Security

Reply
Occasional Contributor I
Posts: 6
Registered: ‎01-27-2016

ClearPass guest will not disable when lifetime over

Hi Guys,

I have deployment Aruba controller , Clearpass for guest. But i find that when guest liftime was gone. Guest still can connect internet. Clearpass using RFC 3576 Server to auth for guest. 

 

Now, I suspect :

1.In Clearpass Active Sessions error message: There are no sessions to display. You should enable Insight on at least one node in Policy Manager. (I try to follow tips to enable it but not work)

2.RFC 3576 Server config issue. 

 

Any one can give me some advise ? 

 

Thanks a lot !!

 

 

MVP
Posts: 4,012
Registered: ‎07-20-2011

Re: ClearPass guest will not disable when lifetime over

Do you have enable the following :
- Interim Accounting (ClearPass and the controller )
- CoA (ClearPass and controller shared key matches)
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 6
Registered: ‎01-27-2016

Re: ClearPass guest will not disable when lifetime over

 

- Interim Accounting (ClearPass and the controller )
- CoA (ClearPass and controller shared key matches)

Already have enable.

 

For example I generate a new guest account, exprie time at after 30 mins, And the lifetime was 10 mins, I login now, after 10 mins i staill in connect, But after 30 mins, I will logout automatic. 

 

The Clearpass send out the disconnect message should be as same. Why lifetime will invalid ?

.

Aruba Employee
Posts: 30
Registered: ‎09-10-2012

Re: ClearPass guest will not disable when lifetime over

Hi Gary,

 

Please let me know the ClearPass version. 

 

Do you have the following enforcement profiles mapped/applied in the guest user authentication service in policy manager?

 

xxx Guest Do Expire

xxx Guest Expire Post Login

 

The "expire post login enfircement profile" is the one which will mark the guest expiry based on account lifetime after the guest user first login. These profiles will be created automatically when you create the gueste authentication service using the service templates.

 

Guest Expire Post Login(Template:ClearPass Entity Update Enforcement).

 TypeName Value
1.Expire-Time-UpdateGuestUser=%{GuestUser:expire_postlogin}

Guest Do Expire(Template:Session Restirction Enforcement). 

 TypeName Value
1.Expiry-CheckExpiry-Action=%{GuestUser:do_expire}
Thank you,
Saravanan Rajagopal


**Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Occasional Contributor I
Posts: 6
Registered: ‎01-27-2016

Re: ClearPass guest will not disable when lifetime over

Hi Saravanan,

Thank of you reply, The issue was fixed. 

In the system setting, I forgot enable the insight function. 

Search Airheads
Showing results for 
Search instead for 
Did you mean: