Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

RE: clear pass analytics capability (or Aruba in general)

This thread has been viewed 0 times

  • 1.  RE: clear pass analytics capability (or Aruba in general)

    Posted Nov 15, 2014 01:21 AM

    hi,
    we have installed Controller, Airwave and ALE which is all working fine.
    We are currently looking at social wifi by Aruba clear pass.

    We are concerned about its analytics capability.

    From the documentation we are unsure about how to track:

    (sorry, this is one of our requirements)

     

    * client MAC using which AP mac to login to which site , and the site credential

    (facebook, twitter handle) and the time.

    * Statistic count and hours of online users who continue to browse during the day, ability to showcase when are the peak hours and non peak hours

    * Top ten listing of most visited sites on daily/weekly basis

    * Ability to work with VLAN based zoning with relevant statistic to display area of usage and history

     

    and lastly:

    * Ability to define and manage custom bandwidth profiles for different classes of wifi users.

     

     

     

    Aruba clear pass experts please help , thanks

     

     

     



  • 2.  RE: RE: clear pass analytics capability (or Aruba in general)

    EMPLOYEE
    Posted Nov 15, 2014 02:19 AM

    #1 Clearpass is a AAA tacaacs system. Is not designed to be an antilitlcs systems. There are many third party systems that already do that so it is not a major road plan item today and you will need to offload the data. 

     

    That being said you will still get alot of the information that you are looking for but you are better off Sysloging all the data off to a third party system to crunch the data. 

     

    See below for answers

     

    @apoapoapoapo wrote:

    hi,
    we have installed Controller, Airwave and ALE which is all working fine.
    We are currently looking at social wifi by Aruba clear pass.

    We are concerned about its analytics capability.

    From the documentation we are unsure about how to track:

    (sorry, this is one of our requirements)

     

    * client MAC using which AP mac to login to which site , and the site credential

    (facebook, twitter handle) and the time.

     

    With the social login built into CPPM you can track the mac/IP/and site and email that was used to login.

     

    * Statistic count and hours of online users who continue to browse during the day, ability to showcase when are the peak hours and non peak hours

     

    Clearpass is not a DPI system and it does not sit in line with the packets. You can record when they connected and how long they were on, but it will not tell you if data was passed at certian times. It can only give you a cumlitive data usage.

     

    * Top ten listing of most visited sites on daily/weekly basis

     

    Same as last question

     

    * Ability to work with VLAN based zoning with relevant statistic to display area of usage and history

     

    Again the data is all there you will just need to syslog the data off, also you should be able to get alot of that data out of airwave.

     

    and lastly:

    * Ability to define and manage custom bandwidth profiles for different classes of wifi users.

     

    Yes

     

     

     

    Aruba clear pass experts please help , thanks

     

     

     

     



  • 3.  RE: RE: clear pass analytics capability (or Aruba in general)

    Posted Nov 15, 2014 10:41 AM
    @tarnold wrote:

    #1 Clearpass is a AAA tacaacs system. Is not designed to be an antilitlcs systems. There are many third party systems that already do that so it is not a major road plan item today and you will need to offload the data. 

     

    That being said you will still get alot of the information that you are looking for but you are better off Sysloging all the data off to a third party system to crunch the data. 

     

    See below for answers

     

    @apoapoapoapo wrote:

    hi,
    we have installed Controller, Airwave and ALE which is all working fine.
    We are currently looking at social wifi by Aruba clear pass.

    We are concerned about its analytics capability.

    From the documentation we are unsure about how to track:

    (sorry, this is one of our requirements)

     

    * client MAC using which AP mac to login to which site , and the site credential

    (facebook, twitter handle) and the time.

     

    With the social login built into CPPM you can track the mac/IP/and site and email that was used to login.

     

    * Statistic count and hours of online users who continue to browse during the day, ability to showcase when are the peak hours and non peak hours

     

    Clearpass is not a DPI system and it does not sit in line with the packets. You can record when they connected and how long they were on, but it will not tell you if data was passed at certian times. It can only give you a cumlitive data usage.

     

    * Top ten listing of most visited sites on daily/weekly basis

     

    Same as last question

     

    * Ability to work with VLAN based zoning with relevant statistic to display area of usage and history

     

    Again the data is all there you will just need to syslog the data off, also you should be able to get alot of that data out of airwave.

     

    and lastly:

    * Ability to define and manage custom bandwidth profiles for different classes of wifi users.

     

    Yes

     

     

     

    Aruba clear pass experts please help , thanks

     

     

     

     

     

     

    Thanks both, your replies were very userful to us. I assume I can find syslog options

    under Administrator tab ? I am looking at this documentation from Aruba titled

    "How-To: ClearPass Guest Social Logins"   but havn't seen anything about logging yet.


     

    thanks

     

     



  • 4.  RE: RE: clear pass analytics capability (or Aruba in general)

    EMPLOYEE
    Posted Nov 15, 2014 10:43 AM
    There's not documentation for what I did right now.

    You use the Loggly's XML API to send the data after each social authentication. I'll post a sample later when I'm near my laptop.


  • 5.  RE: RE: clear pass analytics capability (or Aruba in general)

    EMPLOYEE
    Posted Nov 15, 2014 07:04 AM
    You can configure ClearPass to send data to services like Loggly which can aggregate the data and provide charts and reports.

    For example, I have social network, ap location, mac address, device type and authentication time being sent to Loggly where I have created custom dashboards showing unique users per hour, device breakdown and social network breakdown.

    This is the beauty of ClearPass Exchange and open APIs.


  • 6.  RE: RE: clear pass analytics capability (or Aruba in general)

    Posted Nov 15, 2014 05:28 PM
    we use Splunk to produce and consolidate all this info . You get this syslog info out of ClearPass via export filters. If there is something the standard ones don't give you, you can write your own. Fairly simple process. Also ask your partner/contact about the Splunk tools Aruba are working on. They are well worth a look


  • 7.  RE: RE: clear pass analytics capability (or Aruba in general)

    Posted Nov 15, 2014 08:43 PM
    I posted the ClearPass for Splunk App to the Splunk App Store about two weeks ago.

    https://apps.splunk.com/app/1895/


    If you get to try it out, send me any feedback you have.



    Please excuse my errors as sent using my small useless keyboard on my smartphone.