Security

Reply
Occasional Contributor II

Clearpass Guest MAC caching - cannot connect again from the same device

I am testing Clearpass guest with MAC caching and self-registration.  I have been using an iPad to test.  I have followed the setup using the Clearpass Workshop Series

 

The guest mac caching is working now since I added "Allow All MAC Auth" to the authentication method.  Now when I test with my iPad, after the account expires, I cannot re-connect to my guest SSID unless I delete the iPad from the endpoint's database.  Is there a way to delete the endpoint from the database after the account has expired or is there a better way that I am missing?

Re: Clearpass Guest MAC caching - cannot connect again from the same device

In your enforcement policy remove the amount of unique-devices per user allowed
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Clearpass Guest MAC caching - cannot connect again from the same device

Victor,

 

Thanks for the quick response.  Do you mean under the "Role"?

 

Capture.JPG

Re: Clearpass Guest MAC caching - cannot connect again from the same device

You can either increase the amount of unique devices allowed per user or remove the rule if you think that enforcement is not needed

 

2017-10-02 09_05_29-ClearPass Policy Manager - Aruba Networks.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Clearpass Guest MAC caching - cannot connect again from the same device

Hmm, I took it out of the role completely and it still won't let my iPad on.  I wouldn't expect it to be an issue with unique device count since I'm using the same device repeatedly, correct?

 

Capture.JPG

 

 

Re: Clearpass Guest MAC caching - cannot connect again from the same device

Are you using different names every time you register?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: Clearpass Guest MAC caching - cannot connect again from the same device

What do you see in access tracker when your authentication fails ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Clearpass Guest MAC caching - cannot connect again from the same device

I think I may have found the issue.  I checked access tracker and the client was getting assigned the [Guest] role instead of getting the default [Deny Access Profile].  I removed the second condition on the Enforcement Profile and that forced the client to get the Deny Access Profile and get now it gets the Captive Portal Page.Capture.JPG

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: