Security

Good morning
On the Clearpass that I'm monitoring I need not to see the strings of the devices that have not authenticated with the mac address and that have simultaneously authenticated with 802.1x
I'm no expert with queries and wanted to know how to write a query in a custom data filter to achieve this goal

From your question, it's unclear to me what you exactly expect to see or what you want to do with that information. With 802.1X you normally don't have MAC authentication, but that may differ between wired/wireless and different brands.

Please work with your Aruba Partner or Aruba support, so you can explain what you want to achieve as you may not even need SQL queries for that.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jan 19, 2023 04:10 AM
From: StefanoPugliese
Subject: Access Tracker data filter - sql query

Good morning
On the Clearpass that I'm monitoring I need not to see the strings of the devices that have not authenticated with the mac address and that have simultaneously authenticated with 802.1x
I'm no expert with queries and wanted to know how to write a query in a custom data filter to achieve this goal

Original Message:
Sent: Jan 26, 2023 05:49 AM
From: Herman Robers
Subject: Access Tracker data filter - sql query

From your question, it's unclear to me what you exactly expect to see or what you want to do with that information. With 802.1X you normally don't have MAC authentication, but that may differ between wired/wireless and different brands.

Please work with your Aruba Partner or Aruba support, so you can explain what you want to achieve as you may not even need SQL queries for that.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jan 19, 2023 04:10 AM
From: StefanoPugliese
Subject: Access Tracker data filter - sql query

Good morning
On the Clearpass that I'm monitoring I need not to see the strings of the devices that have not authenticated with the mac address and that have simultaneously authenticated with 802.1x
I'm no expert with queries and wanted to know how to write a query in a custom data filter to achieve this goal

This works by design if your switches run concurrent onboarding (ArubaOS Switch or AOS-CX).

I don't think you can easily filter those out just for clients that do 802.1X; unless you filter out all REJECTS in an Access Tracker data filter (not tried, but should work); and I doubt you would want that as you would miss failed MAC Auths. Or filter just on the 802.1X service.

In general, you should not REJECT MAC Auth either, rather accept and return a very limited role or isolated VLAN, because you will see an ACCEPT instead of REJECT, and you have the possibility to CoA the client, which is not possible on a rejected client.

One other alternative is to run the MAC Auth only after 802.1X timed out, which is what many non-Aruba switches do, with the drawback that a non-802.1X client will only authenticate after the 802.1X timeout, which causes delays when those clients get on the network and may even break devices that give up DHCP if they don't get a response within a few seconds.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jan 27, 2023 08:37 AM
From: StefanoPugliese
Subject: Access Tracker data filter - sql query

In the attached file you will see the same mac-address once accepted with 802.1x and once rejected with mac-authentication
My goal is to remove from the Access Tracker the rejected mac-authentications if an accepted 802.1x has the same mac address

Original Message:
Sent: Jan 26, 2023 05:49 AM
From: Herman Robers
Subject: Access Tracker data filter - sql query

From your question, it's unclear to me what you exactly expect to see or what you want to do with that information. With 802.1X you normally don't have MAC authentication, but that may differ between wired/wireless and different brands.

Please work with your Aruba Partner or Aruba support, so you can explain what you want to achieve as you may not even need SQL queries for that.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jan 19, 2023 04:10 AM
From: StefanoPugliese
Subject: Access Tracker data filter - sql query

Good morning
On the Clearpass that I'm monitoring I need not to see the strings of the devices that have not authenticated with the mac address and that have simultaneously authenticated with 802.1x
I'm no expert with queries and wanted to know how to write a query in a custom data filter to achieve this goal