Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Active Sessions is not re-populated after a user is disconnected via Guest Manager.

This thread has been viewed 4 times

  • 1.  Active Sessions is not re-populated after a user is disconnected via Guest Manager.

    Posted May 13, 2014 11:15 AM

    Hi,

     

    I am running into an issue with the Guest active sessions page and was hoping someone could shed some light.  This is my problem:

     

    1. Client connects to my guest SSID
    2. Re-Direct to Captive Portal, Self-Register
    3. Admin Approve Account
    4. Client logs in
    5. Active Sessions are updated with client info (ip, username mac NAS etc.)
    6. Admin decides to disconnect the current session from the Active Sessions page
    7. Successfully disconnects the user (Radius CoA sent to Cisco WLC and disconnects client) works as intended. ( I see client disconnected from WLC clients table)
    8. User refreshes his web brower and is able to surf – this is okay because we are using MAC_AUTH and since this mac is known, he’s permitted
    9. == Now the issue….==
    10. When I go into Active sessions again, it’s blank!  WLC shows client is authed .

    My question is, how do we populate the active sessions page when I user is forcefully disconnected and re-connected.

     

    Thanks for help!

     

    -Nic



  • 2.  RE: Active Sessions is not re-populated after a user is disconnected via Guest Manager.

    EMPLOYEE
    Posted May 13, 2014 11:17 AM

    Do you have RADIUS accounting / interim-accounting enabled in your MAC-Auth configuration on the controller?



  • 3.  RE: Active Sessions is not re-populated after a user is disconnected via Guest Manager.

    Posted May 13, 2014 11:41 AM

    Thanks for the fast reply.  I do have Interim-account enabled on the Cisco WLCs and not entirely sure if its enabled on the MAC_AUTH service.  Here is the cfg screen shot.

     

    WLC

    1.PNG

     

     

    CPPM Service

     

    2.PNG



  • 4.  RE: Active Sessions is not re-populated after a user is disconnected via Guest Manager.

    Posted May 13, 2014 11:43 AM

    Also to note, when I press disconnect, it does disconnect the client from the WLC (I see the session get cleared on the ciso controller).  Its just the issue of when the client surfs again the Acitve sessions on Guest Manager is not updated.



  • 5.  RE: Active Sessions is not re-populated after a user is disconnected via Guest Manager.
    Best Answer

    Posted May 13, 2014 12:29 PM

    Hi All,

     

    I have resolved this issue and wanted to share the problem.  I noticed that my main admin account was able to view the sessions without any issues and it was just my custom profile for our receptionists that couldnt view.  I checked the permissions to FULL control for the recption profile for GUEST Manager, but it still wouldn't show active sessions.

     

    I then noticed below that User Rols was checked to "Guest".  I removed this role and we can now view sessions.

     

     

    If a profile is set for FULL ACCESS to Guest Manager AND the user role is guest..... that profile will not be able to see active sessions.

     

     

    1.PNG

     

    If a user is set to FULL ACCESS and no User role is selected, they will be able to view the current sessions.

     

    2.PNG

     

    I hope this helps anyone running into this issue.