Frequent Contributor I

Filter Access Tracker - Unique Rejects

Hi All, I'm implementing MAC auth and a few devices are failing as expected. However, the AT is full of rejects, many of them the same devices and it is becoming a bit hard to weed through it. Is there a way to filter unique rejects? And then possibly only display rejects that have not changed to accepts? 


Thank you,



Guru Elite

Re: Filter Access Tracker - Unique Rejects

Depending on the NAD you’re using, you could send accepts and then blackhole them at the controller/AP/switch.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: Filter Access Tracker - Unique Rejects

Not sure you can get this from the access tracker directly...... you are going to see many MAC rejects- that's how they get to the captive portal page...


you could enable access to the insight database... setup some sql to grab users that had more than x number of rejects in a timeframe from the auth table with no success or perhaps a  join on radius_auth with radius_acct and select macs that only show up in radius_auth (ie never got a session, only rejects)


Hmm that could be interesting... but I think it'll still be many macs and no info about whom they belong too.... useful for a wall of shame perhaps?

Search Airheads
Showing results for 
Search instead for 
Did you mean: