07-19-13 Expert Day

Reply
Occasional Contributor I
Posts: 7
Registered: ‎01-12-2012

ClearPass Stale Sessions

Hi,

 

We have CleaPass server integrated with Aruba controllers, the integration follows all Aruba best practice guides, including RFC3576.

 

However, we still get stale sessions appearing on the ClearPass servers. As a house keeping exercise each morning I manually login to the CearPass servers and clear stale sessions, not a big deal, but, is there anymore I can do to automate the process of clearing stale sessions?

 

Thanks,

 

richard

 

 

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: ClearPass Stale Sessions

[ Edited ]

Hi

Is your issue is with guest module ? or genarlly with Clearpass users?

 

some tips:

  • make sure that your RFC3576 working well.
  • be sure to choose the right option in the guest manager.
  • try to update your CPPM / REBUILDING your register form <-sometimes the issue is there

 

you can also try to config your clearpass params:

original.png

 

or set the option {if you are talking about the guest module...go and set the right config u need under GUEST MANAGER}

 

original2.png

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba Employee
Posts: 3
Registered: ‎01-09-2012

Re: ClearPass Stale Sessions

[ Edited ]

Hi Richard,

 

Stale sessions are supposed to be cleared up automatically after the Clearpass server receives RADIUS Accounting Stop from Aruba Controller. If we are seeing these stale entries for longtime, please verify the below.

 

1) For the slate entry on Clearpass Guest, can you confirm that the user is removed from the user-table on controller?

2) Is Interim Accounting Updates enabled on the controller?

2) Run a capture on the CPPM Server, setup a test client and disconnect the client, wait for the entry to be removed on the controller after it hits the aaa timers idle timeout(default 5 min). Stop the capture and check if Clearpass Server has received RADIUS Accounting Stop for that client from Aruba controller as we expect to see RADIUS Accounting Stop to remove the session entry.

 

Also let us know the Clearpass code version running on the server.

 

 

Regards,
Rajesh Ramireddy
Aruba Employee
Posts: 3
Registered: ‎01-09-2012

Re: ClearPass Stale Sessions

Adding to that, starting from 6.1, if we do not receive any accounting information(Interim updates/Stop) for a session in the last 24 hours, we will remove that in next Nightly Maintenance cycle(2AM everyday by default).

Regards,
Rajesh Ramireddy
Occasional Contributor I
Posts: 7
Registered: ‎01-12-2012

Re: ClearPass Stale Sessions

Thanks for the quick response.

 

Aruba ClearPass Guest OS release 3.9

Aruba3600 - 6.1.3.5 x 4 central installation

AP105 x 400 remote locations

 

We use the ClearPass guest for Radius services, we do not run CPPM.

 

Basically the installation provides captive portal services for Guest Free WiFi, amongst other things.

 

We have interim accounting enabled on the main AAA profiles for guests.

 

I can see some stale sessions on the Amigopods, I take a MAC address from one of these stale sessions and search the contoller but see no corresponding session. Similarly I can see multiple inactive session on the controllers (client monitor GUI) that do no have an associated session on the CP servers (again via MAC search).

 

Some of these controller sessions can have very long session times 

 

802.11g59 days 3 hrs 21 minsAssociated(Remote)split tunnel

 

I will double check all the settings posted to date, but I think we have it pretty much as descricbed.

 

 

Thanks,

 

Richard

 

 

 

 

Aruba Employee
Posts: 20
Registered: ‎08-20-2009

Re: ClearPass Stale Sessions

Richard,

In Amigopod 3.9, currently if there is no 'Accounting stop' sent by controller, the session will remian stale and the best option is to bulk delete them, as you were doing now. However, in the ClearPass Guest 6.1(latest version), we have improved it to be automatic deletion for these sessions as Rajesh mentioned.

Search Airheads
Showing results for 
Search instead for 
Did you mean: