09-04-2012 01:15 PM
Just wondering if there is an easy solution to this. We have ClearPass configured with our Aruba controller and our legacy Cisco WCS controllers to feed guest/byod captive web portals, and since connecting the WCS controllers as Radius clients, every connection made to the captive portal WLANs, regardless of captive portal authentication state, is showing up as an active session in ClearPass and flooding it out until it won't hand out legitimate connections anymore. They show up with the mac address, no session time, and zero data. The Aruba controller is performing normally in this regard, so I feel I can probably eliminate ClearPass as the issue.
I've tried turning down the session timeout on the Cisco WLANs and that's worked, somewhat. However a lot of devices will just re-scan and jump right back on.
Has anyone seen this type of problem before and knows what magic combination of buttons will make the Cisco controllers cooperate with ClearPass?
09-04-2012 05:16 PM
I think this is very software version specific on the Cisco WLC's. We have seen issues at customer sites where RADIUS accounting traffic is received for SSID not configured to integrate with ClearPass Guest. It is assumed to be a bug in their RADIUS client implementation and the workaround was to configure different accounting servers for the other SSID's in question to ensure the traffic is not sent to ClearPass Guest. This address is some customer environments was just a loopback or non existent host address.
09-05-2012 07:30 AM
Okay, that's what it seems like was occuring. Looking further into it and comparing what I'm seeing to what's showing up in Airwave makes it look like it's dumping accounting data for the entire system into ClearPass. I'm also going to upgrade my Cisco infrastructure from v6.x to v7.x, which is supposedly also beneficial in this regard from what I've read. That and setting up a different accounting server on my other SSIDs will hopefully solve it. Thanks for your help.
06-11-2013 08:43 PM
When is a license counted. We have an external user database that we will use to authenticate users in a captive portal. We will also allow users to self-register and login?
Do you use a license for each captive portal authentication? Or just when someone authenticates using the internal guest database?