Security

Reply
Regular Contributor II
Posts: 242
Registered: ‎09-11-2013

Guest MAC Caching value change

[ Edited ]

Hi Forum,

 

I'm trying to see if I can change that clearpass guest MAC caching to something less that 24 hours. I'm looking for 4 hours time period for MAC caching after guest account is created and then to not allow access after the 4 hours or redirect back to the captive portal. My guest account are only valid for 4 hours but MAC caching still works for 24 hours.

 

thanks,

Guru Elite
Posts: 8,638
Registered: ‎09-08-2010

Re: Guest MAC Caching value change

Is your MAC-caching set up to use the value from the guest account or a
custom time source value?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor II
Posts: 242
Registered: ‎09-11-2013

Re: Guest MAC Caching value change

Tim, this is what I have in the role mapping for mac caching:

 

Screen Shot 2016-04-08 at 3.36.10 PM.png

Guru Elite
Posts: 8,638
Registered: ‎09-08-2010

Re: Guest MAC Caching value change

Please post the enforcement policy from your web auth service and the
contents of the enforcement profile that is setting the MAC-auth expiry.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor II
Posts: 242
Registered: ‎09-11-2013

Re: Guest MAC Caching value change

below:

 

Screen Shot 2016-04-08 at 3.41.51 PM.png

 

 

Screen Shot 2016-04-08 at 3.44.51 PM.png

I see it say one day DT but ot sure how to set it up to less.

Guru Elite
Posts: 8,638
Registered: ‎09-08-2010

Re: Guest MAC Caching value change

You're manually setting a time for the expiration. If you want it to match what is set on the guest account, change that value to:     %{Authorization:[Guest User Repository]:ExpireTime}


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor II
Posts: 242
Registered: ‎09-11-2013

Re: Guest MAC Caching value change

I will change and test. honestly I'm not "manually" setting anything. I just used the template and that was created.

Guru Elite
Posts: 8,638
Registered: ‎09-08-2010

Re: Guest MAC Caching value change

You may have selected "One Day" during the wizard instead of "Account Expiry
Time".

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor II
Posts: 242
Registered: ‎09-11-2013

Re: Guest MAC Caching value change

Correct. I did that.

 

Thanks for the help.

Search Airheads
Showing results for 
Search instead for 
Did you mean: