Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Filter Access Tracker - Unique Rejects

This thread has been viewed 0 times

  • 1.  Filter Access Tracker - Unique Rejects

    Posted Apr 05, 2017 11:00 AM

    Hi All, I'm implementing MAC auth and a few devices are failing as expected. However, the AT is full of rejects, many of them the same devices and it is becoming a bit hard to weed through it. Is there a way to filter unique rejects? And then possibly only display rejects that have not changed to accepts? 

     

    Thank you,

     

    -n



  • 2.  RE: Filter Access Tracker - Unique Rejects

    EMPLOYEE
    Posted Apr 05, 2017 11:18 AM
    Depending on the NAD you’re using, you could send accepts and then blackhole them at the controller/AP/switch.


  • 3.  RE: Filter Access Tracker - Unique Rejects

    Posted Apr 05, 2017 11:26 AM

    Not sure you can get this from the access tracker directly...... you are going to see many MAC rejects- that's how they get to the captive portal page...

     

    you could enable access to the insight database... setup some sql to grab users that had more than x number of rejects in a timeframe from the auth table with no success or perhaps a  join on radius_auth with radius_acct and select macs that only show up in radius_auth (ie never got a session, only rejects)

     

    Hmm that could be interesting... but I think it'll still be many macs and no info about whom they belong too.... useful for a wall of shame perhaps?