Security

Hi Guys,

I have deployment Aruba controller , Clearpass for guest. But i find that when guest liftime was gone. Guest still can connect internet. Clearpass using RFC 3576 Server to auth for guest. 

 

Now, I suspect :

1.In Clearpass Active Sessions error message: There are no sessions to display. You should enable Insight on at least one node in Policy Manager. (I try to follow tips to enable it but not work)

2.RFC 3576 Server config issue. 

 

Any one can give me some advise ? 

 

Thanks a lot !!

 

 

Do you have enable the following :
- Interim Accounting (ClearPass and the controller )
- CoA (ClearPass and controller shared key matches)

 

- Interim Accounting (ClearPass and the controller )
- CoA (ClearPass and controller shared key matches)

Already have enable.

 

For example I generate a new guest account, exprie time at after 30 mins, And the lifetime was 10 mins, I login now, after 10 mins i staill in connect, But after 30 mins, I will logout automatic. 

 

The Clearpass send out the disconnect message should be as same. Why lifetime will invalid ?

.

Hi Gary,

 

Please let me know the ClearPass version. 

 

Do you have the following enforcement profiles mapped/applied in the guest user authentication service in policy manager?

 

xxx Guest Do Expire

xxx Guest Expire Post Login

 

The "expire post login enfircement profile" is the one which will mark the guest expiry based on account lifetime after the guest user first login. These profiles will be created automatically when you create the gueste authentication service using the service templates.

 

Guest Expire Post Login(Template:ClearPass Entity Update Enforcement).

	Type	Name		Value
1.	Expire-Time-Update	GuestUser	=	%{GuestUser:expire_postlogin}

Guest Do Expire(Template:Session Restirction Enforcement). 

	Type	Name		Value
1.	Expiry-Check	Expiry-Action	=	%{GuestUser:do_expire}

Hi Saravanan,

Thank of you reply, The issue was fixed. 

In the system setting, I forgot enable the insight function.