Security

Reply
Contributor I
Posts: 50
Registered: ‎05-15-2012

Terminating the session with ClearPass Hotspot

Hi Airheads,

 

I'm creating a Hotspot page with the self register service in ClearPass 6.3. I added the login page to the Captive portal profile in the controller. The redirecting process works fine and the login page appears when i associate with the Open SSID. I select to create a new account user, then i select the Hotspot plan, then i register in the form and finally it shows the user receipt. When i click the "start browsing button" i'm redirected to the login page instead gain access to the network. I can use the credentials generated by the hotspot to gain access but it don't lost the access (terminating the session) when the access time comes to end.

 

Thanks in advance.

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Terminating the session with ClearPass Hotspot

Alberto,

 

Did you look at my reply to your other post?

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Problems-with-ClearPass-Hotspot/td-p/166738

 

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I
Posts: 50
Registered: ‎05-15-2012

Re: Terminating the session with ClearPass Hotspot

Thanks but it is another issue. I try to terminate session when i access the network with the credentials generated with the Hotspot and it works but does not disconnect me after the purchased access time. 

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Terminating the session with ClearPass Hotspot

Couple of things

 

1. Make sure COA is working correctly. This is usually the issue.....

(A quick way to test is to open a device in access tracker and click Change Status)

 

Screen Shot 2014-06-02 at 11.28.14 PM.png

 

2. Are there anything showing in the event viewer in either CPPM or CPGuest?

 

3. Make sure insight is enabled.

 

4. What does your services look like?

 

4. 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I
Posts: 50
Registered: ‎05-15-2012

Re: Terminating the session with ClearPass Hotspot

Hi Troy,

 

I check every bullet that you comment me:

 

1. I understand that my CoA doesn't work correctly because shows an alert when i try to change the status in the Access Tracker: "Administratively-Prohibited", and in the active sessions it shows an alert similar "Error disconnecting session for user".

 

 CPPM.jpg

 

Error ClearPass.jpg

 

2.  In event viewer i can see only updates:

 

Event.jpg

 

3. Yes, Insight is enabled.

 

4. This is the services that i'm testing:

 

Services.jpg

 

The 4th service is for the Hotspot self register captive portal and this is the summary:

 

Service.jpg

 

I need to configure something aditional to solve the CoA issues? or how can i configure de CoA correctly? 

 

Thanks in advance.

 

MVP
Posts: 1,406
Registered: ‎11-30-2011

Re: Terminating the session with ClearPass Hotspot

is CoA configured / allowed on the device where you try to stop the session? it has to be configured on both sides.

Contributor I
Posts: 50
Registered: ‎05-15-2012

Re: Terminating the session with ClearPass Hotspot

I'm using an Aruba controller with 6.3.1.7 AOS but i don't know how to configurate the CoA for the RADIUS. Can you explain me how can i do it please?

MVP
Posts: 1,406
Registered: ‎11-30-2011

Re: Terminating the session with ClearPass Hotspot

a little google goes a long way :)

 

you configure CoA on the controller side via: security > authentication > servers > RFC 3576, add the IP of clearpass and the shared secret you also configured for radius.

Contributor I
Posts: 50
Registered: ‎05-15-2012

Re: Terminating the session with ClearPass Hotspot

Thanks, but i've already added the ClearPass here and does not work the CoA generated in ClearPass:

 

RFC.jpg

MVP
Posts: 1,406
Registered: ‎11-30-2011

Re: Terminating the session with ClearPass Hotspot

[ Edited ]

are you sure the shared secrets match?

 

is communication between clearpass and controller fully allowed? no firewall possibly blocking CoA traffic?

 

under devices in clearpass, for your controller did you enable CoA?

Search Airheads
Showing results for 
Search instead for 
Did you mean: