Security

 View Only
Back to discussions
Expand all | Collapse all

ClearPass Active Sessions

This thread has been viewed 61 times

  • 1.  ClearPass Active Sessions

    Posted Oct 06, 2022 01:17 PM
    I am not seeing any Guest accounts in the Active Sessions table on ClearPass.  I have RADIUS Interim Accounting enabled on the controller side.  What could I be missing?

    ------------------------------
    Peter
    ------------------------------


  • 2.  RE: ClearPass Active Sessions

    Posted Oct 06, 2022 03:18 PM
    Are you actually performing any guest authentication?  Local guest database?  External?
    Original Message


  • 3.  RE: ClearPass Active Sessions

    Posted Oct 06, 2022 08:05 PM
    You:

    - Need to setup a radius accounting server group
    - Assign that radius server accounting group to your AAA profile in that Virtual AP

    If it works, you will see an accounting tab in access tracker for 802.1x authentications.


    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------

    Original Message


  • 4.  RE: ClearPass Active Sessions

    Posted Oct 07, 2022 07:46 AM
    Will I also see guest sessions in the Active Sessions table?  

    Kind Regards,

    Peter Abene | Wireless LAN Network Engineer

    o +1 732-812-8339 • m +1 973-975-7961 peter.abene@vonage.com

    23 Main St.  • Holmdel, NJ  07733 • USA






    Original Message


  • 5.  RE: ClearPass Active Sessions

    Posted Oct 07, 2022 07:50 AM
    Yes

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------

    Original Message


  • 6.  RE: ClearPass Active Sessions

    Posted Oct 07, 2022 08:10 AM
    Its strange, I enabled RADIUS interim accounting on controller and ClearPass, the "ClearPass-RADIUS" server group is defined with the 2 Clearpass servers and applied to the AAA profile of the Guest VAP, but still not seeing anything in the Access Tracker or Active Sessions table.  I'll monitor as there may not be any guests connected.  

    Kind Regards,

    Peter Abene | Wireless LAN Network Engineer

    o +1 732-812-8339 • m +1 973-975-7961 peter.abene@vonage.com

    23 Main St.  • Holmdel, NJ  07733 • USA






    Original Message


  • 7.  RE: ClearPass Active Sessions

    Posted Oct 07, 2022 08:43 AM
    There is a radius accounting server group that needs to be assigned.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------

    Original Message


  • 8.  RE: ClearPass Active Sessions

    Posted Oct 07, 2022 09:17 AM
    I have a server group called ClearPass_RADIUS, which includes the 2 ClearPass servers.  Is this server group not considered a RADIUS Accounting server group?

    Kind Regards,

    Peter Abene | Wireless LAN Network Engineer

    o +1 732-812-8339 • m +1 973-975-7961 peter.abene@vonage.com

    23 Main St.  • Holmdel, NJ  07733 • USA






    Original Message


  • 9.  RE: ClearPass Active Sessions

    Posted Oct 07, 2022 12:55 PM
    Yes, but you need to apply that same group to the Accounting Server Group in the AAA profile for the controller to send accounting packets.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------

    Original Message


  • 10.  RE: ClearPass Active Sessions

    Posted Oct 07, 2022 06:00 PM
    here is the accounting server group option under aaa profile.


    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------

    Original Message


  • 11.  RE: ClearPass Active Sessions

    Posted Oct 10, 2022 07:17 AM
    Hi,

    As long as you have the ClearPass server group mapped as the RADIUS Accounting Server Group on the controller AAA profile, you should see the active guest session data.

    Also, ensure that RADIUS Interim Accounting Logging is set to TRUE on ClearPass under Service Parameters -- > RADIUS Server.

    Regards,
    Thiyagi
    Original Message


  • 12.  RE: ClearPass Active Sessions

    Posted Oct 10, 2022 12:36 PM
    I am finally seeing some of the corporate users in the Active sessions table.  Is there a reason I don't see all of the clients? For instance, there are 20 users on the corporate SSID, but Active Sessions only shows 2 of those users.

    ------------------------------
    Peter
    ------------------------------

    Original Message


  • 13.  RE: ClearPass Active Sessions

    Posted Oct 10, 2022 12:50 PM
    Did those just recently authenticate?
    Original Message


  • 14.  RE: ClearPass Active Sessions

    Posted Oct 10, 2022 12:54 PM
    I have to confirm.  Does that mean the existing clients may not show up, but the newly connected users will show up in the Active sessions table?

    Kind Regards,

    Peter Abene | Wireless LAN Network Engineer

    o +1 732-812-8339 • m +1 973-975-7961 peter.abene@vonage.com

    23 Main St.  • Holmdel, NJ  07733 • USA






    Original Message


  • 15.  RE: ClearPass Active Sessions

    Posted Oct 10, 2022 01:40 PM
    Clearpass would not have seen the "accounting start" sent by clients before you enabled radius accounting.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------

    Original Message


  • 16.  RE: ClearPass Active Sessions

    Posted Oct 10, 2022 01:53 PM
    Edited by thiyagi Oct 10, 2022 01:54 PM
    Give it a day or two and look under Monitoring --> Accounting if you are seeing accounting sessions for more users. If you've started seeing accounting data for two users, there is no reason why you would not see them for other users.

    The "show aaa authentication-server radius statistics" command would help understand the number of accounting packets sent by the controller to Clearpass.

    - Thiyagi
    Original Message


Related Content