07-21-2014 06:53 AM
I’m new to clearpass so may have missed something obvious or it’s not possible etc. Basically we have a requirement to provide a guest captive portal with self-sponsor where initial registration grants 15min access (so you can get to your emails) and clicking the self-sponsor link updates this to 3 months.
I have the basics working, the guest gets 15mins access, clicks the link and clearpass updates their account with +720 day’s expiration. What I can’t seem to get is CoA / RFC 3567 to update the active session so the user does not have to re-login again.
At the moment the user gets redirected back to the portal after 15mins and when they log back in they get 3 months session timeout in seconds (it’s a large number, may just be the largest WLC will accept).
CoA is working as I can disconnect users etc from clearpass, Radius accounting is also working correctly as far as I can tell. I have created a policy which will successfully update via CoA the session timeout, I have tested it by enforcing it under the guest authentications service.
I can’t see anyway of enforcing this profile based on radius accounting or the user clicking the link in the self-sponsor email.
Clearpass version 220.127.116.11924
Cisco WLC version 18.104.22.168
Thanks in advance
Solved! Go to Solution.
07-21-2014 11:23 AM
Do you have two services created for the Guest service. One for the initial .1x CP login and the MAC auth for the mac cacheing.
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
07-22-2014 12:40 AM
Thanks for the reply
I wasnt using MAC auth as the customer wants the user to have to log in each time they return to a site so they can use the portal page for advertising, event notification etc as this is being rolled out to libraries it will be the general public connecting.
Is it possible to allow the 15 minute grace period prior to email self sponsor then, MAC authentication for 24 hours but keep the account valid for 3 months so they get 24 hours each time they return to site but not have to re-register again?
07-22-2014 08:29 AM
I have resolved this now by using MAC authentication with a MAC expiry of 24 hours. The users account still gets the 15min pre registration / 3 month post registration. They only get redirected to the captive portal once every 24 hours
thanks for the help