Security

Hello,

 

Mac Caching with CPPM does not work correctly.

OUr guest users are redirected to a captive portal when they connect for the first time. Generally Clearpass checks if the device is already in de endpoint database, because users should only are forced to login via captive portal once a day.

 

But in Access Tracker of CPPM I can see that this is not working.

I logged in with a new ipad on my captive portal. Everything is ok. Mac Caching fails as expected.

I disconnected the ipad via the aruba management gui and tried to reconnect.

Then i was prompted to login via captive portal again.

Access tracker shows that mac caching failed. I checked endpoint database and i found the ipad correctly.

Accesstracker shows following Error

 

 

Does anybody has an idea about this problem?

 

Thanks a lot

Did you creat the two services with the guest Mac auth template? Is insight enabled? You need to post a screen shot of summary.if you answered either one no then you might need to post screen shots of the services and each tab

Does anyone have an idea?

you didn't answer:

• Did you create the two services with the guest Mac auth template?
• Is insight enabled?
• You need to post a screen shot of summary.

The Services were not created with the template.

Insight is enabled yes.

Screenshots you can find in my postings above

not the screenshot of the summary of the access tracker.

 

also are these clients in your endpoint repository?

from your screenshot, your endpoint is in unknown state.

add another enforcement policy in your CP service to do post-authentication action to change the state to known after a succesful CP login.

 

Ricky.

---

@rickylee wrote:

from your screenshot, your endpoint is in unknown state.

add another enforcement policy in your CP service to do post-authentication action to change the state to known after a succesful CP login.

 

Ricky.

---

How can I do this? In Post Enforcement Profile "Guest Mac Caching" i can't find an attribute to change status.

Can anyobody help?

for testing purposes, you can change the endpoint state from unknown to known manually from endpoint database.

have you tried tim's suggestion to change auth method to all mac auth?

can you show the services screen where the auth fails?

 

Ricky

If you use the service template for MAC caching, it will create all the necessary enforcement actions.

I now created the Service via template. OK Mac caching is working. But now I have another question.

There seems to be a limit now for the total amount of guet accounts correlated connected  devices.

I'm sure it is not the value of "simultaneuos_use" of guest module. Where can i modify this limit? And where can i lookup how many connected machines one user uses?

Use AllowAll MAC-auth as the authentication method instead of just MAC-auth. 


Thanks, 
Tim