09-22-2015 09:59 AM
Our guest network is currently configured as an open SSID with a captive portal. If a user is within range, they device tries to connect to the SSID. So in Clearpass Access Tracker, it shows several guest devices showing repeat rejections every few seconds and they continue until they open the captive portal and authenticate. The reason this setup was created initially was for ease of management. We have two different guest SSIDs hitting a single service in Clearpass. If you're an employee, you can login with your AD creds. If you're a guest, we have a temp guest login that expires after 24 hours and we change the password for monthly within Clearpass.
I am wondering if there's a better way to lock down the guest account to keep the several transactions from generating within Access Tracker and creating an unneccessary load on the server without adding the extra management.
09-22-2015 10:03 AM
09-22-2015 10:22 AM
As soon as they manually open a browser. Some users don't actually connect to the SSID, they just have their devices within the range such as their smartphone or tablet. They may not be using it, but it's still trying to authenticate to the open SSID.