SlideShare a Scribd company logo

Adapting to evolving user, security, and business needs with aruba clear pass

Download as PPTX, PDF
Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company

After your successful ClearPass deployment, how will you know if it's still performing properly? In this session, you'll leran how to use our built-in dashboard, logging and trending tools to identify problem areas, and reasonable threshold levels related to authentications, as well as overall appliance performance numbers. See how to turn on and use proactive notifications before problems occur that can keep users from connecting. Hear about best-practices for operationalizing ClearPass as the growth of devices, authentications, and collected data increases.

Technology
1 of 25
#ATM16 Adapting to evolving user, security, and business needs with Aruba ClearPass Troy Arnold John Cox Rajesh Ramireddy March 9th, 2016 @ArubaNetworks |
2#ATM16 Proactive Monitoring @ArubaNetworks |
3#ATM16 Dashboard Overview –Dashboard Layout and Widgets allow administrators to view summarized data in efficient way. @ArubaNetworks |
4#ATM16 New Dashboard Widgets – Endpoint Profiler Summary – MDM Discovery Summary – OnGuard Clients Summary @ArubaNetworks |
5#ATM16 Analysis and Trending –Analysis and Trending graphs provide insight into the authentication load on the Server and pattern of authentications - like successful versus failed authentications @ArubaNetworks |
6#ATM16 System Monitor –System monitor provides insight into the performance metrics of the CPPM Server in-terms of the CPU, Disk, Memory utilization and the duration of the request processing. @ArubaNetworks |
7#ATM16 Access Tracker –Troubleshooting user authentication issues starts with Access tracker on CPPM – this holds large chunk of information for analysis and narrowing down issues @ArubaNetworks |
8#ATM16 Alerts Messages @ArubaNetworks | Error Code Error Type Cause Resolution 206 Access denied by policy User was denied access based on configured policies Verify the Enforcement Policy rules. 101 Failed to perform service classification Clearpass failed to find an appropriate service for the authentication request Verify the incoming access request parameters against service classification rules. 201 User not found The user was not found in the authentication source Verify the authentication source about the user entry. 216 User authentication failed Incorrect username/password Request the user to double-check credentials. 225 User account disabled User account disabled in Guest DB Enable user account in Guest database. 203 Failed to contact AuthSource Authentication source did not respond in a timely manner. Verify that the authentication source (AD/LDAP/Token Server/etc) is active and can be reached by Clearpass. 9002 Request timed out Client did not respond to the authentication request. Request user to respond with a username/password/certificate credentials when prompted. Or client didn’t complete EAP transaction due to roaming etc.. 9015 Client does not support configured EAP methods Client's network configuration is incorrect Request client to verify settings based on the network requirements. 215 EAP-TLS: fatal alert by client - bad_certificate Client's network configuration is incorrect Request user to click “OK” when prompted to trust the certificate. 215 EAP-TLS: fatal alert by server - unknown_ca Clearpass reject authentication as to client certificate validation failed. Request to verify the trust list setting and OCSP/CRL settings.
9#ATM16 Event Viewer –This page provides reports about system-level alerts and should be looked at for any Major issues on the Server as it holds information about Critical events. @ArubaNetworks |
10#ATM16 Audit Viewer –Use the Audit Viewer to confirm any recent changes made to server configuration. @ArubaNetworks |
11#ATM16 Insight – An Advanced Analytics/Reporting App Delivers enhanced analytics, in-depth reporting, alerting and significant gains when addressing compliance and regulatory overhead. It provides the ability to track detailed authentication records, audit trails, and develop systematic reports on network-access trends. – Insight Report: Reporting functionality in Insight helps us to monitor the pattern of authentications, context, health and proactively identify issues based on the reports. It can be used in real-time analytics, as well as the ability to look into the past to satisfy historical analysis and compliance needs. – Templates for report: Insight includes several ready-to-use pre-configured templates that help reduce the time associated with creating custom reports. The templates guide users through the process of capturing data for a number of use cases with minimal configuration. – In-depth Analytics. Insight uses a powerful analytics engine that mines network access logs in order to generate trending report on various parameters. Network managers can utilize these trends to get an overview of authentication and access activity, elaborate client access distribution, load-averages, and analyze authentication traffic flow through various network devices – Alerts. Insight can generate near real-time alerts on anomalous network activity. Network managers can configure alerts based on a number of various parameters. Alerts can be delivered via SMS or e-mail notification to multiple recipients to prompt action. We have pre-configured alerts, watchlist, folderview of alerts, ability to edit/clone alerts in 6.6. – Insight Search: Deep dive context for user, client, ClearPass server and NAD @ArubaNetworks |
12#ATM16 Best Practices @ArubaNetworks |
13#ATM16 Scheduled Backup of configuration ClearPass Policy Manager provides the ability to push scheduled data securely to an external server using SFTP and SCP protocols. @ArubaNetworks |
14#ATM16 Cluster Wide Parameters – Auto backup settings should be set to “Off” or “Config" – Session log details retention – 3 day default – Known Endpoint clean up interval – Review and setup if appropriate. Depends on the nature of the deployment. – Unknown Endpoint clean up interval – Recommend that this is enabled. We suggest 7 as a default. – Expired Guest account clean up interval – Review and set value depending on the nature of deployment. We suggest 30 days. – Profiled Unknown Endpoint clean up interval – We suggest 7 as the default. – Audit records clean up interval – 7 days – Configure Alert Notification email/SMS. – Insight Data Retention – 30 days @ArubaNetworks |
15#ATM16 To address issues related to AD authentication – Authentication error MSCHAP: AD status: Named pipe disconnected – Radius/Domain services stops frequently. Recommendations: – Join ClearPass to domain controller which is available locally. – Use AD password servers to configure backup DCs. – Configure AD errors recovery action. CPPM excludes the following errors from AD errors which are used for Recovery actions. 0xC000006D - STATUS_LOGON_FAILURE, 0xC000006E - STATUS_ACCOUNT_RESTRICTION, 0xC000006F - STATUS_INVALID_LOGON_HOURS, 0xC0000071 - STATUS_PASSWORD_EXPIRED, 0xC0000072 - STATUS_ACCOUNT_DISABLED, 0xC0000064 - STATUS_NO_SUCH_USER, 0xC000006C - STATUS_PASSWORD_RESTRICTION, 0xC000006A - STATUS_WRONG_PASSWORD, 0xC0000193 - STATUS_ACCOUNT_EXPIRED, 0xC0000234 - STATUS_ACCOUNT_LOCKED_OUT, 0xC0000224 - STATUS_PASSWORD_MUST_CHANGE @ArubaNetworks |
16#ATM16 Enabling debug and collecting logs – Enable debug for appropriate service. – Perform test authentication/activity and collect logs. – Collect the necessary data from server/client. (Access tracker dashboard details, client OnGuard logs ..) – Restore the log level to default when finished troubleshooting. @ArubaNetworks |
17#ATM16 Case Study @ArubaNetworks |
18#ATM16 Authentication timeout issues –We may come across situations where all the user authentications or the majority of the user authentications fail due to timeouts – Sometimes this may be due to CPPM running out of RADIUS threads to process the requests –The system starts working fine after either restarting the services or the server, but you would encounter issue again encounter after some time @ArubaNetworks |
19#ATM16 Authentication timeout issues Cause –We have observed this issues in many instances where ClearPass receives delayed response from AD, which causes the queue to pile up and reach the maximum threads allotted for the server. –All the requests that arrive will be timed out as there are no threads to process the request against AD. –We also need to look at the load on the ClearPass server to see if it is within the handling capacity of the particular server model (500/5k/25k) and if there is a huge increase in the load on the server at the time when the issue triggered. @ArubaNetworks |
20#ATM16 Authentication timeout issues Troubleshooting – We need to check the Access Tracker for the user requests before the failure and verify the AD user lookup time is within few milliseconds and not in few seconds. We have noticed that a delayed response time of ~2 seconds from AD results in exhaustion of all the available threads which quickly causes an issue – We can also look at an individual request/response from the AD server in the samba logs in ClearPass to confirm when the request was sent and response received. [2015/11/16 14:22:06.202241, 3, pid=17583] winbindd/winbindd_pam.c:1834(winbindd_dual_pam_auth_crap) [ 2277]: pam auth crap domain: STAR user: Monica Hermosilla [2015/11/16 14:22:17.501540, 2, pid=17583] winbindd/winbindd_pam.c:1939(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [STAR][Monica Hermosilla] returned NT_STATUS_LOGON_FAILURE (PAM: 7) @ArubaNetworks |
21#ATM16 Authentication timeout issues @ArubaNetworks |
22#ATM16 Authentication timeout issues @ArubaNetworks |
23#ATM16 Solving Authentication Timeout Issues Recommendations – AD end delays could be caused due to multiple reasons: – starting from performance issues on the server, replication issues with other domain controllers or even due to network related issues. – Extensive logging and capturing of packets on the AD server can help determine the amount of delay in responding to requests – We also need to make sure there is no network lag induced if the servers are at different physical locations. It is recommended to join the ClearPass servers to a Local DC to avoid this situation. @ArubaNetworks |
24#ATM16 Join Aruba’s Titans of Tomorrow force in the fight against network mayhem. Find out what your IT superpower is. Share your results with friends and receive a free superpower t-shirt. www.arubatitans.com
Thank you

