Security

Hi everybody!

A customer asked me to set-up a self-reg portal in order to make his guests to self provision theirselves, and wait for his confirmation.

No problem...DONE! :smileyhappy:

My customer also asked me to limit the maximum number of devices that a single user can use simultaneously.

...ok, I'll set-up a policy with mac-caching enabled and set the limit to 1 for example.

I thought that'it, but I noticed that mac-caching seems to never forget the guest registered mac-address, and also waiting over 24 hours before trying to login again, my CPPM rejects the authentication saying that the registered devices number is over the maximum configured (1 in my case).

I need to make a guest to disconnect a device (ex his smartphone) from the network and connect with another device.

So, my question is: how can I set-up a timeout to flush the guest cached mac addresses in order to make a guest to change his device within a specified time window?

Sorry for bad English.... :smileytongue:

Thanx a lot in advance to everybody!

Bye!

What's the amount of time you have setup for your device to have a valid session without having to re-register ?

I don't actively set-up this parameter, I used the "Guest MAC authentication" service template, and accepted default parameters except for the maximum number of devices...

So, in case this is the problem, can I set an amount of time of less then 1 day?

For example, 12 hours?

Using the same template there should be an option to add the amount of time as well.

Ok, Thanx a lot!

I'll try ASAP! :-)

I tried to create a new service starting with "Guest MAC authentication".

Here' s the role policy:

Here's the Enforcement policy:

How can I obtain what you suggested?

Maybe I found what you mean:

Do you think that if I change this setting I can accomplish to the task?

I tried to set the time parameter to 60 seconds (for testing purposes), but also if I let pass the expiry timeout, this is the response of CPPM:

And it is the same situation that I described above...it seems that CPPM does not care to the expiry timeout of the mac cache....:smileyfrustrated:

Endpoints are aged out of the database after a minimum 24 hours.

Ok, and I think there's no way to change it...right?

I don't believe there is a way to change it. It's a system-level scheduled process.

Ok, no problem!

So, I need to know if there is a workaround, is there a way to allow a self-provisioned user to manually logout from the system?