Background

When registering devices in ClearPass or troubleshooting wireless (or wired HAP) devices that are unable to connect, it is useful to ensure not only that the device in question is registered correctly but also that the network is seeing the device as registered. The ClearPass access tracker helps us see if the network is seeing a device as registered. To know when this is useful, we must know what networks ClearPass controls. The ClearPass access tracker will show connection attempts from wireless UWNet, UWNet-Housing, eduroam, and wired devices connecting to the HAPs in University Housing (see: Campus Network Housing - Identifying Hospitality Access Points). ClearPass does not control ethernet devices in general campus or academic buildings.

Setup

Just like when you register a device in ClearPass, there is some background setup you need to accomplish before you can use the access tracker. Navigate to ClearPass and complete the following:

1. Follow the same login and setup procedure as shown in steps 1 and 2 in ClearPass - Registering Devices. Open the access tracker tab:
   

2. Wait for the Auto Refresh icon to turn green. If it is red for an extended period, try opening ClearPass in a private window (see Opening a Private Browsing Window).
   

3. When completed, the top portion of the access tracker should look as follows:
   

4. Change the search to Host MAC Address with the qualifier as Contains.

Understanding the Terminology

• Accept: Rows shown in black mean that the device authenticated successfully and should be receiving internet connection.
• Reject: Rows shown in red mean that the device did not authenticate and will not be receiving internet connection (even if the device gets a valid UWNet IP address).

Using the Access Tracker and Finding Meaning in the Results

Now that the access tracker is set up, we can use it to see if a device is connecting. Remember, you should make sure a device is registered first (see ClearPass - Registering Devices). Once we have confirmed the device is registered, we can use the access tracker to discern whether the connection is working. For the purposes of this document, we will be only showing searching by a MAC address to show the connectivity of a single device and if it is or is not connecting. When looking at search results, read top to bottom: The top is the most recent event (you can also see the timestamps at the far right of the table).

After confirming the device is registered, make sure the search reads Host MAC Address Contains. Put the MAC address in the search field, and click Go. Wait a few seconds for the results to load.

If you see an ACCEPT:

This indicates the device has connected to UWNet (or another indicated SSID). You should see the user's NetID in the username field instead of a MAC address. Ask the customer to try going to a website; it should work.

If the customer still reports the inability to connect, follow the steps below for REJECT and make sure the device is compatible with UWNet (see UWNet - Device Incompatibility List).

If you see a REJECT:

This indicates the device is either still unregistered or has not attempted to re-authenticate with UWNet since it was registered (this only automatically happens every hour or so - we are going to force it to do so now).

First, double check this MAC address is registered to the customer then have the customer complete the following steps:

• For wired connections to UW Housing HAPs: Have the customer completely power-cycle the device.

• For wireless connections: If the customer is in UW Housing, have them click the UWNet-Housing wireless SSID (or UWNet if they were trying to connect to UWNet-Housing). Then after waiting about 15 seconds, have them click back to the network they originally tried to connect to. If the customer is in an academic campus building, try the same but with eduroam instead of UWNet-Housing (let the connection to eduroam fail, but the point is the device needs to try to connect to a different network, then try UWNet again).

• If that does not work, try a full device restart (complete power off). Try turning WiFi off on the device for two minutes, then turning it back on and connecting to UWNet.

• Moving around the building is also helpful, as the device needs to re-authenticate with every router it switches to - suggest this if the customer is registering a phone.

• If that fails, suggest the customer come to onsite if it does not start working after about 2 hours (it will likely work if it is registered correctly and device is compatible with UWNet (see: UWNet - Device Incompatibility List).

If you see a NO RESULTS

Complete the following steps:

1. Make sure you correctly configured the access tracker as shown in setup. Remember the Auto Refresh must be green.

2. Ask the customer to click UWNet in their wireless network list again. If this does not produce a search result, continue on.

3. Ask the customer to double check the MAC address and make sure they provided the wireless MAC/Physical address.

4. Remove the last digit of the MAC address you searched for and run the search again. For example if you had searched for a1a2a3a4a5a6, search for a1a2a3a4a5a. If you now see devices, register that other MAC address, the customer was likely providing the wired MAC address rather than the wireless MAC address.

Other Searches and Results

Remember, ClearPass shows the results of wireless UWNet, UWNet-Housing, eduroam, and wired devices connecting to the HAPs in University Housing. The Service column shows the SSID the device is connecting to. If it is eduroam, the username column will be the NETID@wisc.edu email address the customer registered, otherwise it will be the NetID.

It may occasionally be helpful to just search all access attempts for a user. In this case, you can change the search to Username contains and enter the NetID.