Security

Reply
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Only one authentication until the account expiration

Hello guys,
is possible to set that for a guest user one authentication is valid for all period of validity of his account?

my goal is that if an account is valid for 3 days, the guest have to authenticate with username and password only the first time, for the others authentication the Clearpass should verify only the MAC that has saved the first time and after 3 days clears this MAC entry so the guest have to renew his account.

I suppose that for do this i have to configure something on the controller and not only in clearpass...

I think that the mechanism can be something like this:

1) The guest connects to the SSID
2) CleraPass or the controller verifying if his MAC is in MAC table
3) If this MAC exist the guest con have access to internet, if not the controller provide the clearpass guest page authentication and save his MAC
4) Again for other user.

Thanks in advance for your answers.

Regards

Andrea
Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Only one authentication until the account expiration

Yes. That is what guest with Mac caching is designed to do. Use the service template guest with Mac authentication. It will give you the option on how many days you want the account active.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Only one authentication until the account expiration

https://ase.arubanetworks.com/solutions/id/3

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Re: Only one authentication until the account expiration

hello ,

ClearPass thanks I configured as you have suggested.

Now the first access works fine ..
But whan I try to disconnect and re - connect to WiFi authenticazion Mac does not work.

I have to do something on the controller ? ! ?

Tab monitoring ClearPass I can not see any attempt of MAC Authentication.

can you help me?

 

Thanks in advacne

Best regards

Andrea

Andrea
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Re: Only one authentication until the account expiration

hello ,
I configured the CleraPass as you have suggested.

Now the first access works fine ..
But when I try to disconnect and re - connect to WiFi the Mac authenticazion does not work,
the Clearpass shows to me the Guest-Self-registation-Page again, and asks to reauthenticate.

I have to do something on the controller ?!?
I Have a CISCO WLC 5508.

In the Tab monitoring of ClearPass I can not see any attempt of MAC Authentication... seems that the request doesn't match the service rule

 

Rule:
Connection client MAC address equals %{Radius:IETF:User-Name}

can you help me?

Andrea
MVP
Posts: 1,407
Registered: ‎11-30-2011

Re: Only one authentication until the account expiration

if you don't see the MAC request on ClearPass then it probably isn't send.

 

you have to look at your wireless access device and see if you can configure MAC auth on it.

Search Airheads
Showing results for 
Search instead for 
Did you mean: