05-13-2014 08:14 AM - last edited on 05-13-2014 06:15 PM by Jamie E
I am running into an issue with the Guest active sessions page and was hoping someone could shed some light. This is my problem:
- Client connects to my guest SSID
- Re-Direct to Captive Portal, Self-Register
- Admin Approve Account
- Client logs in
- Active Sessions are updated with client info (ip, username mac NAS etc.)
- Admin decides to disconnect the current session from the Active Sessions page
- Successfully disconnects the user (Radius CoA sent to Cisco WLC and disconnects client) works as intended. ( I see client disconnected from WLC clients table)
- User refreshes his web brower and is able to surf – this is okay because we are using MAC_AUTH and since this mac is known, he’s permitted
- == Now the issue….==
- When I go into Active sessions again, it’s blank! WLC shows client is authed .
My question is, how do we populate the active sessions page when I user is forcefully disconnected and re-connected.
Thanks for help!
Solved! Go to Solution.
05-13-2014 08:16 AM
Do you have RADIUS accounting / interim-accounting enabled in your MAC-Auth configuration on the controller?
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
05-13-2014 08:41 AM
Thanks for the fast reply. I do have Interim-account enabled on the Cisco WLCs and not entirely sure if its enabled on the MAC_AUTH service. Here is the cfg screen shot.
05-13-2014 08:42 AM
Also to note, when I press disconnect, it does disconnect the client from the WLC (I see the session get cleared on the ciso controller). Its just the issue of when the client surfs again the Acitve sessions on Guest Manager is not updated.
05-13-2014 09:29 AM
I have resolved this issue and wanted to share the problem. I noticed that my main admin account was able to view the sessions without any issues and it was just my custom profile for our receptionists that couldnt view. I checked the permissions to FULL control for the recption profile for GUEST Manager, but it still wouldn't show active sessions.
I then noticed below that User Rols was checked to "Guest". I removed this role and we can now view sessions.
If a profile is set for FULL ACCESS to Guest Manager AND the user role is guest..... that profile will not be able to see active sessions.
If a user is set to FULL ACCESS and no User role is selected, they will be able to view the current sessions.
I hope this helps anyone running into this issue.