I am using Clearpass 6.2 and Aruba Instant for captive portal wirless guest authentication.
The MAC caching feature of Clearpass Authentication works fantasitcally, and ensures our guests enjoy uninterrupted wireless access from any other sites, until their clearpass guest login expires. If anyone is using Clearpass without the MAC caching feature and experiencing problems with sessions timing out, or guests users being troubled by excess captive portal reautnetication, I would strongly recommend trying it.
One niggle we have with MAC caching is that authenticated users soon appear in the Instant virtual controller as MAC addresses, rather than their original Clearpass guest user name (e-mail address) - because after the intial captive portal login, subsequent RADIUS authentications are just by MAC address.
as you can see in the bottom 3 users.
The same is true in Clearpass Insight. Bandwidth usage is logged against these mac addresses, not their username.
Now, of course, Clearpass Policy Manager is clever enough to match these cached mac addresses to the original username and assign attributes such as username, sponsor, role, etc. And if I look up a MAC address in CPM access tracker, or the endpoint list, I can quickly see the user's e-mail address and other mapped attributes from CP Guest.
I'm not an expert with RADIUS, but I'm aware some of these details can be passed back to the controller as part of the RADIUS output. I'm wondering whether it is possible to return the e-mail address username and have Instant, and CP Insight show this instead of the MAC address.
I've had a go at making an enforcement policy to return the username to a varierty of RADIUS attributes.
and in access tracker this appears to be returning values correctly. However, it is having no effect in CP Insight or on the Aruba Instant controller.
Does anyone know if this is possible?