- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Clearpass - Self registration and mac caching
Clearpass - Self registration and mac caching
04-16-2014 02:31 AM
Hi everybody!
A customer asked me to set-up a self-reg portal in order to make his guests to self provision theirselves, and wait for his confirmation.
No problem...DONE! :smileyhappy:
My customer also asked me to limit the maximum number of devices that a single user can use simultaneously.
...ok, I'll set-up a policy with mac-caching enabled and set the limit to 1 for example.
I thought that'it, but I noticed that mac-caching seems to never forget the guest registered mac-address, and also waiting over 24 hours before trying to login again, my CPPM rejects the authentication saying that the registered devices number is over the maximum configured (1 in my case).
I need to make a guest to disconnect a device (ex his smartphone) from the network and connect with another device.
So, my question is: how can I set-up a timeout to flush the guest cached mac addresses in order to make a guest to change his device within a specified time window?
Sorry for bad English.... :smileytongue:
Thanx a lot in advance to everybody!
Bye!
---
Metalgalle
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Clearpass - Self registration and mac caching
Re: Clearpass - Self registration and mac caching
04-16-2014 04:30 AM
What's the amount of time you have setup for your device to have a valid session without having to re-register ?
Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Clearpass - Self registration and mac caching
Re: Clearpass - Self registration and mac caching
04-16-2014 04:40 AM
I don't actively set-up this parameter, I used the "Guest MAC authentication" service template, and accepted default parameters except for the maximum number of devices...
---
Metalgalle
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Clearpass - Self registration and mac caching
Re: Clearpass - Self registration and mac caching
04-16-2014 04:44 AM
So, in case this is the problem, can I set an amount of time of less then 1 day?
For example, 12 hours?
---
Metalgalle
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Clearpass - Self registration and mac caching
Re: Clearpass - Self registration and mac caching
04-16-2014 04:58 AM
Using the same template there should be an option to add the amount of time as well.
Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Clearpass - Self registration and mac caching
Re: Clearpass - Self registration and mac caching
04-16-2014 05:02 AM
Ok, Thanx a lot!
I'll try ASAP! :-)
---
Metalgalle
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Clearpass - Self registration and mac caching
Re: Clearpass - Self registration and mac caching
04-16-2014 05:12 AM
I tried to create a new service starting with "Guest MAC authentication".
Here' s the role policy:
Here's the Enforcement policy:
How can I obtain what you suggested?
---
Metalgalle
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Clearpass - Self registration and mac caching
Re: Clearpass - Self registration and mac caching
04-16-2014 05:19 AM
Maybe I found what you mean:
Do you think that if I change this setting I can accomplish to the task?
---
Metalgalle
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Clearpass - Self registration and mac caching
Re: Clearpass - Self registration and mac caching
04-16-2014 05:45 AM - edited 04-16-2014 05:51 AM
I tried to set the time parameter to 60 seconds (for testing purposes), but also if I let pass the expiry timeout, this is the response of CPPM:
And it is the same situation that I described above...it seems that CPPM does not care to the expiry timeout of the mac cache....:smileyfrustrated:
---
Metalgalle
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Clearpass - Self registration and mac caching
Re: Clearpass - Self registration and mac caching
04-16-2014 05:53 AM
Endpoints are aged out of the database after a minimum 24 hours.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator