Security

Reply
New Contributor
Posts: 3
Registered: ‎07-21-2014

Clearpass CoA update session timeout on registration

Hi

I’m new to clearpass so may have missed something obvious or it’s not possible etc. Basically we have a requirement to provide a guest captive portal with self-sponsor where initial registration grants 15min access (so you can get to your emails) and clicking the self-sponsor link updates this to 3 months.

I have the basics working, the guest gets 15mins access, clicks the link and clearpass updates their account with +720 day’s expiration. What I can’t seem to get is CoA / RFC 3567 to update the active session so the user does not have to re-login again.

At the moment the user gets redirected back to the portal after 15mins and when they log back in they get 3 months session timeout in seconds (it’s a large number, may just be the largest WLC will accept).

CoA is working as I can disconnect users etc from clearpass, Radius accounting is also working correctly as far as I can tell. I have created a policy which will successfully update via CoA the session timeout, I have tested it by enforcing it under the guest authentications service.

I can’t see anyway of enforcing this profile based on radius accounting or the user clicking the link in the self-sponsor email.

Any ideas?

Clearpass version 6.3.4.64924

Cisco WLC version 7.6.120.0

 

Thanks in advance

 

Andy

Aruba
Posts: 1,536
Registered: ‎06-12-2012

Re: Clearpass CoA update session timeout on registration

Do you have two services created for the Guest service. One for the initial .1x CP login and the MAC auth for the mac cacheing. 

 

guestservices.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
New Contributor
Posts: 3
Registered: ‎07-21-2014

Re: Clearpass CoA update session timeout on registration

Hi

 

Thanks for the reply

 

I wasnt using MAC auth as the customer wants the user to have to log in each time they return to a site so they can use the portal page for advertising, event notification etc as this is being rolled out to libraries it will be the general public connecting.

 

Is it possible to allow the 15 minute grace period prior to email self sponsor then, MAC authentication for 24 hours but keep the account valid for 3 months so they get 24 hours each time they return to site but not have to re-register again?

 

cheers

 

Andy

New Contributor
Posts: 3
Registered: ‎07-21-2014

Re: Clearpass CoA update session timeout on registration

Hi

 

I have resolved this now by using MAC authentication with a MAC expiry of 24 hours. The users account still gets the 15min pre registration / 3 month post registration. They only get redirected to the captive portal once every 24 hours

 

thanks for the help

 

Andy

Search Airheads
Showing results for 
Search instead for 
Did you mean: