Security

Reply
Frequent Contributor I
Posts: 99
Registered: ‎08-05-2013

Clearpass - Guest Blacklisting

Was curious as to where the settings are, either in ClearPass or on the controller, that blacklist guests.  Where are the parameters defined?  I created a common guest account for our board members today, and after some failed login attempts, as well as exceeding the unique-device threshold in the service, the common account was blacklisted.  Trying to figure out how CP determines when to blacklist.  Logically it makes sense, but where is the setting?

Guru Elite
Posts: 8,460
Registered: ‎09-08-2010

Re: Clearpass - Guest Blacklisting

Are you seeing them in the Blacklisted Users list in ClearPass Policy Manager or are they being blacklisted on the controller?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 99
Registered: ‎08-05-2013

Re: Clearpass - Guest Blacklisting

They are on the blacklisted user list in ClearPass.  Controller blacklist is empty.

Guru Elite
Posts: 8,460
Registered: ‎09-08-2010

Re: Clearpass - Guest Blacklisting

We do not automatically blacklist guest users on authentication attempts. Please check your captive portal authentication service to see if you're setting any other session enforcements like bandwidth usage.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 99
Registered: ‎08-05-2013

Re: Clearpass - Guest Blacklisting

[ Edited ]

I must politely disagree.  The Bandwidth Limit and Session Duration fields were empty on the blacklisted user list. In addition, there was a blacklisted guest user ID that was my test account from yesterday that I used for about 30 seconds.  There is a 5mb bandwidth contract applied to the captive portal authenticated role, but I was nowhere near that amount of throughput.

Going back to 2014, I found this thread on Airheads with people that had the same issue, but it was never addressed.

 
http://community.arubanetworks.com/t5/Security/ClearPass-blacklist-guest-users/td-p/217971

Guru Elite
Posts: 8,460
Registered: ‎09-08-2010

Re: Clearpass - Guest Blacklisting

Please post your captive portal service enforcement policy and the related enforcement profiles.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 99
Registered: ‎08-05-2013

Re: Clearpass - Guest Blacklisting

Enforcement Policy:

enforcment policy.JPG

(The unique device count was originally at 5...changed it to 20 during troubleshooting to accommodate an entire board of directors using the same guest account, thinking this is what stopped them from authenticating and subsequently getting blacklisted)

 

 

Enforcement profiles:

 

Guest Session Timeout

Guest Session Timeout.JPG

 

Guest Bandwidth Limit

Guest Bandwidth Limit.JPG

 

Guest Session Limit

Guest Session Limit.JPG

 

Guest MAC Caching

Guest MAC Caching.JPG

 

Guest Do Expire

Guest Do Expire.JPG

 

Guest Expire Post Login

Guest Expire Post Login.JPG

 

 

 

 

 

Guru Elite
Posts: 8,460
Registered: ‎09-08-2010

Re: Clearpass - Guest Blacklisting

Do you have any session limits configured on the guest side?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 99
Registered: ‎08-05-2013

Re: Clearpass - Guest Blacklisting

Left it blank.....does a "0" have to go in there??

session count.JPG

Frequent Contributor I
Posts: 99
Registered: ‎08-05-2013

Re: Clearpass - Guest Blacklisting

5 users were able to get on okay...the 6th and beyond got denied. At the time that correlated to the Unique Device Count defined in the Service (which was why I changed it from 5 to 20).  So I'm not sure if it's unique device count or # of sessions.  At any rate, when does blacklisting take place?  

Search Airheads
Showing results for 
Search instead for 
Did you mean: