Wireless Access

last person joined: 20 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

This thread has been viewed 0 times

  • 1.  Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

    Posted Apr 12, 2013 08:29 AM
      |   view attached

    Hi Everyone,

     

    I was asked a particular question the other day and I couldn't answer it because I was not sure how Airwave treated user roles in the Client Session Report.

     

    This was what I was asked

    "Presumably any client who has an entry with a 'post authentication' role also at some previous point had an 'initial role'  so called session, however, there are literally 0 occurrences of the same MAC having the 2 separate roles on separate lines when we run the session report

     

    Is Airwave only using the last role?"

     

    AMP Report configuration:

    Under Client Sessions, only Session was chosen.

     

    Report

    ATTACHED

     

    So I guess the question is can we report on a user initially connected to the wireless and then processed a captive portal and received a post-authentication role.

     

    Use-case is coffee shops, marketing wants to know how many people initially associated and then processed the auth page to use the wifi service.

     

     



  • 2.  RE: Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

    EMPLOYEE
    Posted Apr 12, 2013 08:32 AM

    Airwave reads the user table at 5 minute intervals, so it is possible when airwave read the user table, the user was not in the logon role, just in the post-auth role.  You should just process users in the post-auth role and that will give an accurate picture.

     



  • 3.  RE: Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

    Posted Apr 12, 2013 08:56 AM

    Thx Colin.

     

    We can definitely do that but we have no way currently of knowing whether associated users turn into "customer" by accepting terms and conditions and going into a post-auth role.

     

     



  • 4.  RE: Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

    EMPLOYEE
    Posted Apr 12, 2013 08:58 AM

    pmonardo,

     

    Would the user be in the post-auth role unless they accepted the terms and conditions?

     



  • 5.  RE: Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

    Posted Apr 12, 2013 09:04 AM
    No they would not but the end customer wants to know how many associations
    turn into valid sessions (post-auth role).

    There is no way to track that since AMP polls every 5 min for client data.


  • 6.  RE: Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

    Posted Apr 12, 2013 09:56 AM
      |   view attached

    We are also seeing tons of sessions with "-" as a role.....

     

     

    Any ideas what this could be?



  • 7.  RE: Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

    EMPLOYEE
    Posted Apr 12, 2013 10:28 AM

    I'd be interested in knowing what the Auth Type and Auth Time are for these clients.  Most often, clients with a '-' role are unauthenticated (negative auth time is a 2nd way of confirming lack of auth), and typically have no usage.  This is often the case with traps as the trap doesn't always have a role line for clients. Role info is currently gathered through polling.



  • 8.  RE: Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

    Posted Apr 12, 2013 10:35 AM
    What do you need from me to show you?


  • 9.  RE: Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

    EMPLOYEE
    Posted Apr 12, 2013 11:19 AM

    On the client page:

    Filter for role '-'

    Columns to view: snmp source, assoc time, duration, auth type, auth time, usage

     

    You'll often see clients in '-' role when the SNMP source is a trap.

     

    role-.jpg

     

    Usage shouldn't be very high since it only constitutes auth requests and re-requests while the client is unauthenticated.



  • 10.  RE: Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

    Posted Apr 12, 2013 11:46 AM
      |   view attached

    Here you go

    Attached

     

    This is a snapshot of the 9000+ clients in Airwave like this out of 22k currently...

     



  • 11.  RE: Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

    EMPLOYEE
    Posted Apr 12, 2013 12:01 PM

    Looks like the majority are phones and tablets.  My guess from your snippet is that they are in / around the environment, but not fully associating.  You could create a catch-all role that gives no internet/network access to any devices that haven't accepted the terms after a set amount of time.  This would help you get a role label that you can easily create a filtered report on.  Another idea along the same lines is to give that role a captive portal that redirects client back to logon role if they desire to get on the network.



  • 12.  RE: Client Session Report and User Roles (initial and post-auth) can it report on a user who had both?

    Posted Apr 12, 2013 03:04 PM
    Let me take these ideas back and discuss with people here, you make very interesting points.

    Thanks again for your insights