Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

MAC caching sanity check

This thread has been viewed 1 times

  • 1.  MAC caching sanity check

    Posted Feb 04, 2014 05:27 PM

    Gents,

     

    I have set up mac caching.

     

    When I do a web auth, cppm sends a coa disconnect, then I switch to mac auth.

     

    In clearpass guest under active sessions I only see the mac for the username - is this normal?

     

    thanks.:smileywink:



  • 2.  RE: MAC caching sanity check
    Best Answer

    EMPLOYEE
    Posted Feb 04, 2014 05:31 PM

    You should add an an enforcement profile to your MAC cache policy that sends back the username defined to the controller.

     

     

    MACAUTH uses the mac address as the username and password; this will send back the users registered username in the RADIUS response. You should then see them in the session list.

     

    guest-username-controller.PNG



  • 3.  RE: MAC caching sanity check

    Posted Feb 04, 2014 05:33 PM

    can you give an example?



  • 4.  RE: MAC caching sanity check

    Posted Feb 04, 2014 05:33 PM

    sorry - image just downloaded!



  • 5.  RE: MAC caching sanity check

    Posted Feb 04, 2014 05:39 PM

    bang on Cappalli - absolutely nailed it thanks



  • 6.  RE: MAC caching sanity check

    Posted Mar 28, 2014 04:50 PM

     

    Tim,

     

    using this is great along with Aruba WLC, but I'm unable to get it to work with Cisco WLC. Using this trick I end up with username = unknown in the Cisco WLC, and Active Sessions is still mac-address..

     

    Any tips to what Cisco button I have to push to get this working?