Recommended

Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Aruba, a Hewlett Packard Enterprise company
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
Campus Network Design version 8
Campus Network Design version 8Campus Network Design version 8
Campus Network Design version 8
Aruba, a Hewlett Packard Enterprise company
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility Controllers
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
Aruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
Aruba, a Hewlett Packard Enterprise company
 

Recommended

Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Aruba, a Hewlett Packard Enterprise company
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
Campus Network Design version 8
Campus Network Design version 8Campus Network Design version 8
Campus Network Design version 8
Aruba, a Hewlett Packard Enterprise company
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility Controllers
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
Aruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
Aruba, a Hewlett Packard Enterprise company
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference Design
Aruba, a Hewlett Packard Enterprise company
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass Workshop
Aruba, a Hewlett Packard Enterprise company
 
Campus Redundancy Models
Campus Redundancy ModelsCampus Redundancy Models
Campus Redundancy Models
Aruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOS
Aruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentals
Aruba, a Hewlett Packard Enterprise company
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
JoAnna Cheshire
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Aruba, a Hewlett Packard Enterprise company
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
Aruba, a Hewlett Packard Enterprise company
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass Workshop
Aruba, a Hewlett Packard Enterprise company
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI NavigationEMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
Aruba, a Hewlett Packard Enterprise company
 
RAP Networks Validated Reference Design
RAP Networks Validated Reference DesignRAP Networks Validated Reference Design
RAP Networks Validated Reference Design
Aruba, a Hewlett Packard Enterprise company
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming Devices
Aruba, a Hewlett Packard Enterprise company
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter lane
Aruba, a Hewlett Packard Enterprise company
 
Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3
Aruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
Aruba, a Hewlett Packard Enterprise company
 
Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
Aruba, a Hewlett Packard Enterprise company
 

More Related Content

What's hot

Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
Aruba, a Hewlett Packard Enterprise company
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming Devices
Aruba, a Hewlett Packard Enterprise company
 

What's hot (20)

Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference Design
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass Workshop
 
Campus Redundancy Models
Campus Redundancy ModelsCampus Redundancy Models
Campus Redundancy Models
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOS
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentals
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client Troubleshooting
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass Workshop
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
 
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI NavigationEMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
 
RAP Networks Validated Reference Design
RAP Networks Validated Reference DesignRAP Networks Validated Reference Design
RAP Networks Validated Reference Design
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming Devices
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter lane
 
Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 

Similar to Adapting to evolving user, security, and business needs with aruba clear pass

EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
Aruba, a Hewlett Packard Enterprise company
 
Insta Serv A Conceptual Simplified Oss Architecture
Insta Serv A Conceptual Simplified Oss ArchitectureInsta Serv A Conceptual Simplified Oss Architecture
Insta Serv A Conceptual Simplified Oss Architecture
Indranil Roychowdhury
 
Choosing the Best Approach for Monitoring Citrix User Experience: Should You ...
Choosing the Best Approach for Monitoring Citrix User Experience: Should You ...Choosing the Best Approach for Monitoring Citrix User Experience: Should You ...
Choosing the Best Approach for Monitoring Citrix User Experience: Should You ...
eG Innovations
 
Mafiree Services 2016 (1)
Mafiree Services 2016 (1)Mafiree Services 2016 (1)
Mafiree Services 2016 (1)
linyashaalu
 

Similar to Adapting to evolving user, security, and business needs with aruba clear pass (20)

Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...Mobile Experience Management and Network Services Health Check with Aruba Air...
Mobile Experience Management and Network Services Health Check with Aruba Air...
 
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
 
Securing the LAN Best practices to secure the wired access network
Securing the LAN Best practices to secure the wired access networkSecuring the LAN Best practices to secure the wired access network
Securing the LAN Best practices to secure the wired access network
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
 
PCI DSS Scoping and Applicability
PCI DSS Scoping and ApplicabilityPCI DSS Scoping and Applicability
PCI DSS Scoping and Applicability
 
NetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings rightNetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings right
 
Deep visibility to secure network access with aruba ClearPass Insight
Deep visibility to secure network access with aruba ClearPass InsightDeep visibility to secure network access with aruba ClearPass Insight
Deep visibility to secure network access with aruba ClearPass Insight
 
SQL Server ASYNC_NETWORK_IO Wait Type Explained
SQL Server ASYNC_NETWORK_IO Wait Type ExplainedSQL Server ASYNC_NETWORK_IO Wait Type Explained
SQL Server ASYNC_NETWORK_IO Wait Type Explained
 
PIW ISE best practices
PIW ISE best practicesPIW ISE best practices
PIW ISE best practices
 
Insta Serv A Conceptual Simplified Oss Architecture
Insta Serv A Conceptual Simplified Oss ArchitectureInsta Serv A Conceptual Simplified Oss Architecture
Insta Serv A Conceptual Simplified Oss Architecture
 
Resilient Predictive Data Pipelines (QCon London 2016)
Resilient Predictive Data Pipelines (QCon London 2016)Resilient Predictive Data Pipelines (QCon London 2016)
Resilient Predictive Data Pipelines (QCon London 2016)
 
Performance vision Version 2.15 news
Performance vision Version 2.15 newsPerformance vision Version 2.15 news
Performance vision Version 2.15 news
 
EPG PGW SAPC SACC PISC Configuration
EPG PGW SAPC SACC PISC ConfigurationEPG PGW SAPC SACC PISC Configuration
EPG PGW SAPC SACC PISC Configuration
 
Choosing the Best Approach for Monitoring Citrix User Experience: Should You ...
Choosing the Best Approach for Monitoring Citrix User Experience: Should You ...Choosing the Best Approach for Monitoring Citrix User Experience: Should You ...
Choosing the Best Approach for Monitoring Citrix User Experience: Should You ...
 
MariaDB MaxScale
MariaDB MaxScaleMariaDB MaxScale
MariaDB MaxScale
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
Export flows, group traffic, map application traffic and more: NetFlow Analyz...
Export flows, group traffic, map application traffic and more: NetFlow Analyz...Export flows, group traffic, map application traffic and more: NetFlow Analyz...
Export flows, group traffic, map application traffic and more: NetFlow Analyz...
 
EMEA Airheads ClearPass guest with MAC- caching using Time Source
EMEA Airheads ClearPass guest with MAC- caching using Time SourceEMEA Airheads ClearPass guest with MAC- caching using Time Source
EMEA Airheads ClearPass guest with MAC- caching using Time Source
 
Opmanager Workshop - Middle East
Opmanager Workshop - Middle EastOpmanager Workshop - Middle East
Opmanager Workshop - Middle East
 
Mafiree Services 2016 (1)
Mafiree Services 2016 (1)Mafiree Services 2016 (1)
Mafiree Services 2016 (1)
 

More from Aruba, a Hewlett Packard Enterprise company

More from Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access Point
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Adapting to evolving user, security, and business needs with aruba clear pass

  • 1. #ATM16 Adapting to evolving user, security, and business needs with Aruba ClearPass Troy Arnold John Cox Rajesh Ramireddy March 9th, 2016 @ArubaNetworks |
  • 3. 3#ATM16 Dashboard Overview –Dashboard Layout and Widgets allow administrators to view summarized data in efficient way. @ArubaNetworks |
  • 4. 4#ATM16 New Dashboard Widgets – Endpoint Profiler Summary – MDM Discovery Summary – OnGuard Clients Summary @ArubaNetworks |
  • 5. 5#ATM16 Analysis and Trending –Analysis and Trending graphs provide insight into the authentication load on the Server and pattern of authentications - like successful versus failed authentications @ArubaNetworks |
  • 6. 6#ATM16 System Monitor –System monitor provides insight into the performance metrics of the CPPM Server in-terms of the CPU, Disk, Memory utilization and the duration of the request processing. @ArubaNetworks |
  • 7. 7#ATM16 Access Tracker –Troubleshooting user authentication issues starts with Access tracker on CPPM – this holds large chunk of information for analysis and narrowing down issues @ArubaNetworks |
  • 8. 8#ATM16 Alerts Messages @ArubaNetworks | Error Code Error Type Cause Resolution 206 Access denied by policy User was denied access based on configured policies Verify the Enforcement Policy rules. 101 Failed to perform service classification Clearpass failed to find an appropriate service for the authentication request Verify the incoming access request parameters against service classification rules. 201 User not found The user was not found in the authentication source Verify the authentication source about the user entry. 216 User authentication failed Incorrect username/password Request the user to double-check credentials. 225 User account disabled User account disabled in Guest DB Enable user account in Guest database. 203 Failed to contact AuthSource Authentication source did not respond in a timely manner. Verify that the authentication source (AD/LDAP/Token Server/etc) is active and can be reached by Clearpass. 9002 Request timed out Client did not respond to the authentication request. Request user to respond with a username/password/certificate credentials when prompted. Or client didn’t complete EAP transaction due to roaming etc.. 9015 Client does not support configured EAP methods Client's network configuration is incorrect Request client to verify settings based on the network requirements. 215 EAP-TLS: fatal alert by client - bad_certificate Client's network configuration is incorrect Request user to click “OK” when prompted to trust the certificate. 215 EAP-TLS: fatal alert by server - unknown_ca Clearpass reject authentication as to client certificate validation failed. Request to verify the trust list setting and OCSP/CRL settings.
  • 9. 9#ATM16 Event Viewer –This page provides reports about system-level alerts and should be looked at for any Major issues on the Server as it holds information about Critical events. @ArubaNetworks |
  • 10. 10#ATM16 Audit Viewer –Use the Audit Viewer to confirm any recent changes made to server configuration. @ArubaNetworks |
  • 11. 11#ATM16 Insight – An Advanced Analytics/Reporting App Delivers enhanced analytics, in-depth reporting, alerting and significant gains when addressing compliance and regulatory overhead. It provides the ability to track detailed authentication records, audit trails, and develop systematic reports on network-access trends. – Insight Report: Reporting functionality in Insight helps us to monitor the pattern of authentications, context, health and proactively identify issues based on the reports. It can be used in real-time analytics, as well as the ability to look into the past to satisfy historical analysis and compliance needs. – Templates for report: Insight includes several ready-to-use pre-configured templates that help reduce the time associated with creating custom reports. The templates guide users through the process of capturing data for a number of use cases with minimal configuration. – In-depth Analytics. Insight uses a powerful analytics engine that mines network access logs in order to generate trending report on various parameters. Network managers can utilize these trends to get an overview of authentication and access activity, elaborate client access distribution, load-averages, and analyze authentication traffic flow through various network devices – Alerts. Insight can generate near real-time alerts on anomalous network activity. Network managers can configure alerts based on a number of various parameters. Alerts can be delivered via SMS or e-mail notification to multiple recipients to prompt action. We have pre-configured alerts, watchlist, folderview of alerts, ability to edit/clone alerts in 6.6. – Insight Search: Deep dive context for user, client, ClearPass server and NAD @ArubaNetworks |
  • 13. 13#ATM16 Scheduled Backup of configuration ClearPass Policy Manager provides the ability to push scheduled data securely to an external server using SFTP and SCP protocols. @ArubaNetworks |
  • 14. 14#ATM16 Cluster Wide Parameters – Auto backup settings should be set to “Off” or “Config" – Session log details retention – 3 day default – Known Endpoint clean up interval – Review and setup if appropriate. Depends on the nature of the deployment. – Unknown Endpoint clean up interval – Recommend that this is enabled. We suggest 7 as a default. – Expired Guest account clean up interval – Review and set value depending on the nature of deployment. We suggest 30 days. – Profiled Unknown Endpoint clean up interval – We suggest 7 as the default. – Audit records clean up interval – 7 days – Configure Alert Notification email/SMS. – Insight Data Retention – 30 days @ArubaNetworks |
  • 15. 15#ATM16 To address issues related to AD authentication – Authentication error MSCHAP: AD status: Named pipe disconnected – Radius/Domain services stops frequently. Recommendations: – Join ClearPass to domain controller which is available locally. – Use AD password servers to configure backup DCs. – Configure AD errors recovery action. CPPM excludes the following errors from AD errors which are used for Recovery actions. 0xC000006D - STATUS_LOGON_FAILURE, 0xC000006E - STATUS_ACCOUNT_RESTRICTION, 0xC000006F - STATUS_INVALID_LOGON_HOURS, 0xC0000071 - STATUS_PASSWORD_EXPIRED, 0xC0000072 - STATUS_ACCOUNT_DISABLED, 0xC0000064 - STATUS_NO_SUCH_USER, 0xC000006C - STATUS_PASSWORD_RESTRICTION, 0xC000006A - STATUS_WRONG_PASSWORD, 0xC0000193 - STATUS_ACCOUNT_EXPIRED, 0xC0000234 - STATUS_ACCOUNT_LOCKED_OUT, 0xC0000224 - STATUS_PASSWORD_MUST_CHANGE @ArubaNetworks |
  • 16. 16#ATM16 Enabling debug and collecting logs – Enable debug for appropriate service. – Perform test authentication/activity and collect logs. – Collect the necessary data from server/client. (Access tracker dashboard details, client OnGuard logs ..) – Restore the log level to default when finished troubleshooting. @ArubaNetworks |
  • 18. 18#ATM16 Authentication timeout issues –We may come across situations where all the user authentications or the majority of the user authentications fail due to timeouts – Sometimes this may be due to CPPM running out of RADIUS threads to process the requests –The system starts working fine after either restarting the services or the server, but you would encounter issue again encounter after some time @ArubaNetworks |
  • 19. 19#ATM16 Authentication timeout issues Cause –We have observed this issues in many instances where ClearPass receives delayed response from AD, which causes the queue to pile up and reach the maximum threads allotted for the server. –All the requests that arrive will be timed out as there are no threads to process the request against AD. –We also need to look at the load on the ClearPass server to see if it is within the handling capacity of the particular server model (500/5k/25k) and if there is a huge increase in the load on the server at the time when the issue triggered. @ArubaNetworks |
  • 20. 20#ATM16 Authentication timeout issues Troubleshooting – We need to check the Access Tracker for the user requests before the failure and verify the AD user lookup time is within few milliseconds and not in few seconds. We have noticed that a delayed response time of ~2 seconds from AD results in exhaustion of all the available threads which quickly causes an issue – We can also look at an individual request/response from the AD server in the samba logs in ClearPass to confirm when the request was sent and response received. [2015/11/16 14:22:06.202241, 3, pid=17583] winbindd/winbindd_pam.c:1834(winbindd_dual_pam_auth_crap) [ 2277]: pam auth crap domain: STAR user: Monica Hermosilla [2015/11/16 14:22:17.501540, 2, pid=17583] winbindd/winbindd_pam.c:1939(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [STAR][Monica Hermosilla] returned NT_STATUS_LOGON_FAILURE (PAM: 7) @ArubaNetworks |
  • 23. 23#ATM16 Solving Authentication Timeout Issues Recommendations – AD end delays could be caused due to multiple reasons: – starting from performance issues on the server, replication issues with other domain controllers or even due to network related issues. – Extensive logging and capturing of packets on the AD server can help determine the amount of delay in responding to requests – We also need to make sure there is no network lag induced if the servers are at different physical locations. It is recommended to join the ClearPass servers to a Local DC to avoid this situation. @ArubaNetworks |
  • 24. 24#ATM16 Join Aruba’s Titans of Tomorrow force in the fight against network mayhem. Find out what your IT superpower is. Share your results with friends and receive a free superpower t-shirt. www.arubatitans.com

