can run a client session report against that SSID only and filter on the pre-auth role to see how many users you have.

     

    >>A question comes to mind. Leaping ahead to where this info is leading us, has anyone  taken the step of blocking smartphone access  on the open ssid and explaining to users that they can either configure for 802.1x or use cellular data when on campus?

     

    See this thread for some more information on how to do this as it is possible.

    http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/How-can-I-filter-smart-phones-from-connecting-to-my-WLAN/m-p/111101/highlight/true#M23821

     

     

     



  • 9.  RE: Airwave question about connected user graphs

    Posted Jan 29, 2014 03:42 PM
    @pmonardo wrote:

    @mldickson

     

    >>If I understand correctly that means at least 7870 devices (32.08%) sat in the CP pre-auth role for the last 24 hours and never went on to the authneticated role..never logged in.

     

    Actually this means that within the 24-hour period for this reporting time, 7870 users were found to be in the CP pre-auth role never actually going into the post-auth role.

     

    >One might conclude users of these devices have no intention of logging in via captive portal. According to the report the majority of these devices are iPhones and Androids. One might further conclude that these devices are using cellular data or pwerhaps our 802.1x ssid (is there a fast way in Airwave to check whether these devices that are "sitting-in-pre-auth" are actually using our 802.1x ssid?).

     

    Does the 802.1x SSID provide captive portal? If so, yes a pre-auth role is definitely assigned to the user.

    You can run a client session report against that SSID only and filter on the pre-auth role to see how many users you have.

     

    >>A question comes to mind. Leaping ahead to where this info is leading us, has anyone  taken the step of blocking smartphone access  on the open ssid and explaining to users that they can either configure for 802.1x or use cellular data when on campus?

     

    See this thread for some more information on how to do this as it is possible.

    http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/How-can-I-filter-smart-phones-from-connecting-to-my-WLAN/m-p/111101/highlight/true#M23821