Security

Reply
Occasional Contributor I
Posts: 9
Registered: ‎03-11-2017

Can ClearPass send a disconnect request when the guest user expired?

Hi everyone:

      I have a question about the Guest user.

I regist a guest user throught the web page, and the expired time is about 1 hour. After 1 hour, the user can not login again. It will reject the authentication. I want to know, if the Clearpass can send a DM (disconnect request) message by radius packet to the NAS when the guest user become to expired status? If it's ok, how to do the configuration?

Aruba Employee
Posts: 508
Registered: ‎02-19-2015

Re: Can ClearPass send a disconnect request when the guest user expired?

Yes, it will send de-auth radius packet. I have attached CPPM and Aruba wireless integration guide, which proivde basic guest regestration configuration.

 

Regards

Pavan

If my post address your query, give kudos:)

Contributor I
Posts: 23
Registered: ‎02-19-2017

Re: Can ClearPass send a disconnect request when the guest user expired?

[ Edited ]

update your enforcement policy with Radius CoA disconnect when the the account expires.

 

 

 

 Aruba Wireless ACMP/ ClearPass ACCP Professional

Give Kudo give helpful

Occasional Contributor I
Posts: 9
Registered: ‎03-11-2017

Re: Can ClearPass send a disconnect request when the guest user expired?

Hello

    what's the meaning of de-auth radius packet.

Is that the packet in RFC3576 , Disconnect Message ?

 

2.1. Disconnect Messages (DM)

A Disconnect-Request packet is sent by the RADIUS server in order to
terminate a user session on a NAS and discard all associated session
context. The Disconnect-Request packet is sent to UDP port 3799, and
identifies the NAS as well as the user session to be terminated by
inclusion of the identification attributes described in Section 3.

Chiba, et al. Informational [Page 5]
RFC 3576 Dynamic Authorization Extensions to RADIUS July 2003

+----------+ Disconnect-Request +----------+
| | <-------------------- | |
| NAS | | RADIUS |
| | Disconnect-Response | Server |
| | ---------------------> | |
+----------+ +----------+

Aruba Employee
Posts: 508
Registered: ‎02-19-2015

Re: Can ClearPass send a disconnect request when the guest user expired?

Hi,

 

Yes, its Radius Disconnect message.ClearPass should be configured as RFC 3576 server on the controller and Accounting should also be enabled on the controller. Need to enable insight in clearpass aswell.

Regards,

Pavan

If my post address your query, give kudos:)

Search Airheads
Showing results for 
Search instead for 
Did you mean: