Security

Reply
Occasional Contributor II
Posts: 16
Registered: ‎04-08-2014

Active Sessions is not re-populated after a user is disconnected via Guest Manager.

[ Edited ]

Hi,

 

I am running into an issue with the Guest active sessions page and was hoping someone could shed some light.  This is my problem:

 

  1. Client connects to my guest SSID
  2. Re-Direct to Captive Portal, Self-Register
  3. Admin Approve Account
  4. Client logs in
  5. Active Sessions are updated with client info (ip, username mac NAS etc.)
  6. Admin decides to disconnect the current session from the Active Sessions page
  7. Successfully disconnects the user (Radius CoA sent to Cisco WLC and disconnects client) works as intended. ( I see client disconnected from WLC clients table)
  8. User refreshes his web brower and is able to surf – this is okay because we are using MAC_AUTH and since this mac is known, he’s permitted
  9. == Now the issue….==
  10. When I go into Active sessions again, it’s blank!  WLC shows client is authed .

My question is, how do we populate the active sessions page when I user is forcefully disconnected and re-connected.

 

Thanks for help!

 

-Nic

Guru Elite
Posts: 8,460
Registered: ‎09-08-2010

Re: Active Sessions is not re-populated after a user is disconnected via Guest Manager.

Do you have RADIUS accounting / interim-accounting enabled in your MAC-Auth configuration on the controller?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 16
Registered: ‎04-08-2014

Re: Active Sessions is not re-populated after a user is disconnected via Guest Manager.

Thanks for the fast reply.  I do have Interim-account enabled on the Cisco WLCs and not entirely sure if its enabled on the MAC_AUTH service.  Here is the cfg screen shot.

 

WLC

1.PNG

 

 

CPPM Service

 

2.PNG

Occasional Contributor II
Posts: 16
Registered: ‎04-08-2014

Re: Active Sessions is not re-populated after a user is disconnected via Guest Manager.

Also to note, when I press disconnect, it does disconnect the client from the WLC (I see the session get cleared on the ciso controller).  Its just the issue of when the client surfs again the Acitve sessions on Guest Manager is not updated.

Occasional Contributor II
Posts: 16
Registered: ‎04-08-2014

Re: Active Sessions is not re-populated after a user is disconnected via Guest Manager.

Hi All,

 

I have resolved this issue and wanted to share the problem.  I noticed that my main admin account was able to view the sessions without any issues and it was just my custom profile for our receptionists that couldnt view.  I checked the permissions to FULL control for the recption profile for GUEST Manager, but it still wouldn't show active sessions.

 

I then noticed below that User Rols was checked to "Guest".  I removed this role and we can now view sessions.

 

 

If a profile is set for FULL ACCESS to Guest Manager AND the user role is guest..... that profile will not be able to see active sessions.

 

 

1.PNG

 

If a user is set to FULL ACCESS and no User role is selected, they will be able to view the current sessions.

 

2.PNG

 

I hope this helps anyone running into this issue.

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: