Security

last person joined: 19 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass just dosent disconnect (Via Aruba COA) + logout + disable guests at the expiry time

This thread has been viewed 5 times

  • 1.  Clearpass just dosent disconnect (Via Aruba COA) + logout + disable guests at the expiry time

    Posted Jul 03, 2013 06:29 AM

    Hi Guys,

    I build a self-reg page for guest be able to open 0.5 hour account each 24 hours.

    radius COA - tested and working great. (tested by manually - doing aruba terminate COA)

     

    please advise - i spent on it almost 5 days in order to understand what i'am missing...the account seems expired but the status stays on the identity>guest user in enabled!!! please HELP.

     

    (even with do_expire 2 or 4) even when configing in the guest manager to delete and logout at specified time...IT"S JUST DOSENT DO THE COA BY ITSELF)

     

    here some examples + screenshots: (Let's take the AC-F7 guest-mac account + E8-92 for example)

    1.PNG

     

    As you can see even due both accounts are expired - u may see the they are still in the Active sssions window:

    2.PNG

     

    (even while testing it - i configure the expiry to 2 minutes...the account seems expired but....)

    3.PNG

    4.PNG

    5.PNG

    6.PNG

    7.PNG

    BOTH ACCOUNTS STILL WORKING...

    IF IM DOING CHANGE STATUS TO DISCONNECT it's working and disconnect the client.

     

    please advise



  • 2.  RE: Clearpass just dosent disconnect (Via Aruba COA) + logout + disable guests at the expiry time

    EMPLOYEE
    Posted Jul 03, 2013 08:19 AM
    One quick note is that the expiration is based off insight snd that can be up to 5 min behind so your test with 2 min may never work


    Thank you,
    Troy


  • 3.  RE: Clearpass just dosent disconnect (Via Aruba COA) + logout + disable guests at the expiry time

    Posted Jul 03, 2013 08:45 AM

    Ok - i will give it a try with 10min :) integer. (Thanks on the tip) :smileywink:

     

    BTW:

    i built a new self-reg page + a new (from zero) guest auth+mac auth from zero - and it seems disconnecting (with COA as needed)  - even after 2 min. But i will keep dig into it - and keep u posted. :smileyhappy:

     

    Thanks again.

     

    Me



  • 4.  RE: Clearpass just dosent disconnect (Via Aruba COA) + logout + disable guests at the expiry time

    Posted Jul 08, 2013 05:22 AM

    Hi Kdisc98 have you solve this issue?

     

    I also experience the same problem. Even the account is already expired or maually  expired the Computer Mac address still able to connect to the network. I also tried to unplug and plug-in the cable of the PC still able to ping the network.

    Is there any Services that I need to Add in in order to disconnect  the expired User MAC address?

     

    Thank you.



  • 5.  RE: Clearpass just dosent disconnect (Via Aruba COA) + logout + disable guests at the expiry time

    Posted Jul 09, 2013 03:50 AM
    • make sure that your RFC3576 working well.
    • be sure to choose the right option in the guest manager.
    • try to update your CPPM / REBUILDING your register form <-sometimes the issue is there