Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest on Windows Client Not Disconnecting, Android Disconnects as Expected

This thread has been viewed 1 times

  • 1.  Guest on Windows Client Not Disconnecting, Android Disconnects as Expected

    Posted Aug 11, 2017 08:53 AM

    I have be testing our ClearPass guest self-registration implementation and have found that Android clients disconnect as expected when guest account expires. However, windows 10 client remains connected and working indefinitely. From the windows 10 client I can disconnect and reconnect, even though the guest account is disabled. However, once I disconnect, connect to another wireless network, then try to reconnect to the CP guest network the client, finally, cannot connect again. Has anyone else experienced this issue. If so, what was your resolution. BTW, I have yet to test other client types, i.e. Mac OS so I don't know this to be an issue there.



  • 2.  RE: Guest on Windows Client Not Disconnecting, Android Disconnects as Expected

    EMPLOYEE
    Posted Aug 11, 2017 09:10 AM

    What does access tracker show?



  • 3.  RE: Guest on Windows Client Not Disconnecting, Android Disconnects as Expected

    Posted Aug 11, 2017 10:16 AM

    Now I getting different behavior. The windows device doesn't disconnect from wireless but does lose the ability to access the internet. I see mac auth failures on the windows device. The android device did not disconnect and was still able to access the internet. I manually disconnected from the CP guest SSID and successfully reconnected, although the guest user is expired. Nothing in access tracker on this reconnection. I had to go to the Cisco WLC and disconnect the android device. Then it could no longer reconnect. Sorry if this is getting convoluted.



  • 4.  RE: Guest on Windows Client Not Disconnecting, Android Disconnects as Expected

    Posted Aug 13, 2017 08:11 AM

    Because you don't see anything in the access tracker, it looks like the session is cached on the cisco wlc, just disconnecting the client will not remove the session. Therefore the cisco wlc doesn't send a new request to clearpass when the client re-connects again, but allows the client direct on to the network, without checking clearpass.

     

    Try to remove the session on the wlc, to force a check against to clearpass. In the wlc gui there is an option to remove the client's session (i think it is under monitoring, not quit sure)

     

     

     

     



  • 5.  RE: Guest on Windows Client Not Disconnecting, Android Disconnects as Expected

    Posted Aug 11, 2017 09:57 AM

    Could it be that the client's connection is cached on the wireless network? try to mannulay disconnect that client, on the aruba controller you can do it with the command: aaa user delete <all or mac of client>

     

    That way you will force it to reauthenticate or hit the mac caching rule