Editor's Notes

  1. Endpoint profiler summary – Shows the Endpoint chart based on device category ( smart devices, computer etc) MDM Discovery Summary – Endpoints are displayed (count) in chart based on the operating system (Apple, windows, Android etc). For example, if you click the Android devices chart, you can view the list of only Android devices in the Configuration > Identity > Endpoints page. OnGuard clients Summary – OnGuard clients summary chart based on the operating system the client running. When clicking on particular device type, we can view the clients of that type in OnGuard activity page
  2. Access tracker check the input/output tab to request and response. Alerts tab will give us reasonable error message to understand the failure. We can use Data filter to select the right server, date range and type of request to show up in access tracker. Show logs option will show us the complete authentication request and response. Errors are shown in red and warning messages are showing yellow. With debug enabled for radius and policy server, we can see time taken for each task like service categorization time, LDAP query time, MSCHAP authentication time, Policy enforcement time..
  3. Admin Server Airgroup notification service : set to debug when we want to troubleshoot Airgroup related issues. Async Network services : Set to debug when we want to troubleshoot CoA issues, Post autheticaion (post auth check, PA update), Profiling issues, Endpoint context server polling issues Clearpass Network services : Set to debug to understand device audit, DHCP message processing, IF-MAP request processing etc.. DB Change notification sever and DB replication service – set to debug when we need to troubleshoot cluster sync/replication issues. Micros Fidelio FIAS – enable debug to capture debug data for Micros FIAS server communication for guest account creation. Multi Master cache – is an SQL light DB stored in Clearpass server to store user/machine authentication session info, posture result cache and enforcement policy results cache. This will be replicated to all the servers in cluster with same zone and builds a star topology to update each other. Policy server – Rule Engine – To debug how Clearpass performing service classification, role mapping and enforcement policy evaluation. XPIP Server – To understand how request handled from Radius to policy server. Database – Policy server internal DB communication. AD/LDAP – Tells us policy server AD/LDAP queries for authorization. Request Handling – How policy server handles request. External Posture validation – If we have added external posture servers to client health evaluation, we can debug the communications. Internal Posture Validation – When Clearpass configured to perform client health check using internal posture server. Radius server – to debug radius authentications. Syslog client service – To debug syslog message export to external syslog servers. TACACS Server – To debug TACACS+ authentication processing and authorization.
  4. Contest Overview - Aruba is running a marketing campaign where we ask “What is your IT superpower?” - Go to arubatitans.com to take a quick quiz to discover your superpower. - Share your results with friends and encourage others to play the game - Once you share, go to the Social and Community Hub, Gracia Commons, 3rd fl to pick up your free superpower shirt. FAQ 1. What do I have to do to get a shirt? Share your IT superpower results with friends and encourage them to play the game. Then come to the Social & Community Hub, 3rd Floor Gracia Commons to pick up your shirt. We just need your name and badge for verification. 2. Where do I get my shirt? Come to the #ATM16 Social & Community hub located at Gracia Commons on the 3rd Floor 3. Do I have to be at the event to get the shirt? Yes. You have to be at #ATM16 to get a shirt. 4. Can I get my colleague a shirt? He/she is in a session right now. Unfortunately not. We encourage your colleague to participate so that they can win a shirt for themselves. 5. Can I bring a shirt home for my colleague? Unfortunately not. You have to be at #ATM16 to get a shirt. 6. You don’t have a shirt in my size, can you ship the right size to me later? Unfortunately not. Please select the best size from our inventory on site.