03-21-2017 09:47 AM
Was curious as to where the settings are, either in ClearPass or on the controller, that blacklist guests. Where are the parameters defined? I created a common guest account for our board members today, and after some failed login attempts, as well as exceeding the unique-device threshold in the service, the common account was blacklisted. Trying to figure out how CP determines when to blacklist. Logically it makes sense, but where is the setting?
03-21-2017 09:50 AM
03-21-2017 10:32 AM
03-21-2017 10:53 AM - edited 03-21-2017 11:29 AM
I must politely disagree. The Bandwidth Limit and Session Duration fields were empty on the blacklisted user list. In addition, there was a blacklisted guest user ID that was my test account from yesterday that I used for about 30 seconds. There is a 5mb bandwidth contract applied to the captive portal authenticated role, but I was nowhere near that amount of throughput.
Going back to 2014, I found this thread on Airheads with people that had the same issue, but it was never addressed.
03-21-2017 10:59 AM
03-21-2017 11:28 AM
(The unique device count was originally at 5...changed it to 20 during troubleshooting to accommodate an entire board of directors using the same guest account, thinking this is what stopped them from authenticating and subsequently getting blacklisted)
Guest Session Timeout
Guest Bandwidth Limit
Guest Session Limit
Guest MAC Caching
Guest Do Expire
Guest Expire Post Login
03-21-2017 11:38 AM
5 users were able to get on okay...the 6th and beyond got denied. At the time that correlated to the Unique Device Count defined in the Service (which was why I changed it from 5 to 20). So I'm not sure if it's unique device count or # of sessions. At any rate, when does blacklisting take place?