Security

As the title says, I see devices that appear to be authenticating against CPPM multiple times in the span of minutes. The attached screenshot shows my iPad hitting CPPM on a Sunday morning. I was the only one at work, so all of those entries in the access tracker are from my one device.

 

My questions are the following:

1 - Does each entry in the access tracker correlate to an authentication request?

2 - If so, based on this screenshot why would my iPad be attempting to authenticate against CPPM so often?

3 - What could be configured to correct this? Mac auth?

1) Yes

2) What generation iPad? It could be going to sleep and completely turnng its radio off.

3) Why do you want to correct it? There's nothing wrong with what's happening.

It's whatever the latest gen iPad is. I can't keep track anymore, they all look/work the same. :)

 

I had assumed that maybe something was configured wrong as the access tracker shows auth attempts within seconds of other auth attempts. I'm still very new to CPPM so I'm learning how these things actually work while going live with our deployment.

 

How many of these access requests can the 25K HW appliance handle at a time?

Try and see if you see the same behavior during the day when people are actively using the devices.

The HW 25k can (in theory) do between 250 and 300 authentications per second.

Sent from Surface Pro 3

All clear pass is doing is responding to the auth requests that are coming in from the NAS devices. I've see this before where the device is in a spot that is between two APs and the devices cant decide which one to stay on.

What are the APs. Aruba, Cisco etc and are they instant, controller based?

We're a new Aruba deployment, so this testing is being done in my office lab (one AP225, 7220, 25k HW appliance).

 

The attached screen is an iPhone 4S. It hit CPPM like 10 times in the span of a minute. This took place right after the phone was connected to our 802.1x SSID, so it wasn't sleep/idle/low power mode.

 

Other devices in the lab are showing multiple auth requests, but not nearly as often. Is this specific to Apple devices?

#AP225
#7220

Just an update, in case other people are seeing something similar on their Aruba controller/CPPM setups.

 

Had TAC on the phone for another issue in CPPM and they noticed in the access tracker that certain users appeared to be sending auth requests repeatedly (some displayed multiple reqs at the exact same second). Via the controller CLI we verified via the auth trace buffer that despite its appearance only one auth request was being sent after radius accept. Everything appears to be working as it should.

 

I'm going to test this some more with iDevices as they seem to be the ones that are showing multiple auth reqs in CPPM. If I figure anything out I'll be sure to update this thread. :)

What you see in access tracker is simply the requests that had been sent to CPPM from the NAS-IP so modify your settings on NAS and you may got what yo are looking for.