Security

Reply
Occasional Contributor I
Posts: 8
Registered: ‎10-01-2009

ClearPass Guest user logoff within 15-30 seconds of connecting

We have a controller in the LAN with a GRE tunnel to a controller in the DMZ with an external captive portal on ClearPass Guest 6.4.2. Testing has been fine, new users create an account and can login and use the guest wirless all day long.

 

The issue we have encountered is when users returns and logs in again after a day or so, authentication suceeds they can browse the internet for 15-30 odd seconds before they are redirected to log back in to clearpass again. Logging in again 9 times out of 10 they connect for 15-30 seconds before being prompted for authentication again.

 

We've set the accounts upon creation to never expire.

 

Any suggestions on how to resolve this?

 

thanks

 

 

MVP
Posts: 4,012
Registered: ‎07-20-2011

Re: ClearPass Guest user logoff within 15-30 seconds of connecting

In the form what's the expire after value set to ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 8
Registered: ‎10-01-2009

Re: ClearPass Guest user logoff within 15-30 seconds of connecting

The "expire_after" form is not enabled on the guest registration page, if I edit the form the inital value is 0. The "Manage Guest Accounts" confirms all accounts have "No Expiry". Any other suggestions?

 

thanks

Occasional Contributor I
Posts: 8
Registered: ‎10-01-2009

Re: ClearPass Guest user logoff within 15-30 seconds of connecting

I've checked the access tracker and can see that session was terminated - Post-Auth-Check:Action "Disconnect and Block Access". I'm just wondering if one of the Enforcement Profiles is doing this? I created the service from a template which created a number of EP's. I've checked each EP and cannot seem to find anything obvious to cause this issue. Any pointers?

MVP
Posts: 4,012
Registered: ‎07-20-2011

Re: ClearPass Guest user logoff within 15-30 seconds of connecting

I misread your issue "We've set the accounts upon creation to never expire."

A couple of things you can check :

- Do you have any rules that allows the device to pass mac auth without seeing the Captive Portal for a certain amount of time ?

2015-04-02 08_56_50-ClearPass Policy Manager - Aruba Networks.png

- Are you guys are creating the accounts ahead of time , are you by any chance applying any bandwidth policies in which device logged off it reaches a certain amount of bandwidth ?

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 4,012
Registered: ‎07-20-2011

Re: ClearPass Guest user logoff within 15-30 seconds of connecting

Also check the registration page form expire_after value which by default is set to 24 hours:

 

2015-04-02 11_23_55-Customize Form Field (expire_after).png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: