Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Only one authentication until the account expiration

This thread has been viewed 0 times

  • 1.  Only one authentication until the account expiration

    Posted Sep 17, 2014 04:05 AM

    Hello guys,
    is possible to set that for a guest user one authentication is valid for all period of validity of his account?

    my goal is that if an account is valid for 3 days, the guest have to authenticate with username and password only the first time, for the others authentication the Clearpass should verify only the MAC that has saved the first time and after 3 days clears this MAC entry so the guest have to renew his account.

    I suppose that for do this i have to configure something on the controller and not only in clearpass...

    I think that the mechanism can be something like this:

    1) The guest connects to the SSID
    2) CleraPass or the controller verifying if his MAC is in MAC table
    3) If this MAC exist the guest con have access to internet, if not the controller provide the clearpass guest page authentication and save his MAC
    4) Again for other user.

    Thanks in advance for your answers.

    Regards



  • 2.  RE: Only one authentication until the account expiration

    EMPLOYEE
    Posted Sep 17, 2014 04:09 AM
    Yes. That is what guest with Mac caching is designed to do. Use the service template guest with Mac authentication. It will give you the option on how many days you want the account active.


  • 3.  RE: Only one authentication until the account expiration

    EMPLOYEE
    Posted Sep 17, 2014 04:14 AM
    https://ase.arubanetworks.com/solutions/id/3



  • 4.  RE: Only one authentication until the account expiration

    Posted Sep 18, 2014 09:02 AM

    hello ,

    ClearPass thanks I configured as you have suggested.

    Now the first access works fine ..
    But whan I try to disconnect and re - connect to WiFi authenticazion Mac does not work.

    I have to do something on the controller ? ! ?

    Tab monitoring ClearPass I can not see any attempt of MAC Authentication.

    can you help me?

     

    Thanks in advacne

    Best regards

    Andrea



  • 5.  RE: Only one authentication until the account expiration

    Posted Sep 18, 2014 09:13 AM

    hello ,
    I configured the CleraPass as you have suggested.

    Now the first access works fine ..
    But when I try to disconnect and re - connect to WiFi the Mac authenticazion does not work,
    the Clearpass shows to me the Guest-Self-registation-Page again, and asks to reauthenticate.

    I have to do something on the controller ?!?
    I Have a CISCO WLC 5508.

    In the Tab monitoring of ClearPass I can not see any attempt of MAC Authentication... seems that the request doesn't match the service rule

     

    Rule:
    Connection client MAC address equals %{Radius:IETF:User-Name}

    can you help me?



  • 6.  RE: Only one authentication until the account expiration

    Posted Sep 27, 2014 08:56 AM

    if you don't see the MAC request on ClearPass then it probably isn't send.

     

    you have to look at your wireless access device and see if you can configure MAC auth on it.