Security

Reply
Regular Contributor I
Posts: 170
Registered: ‎03-18-2013

MAC caching sanity check

Gents,

 

I have set up mac caching.

 

When I do a web auth, cppm sends a coa disconnect, then I switch to mac auth.

 

In clearpass guest under active sessions I only see the mac for the username - is this normal?

 

thanks.:smileywink:

Guru Elite
Posts: 8,794
Registered: ‎09-08-2010

Re: MAC caching sanity check

[ Edited ]

You should add an an enforcement profile to your MAC cache policy that sends back the username defined to the controller.

 

 

MACAUTH uses the mac address as the username and password; this will send back the users registered username in the RADIUS response. You should then see them in the session list.

 

guest-username-controller.PNG


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I
Posts: 170
Registered: ‎03-18-2013

Re: MAC caching sanity check

can you give an example?

Regular Contributor I
Posts: 170
Registered: ‎03-18-2013

Re: MAC caching sanity check

sorry - image just downloaded!

Regular Contributor I
Posts: 170
Registered: ‎03-18-2013

Re: MAC caching sanity check

bang on Cappalli - absolutely nailed it thanks

MVP
Posts: 520
Registered: ‎05-11-2011

Re: MAC caching sanity check

 

Tim,

 

using this is great along with Aruba WLC, but I'm unable to get it to work with Cisco WLC. Using this trick I end up with username = unknown in the Cisco WLC, and Active Sessions is still mac-address..

 

Any tips to what Cisco button I have to push to get this working?


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: