I do not know your source, but this is the official work I got from Aruba for
the latest ClearPass.
EAP-TTLS + MSCHAPv2 authentications from Android 6.0 against CPPM 6.5.3 will
fail. To make
Authentications succeed, disable TLS 1.2.
It is disabled per server under
Administration -> Server
I’m currently embarking on a project to determine the number of RADIUS auths
per minute each one of my controllers is generating to plan for the capacity I
need for my RADIUS servers.
I was curious if anyone has embarked on a similar journey and tried to measure
auth rates coming from their
We are using FreeRADIUS, but I want to measure independent of the RADIUS server.
--
Charles Rumford
Network Engineer/Senior Wireless Engineer
ISC Network Operations
University of Pennsylvania
OpenPGP Key ID: 0xF3D8215A
(p) 215-746-2808
Sent from my phone
On Oct 15, 2015, at 17:12, Jeremy Gibbs
We have Cisco controllers and have a script that polls the radius table and
then queries the radius stats table to combine the address of the radius
servers with their stats. This is done on a Unix box with snmpwalk and the
like. I will send that out in the morning if you want.
I also did
Charles,
We use freeradius and Zenoss. There is a Zenoss zenpack that will generate
graphs for you (if you happen to use Zenoss for monitoring):
http://wiki.zenoss.org/ZenPack:FreeRADIUS. It leverages the freeradius status
module (not exactly independent I suppose).
Adam
One way is to parse through radius logs (each controller has its unique client
name) and generate stats for auth/sec, auth/min, auth/day. You can also
generate graphs from scripts. I wrote a few to generate and mail graphic
reports daily.
Yu Wang
CS, FSU
There are some stats on the controllers but we haven't been able to work out
how to poll them via snmp which would be ideal. The other option would be
scripting SSH to run the command and pull the relevant information for
graphing.
(Cisco Controller) >show radius auth statistics
Hmm, I am interested to hear how you might accomplish that. My first
instinct is to port mirror the controller to a large enough box to handle
the traffic and have a filter looking for port 1645/1812 (whatever your
RADIUS AUTH port is) so you only capture that traffic (I would use
tcpdump). Then
What are you using for a RADIUS server?
*--Jeremy L. Gibbs*
Sr. Network Engineer
Utica College IITS
T: (315) 223-2383
F: (315) 792-3814
E: jlgi...@utica.edu
http://www.utica.edu
On Thu, Oct 15, 2015 at 5:08 PM, Charles Rumford
wrote:
> I’m currently embarking on a
I am surprised there are no statistics to be had from the controller. I am
assuming you have gone down that avenue already.
*--Jeremy L. Gibbs*
Sr. Network Engineer
Utica College IITS
T: (315) 223-2383
F: (315) 792-3814
E: jlgi...@utica.edu
http://www.utica.edu
On Thu, Oct 15, 2015 at 5:35
That is my first thought also. I might put two smaller boxes out on select
controllers and do selective port mirroring from the actual controller to
reduce the flood of traffic. More thinking and planning needed.
--
Charles Rumford
Network Engineer/Senior Wireless Engineer
ISC Network
I have done some tests in the past on freeradius with ldap and AD backend. We
have Aruba controllers. What wireless vendor(s) do you use?
Yu Wang
CS, FSU
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
Charles,
We’re running two load-balanced FreeRADIUS instances on RHEL servers. Our
Identity and Access Management Team runs those machines. Short story long,
last fall our auth rates were getting high enough that the IAM team had to
convert the log rotation to MySQL because the log files
Hi Walter.
Yeah I'd certainly like to see how you do the queries, we've only just started
looking into this and that would certainly save some time
--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph : +61 8 8313 4800
-Original Message-
From: The EDUCAUSE Wireless Issues
All,
This is probably an old topic, but I have not seen anything in a while on it.
At present we are a Cisco shop with regard to our wireless deployment, and we
are looking at changing out a substantial number (250) of our AP's (1131 to
3702). These AP's represent about 30% of our deployment
Tried running our Extreme wireless network alongside a Cisco PoC. I would
NEVER do it again.
On Thu, Oct 15, 2015 at 12:42 PM, Oliver, Jeff wrote:
> All,
>
> This is probably an old topic, but I have not seen anything in a while on
> it.
>
> At present we are a Cisco
We did that for awhile with two different vendors. Over the course of about
6-12 months, we migrated from a full vendor A system to a vendor B system. It
actually wasn't all that bad, really, provided you stick to some basic
principles:
1. Do it building by building. Don't swap half the WAPs
I think it's always wise to look at other vendors when you're about to replace
that amount of equipment, but unless you are unhappy, it's unlikely that the
alternative will come out less expensive i.e. hardware purchase, plus
learning/supporting another vendor.
If you're happy, work with your
18 matches
Mail list logo