Security

last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

This thread has been viewed 1 times

  • 1.  CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

    Posted Jan 12, 2017 02:29 PM
      |   view attached

    Hi Everyone, I'm testing CPPM with Aruba wireless 802.1X, have a windows client connected to the IAP and I was checking the Access Tracker Logs and found out that every minute the PC is doing an authentication, is this normal? I'm using Active Directory as the Authentication source and EAP-PEAP



  • 2.  RE: CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

    Posted Jan 13, 2017 11:04 AM

    Hi,

     

    have a look to the reauth interval value ?

     

    reauth.png



  • 3.  RE: CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

    Posted Jan 13, 2017 11:15 AM

    Yes Is setup at 0 hrs, the same as your picutre, the weird thing is that 3 more devices are connected to the SSID and only the windows PC is reauthenticating every minute.



  • 4.  RE: CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

    Posted Jan 13, 2017 11:50 AM

    Ok, those other devices are hitting the same dot1x service ?
    Is it in the same role ? 

    Please share IAP config + Switch port




  • 5.  RE: CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

    Posted Jan 13, 2017 12:10 PM

    Yes, they're using unrestricted Access because they authentication with Clearpass and Active directory. The siwtchport is in trunk mode on the switch.  



  • 6.  RE: CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

    EMPLOYEE
    Posted Jan 13, 2017 12:13 PM
    Ozk@r wrote:

    Yes, they're using unrestricted Access because they authentication with Clearpass and Active directory. The siwtchport is in trunk mode on the switch.  

    Try turning off Authentication Survivability.  Also turn off accounting.  Is there a reason why accounting is every minute?



  • 7.  RE: CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

    Posted Jan 13, 2017 12:24 PM
    @cjoseph wrote:
    Ozk@r wrote:

    Yes, they're using unrestricted Access because they authentication with Clearpass and Active directory. The siwtchport is in trunk mode on the switch.  

    Try turning off Authentication Survivability.  Also turn off accounting.  Is there a reason why accounting is every minute?

    Hi Joseph, I use a tutorial video on Youtube, that's why I configured 1 minute in the Accounting interval, is there a best practice on the amount of minutes? 



  • 8.  RE: CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

    EMPLOYEE
    Posted Jan 13, 2017 12:31 PM

    I don't think that is a best practice.  You are sending accounting information to a radius server for all of your clients every minute.  What is your goal?



  • 9.  RE: CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

    EMPLOYEE
    Posted Jan 13, 2017 12:31 PM

    I don't think that is a best practice.  You are sending accounting information to a radius server for all of your clients every minute.  What is your goal?



  • 10.  RE: CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

    Posted Jan 13, 2017 12:42 PM
    @cjoseph wrote:

    I don't think that is a best practice.  You are sending accounting information to a radius server for all of your clients every minute.  What is your goal?

    I'm really new to CPPM, as I undestand accounting give CPPM session reports on the authenticate devices correct?, can this be disable on the IAP?. 



  • 11.  RE: CPPM 6.6 Access Tracker(Login Status) is refreshing every minute
    Best Answer

    EMPLOYEE
    Posted Jan 13, 2017 12:50 PM

    If you are just authenticating the devices, you do not need accounting.  Even if you are using accounting information, every 5 minutes would be more reasonable and is the default on other platforms.  Nobody needs one minute granularity.

     

    I was asking you to disable accounting and survivability, so that we could narrow down your issue.



  • 12.  RE: CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

    Posted Jan 13, 2017 01:02 PM
    @cjoseph wrote:

    If you are just authenticating the devices, you do not need accounting.  Even if you are using accounting information, every 5 minutes would be more reasonable and is the default on other platforms.  Nobody needs one minute granularity.

     

    I was asking you to disable accounting and survivability, so that we could narrow down your issue.

    Gottcha, Thanks for the advise, I will go ahead and disable both Accounting and Survivability, and will post the results.



  • 13.  RE: CPPM 6.6 Access Tracker(Login Status) is refreshing every minute

    Posted Jan 19, 2017 12:23 PM

    Thanks a lot for your help, I resolved the problem by extending the accounting time, now is working.