Trick to get MAC Caching working on Cisco WLC 7.6 with ClearPass


While implementing ClearPass guest with a Cisco WLC on 7.6 we encountered a problem. Basically it didn't work :)


The solution worked fine without MAC-caching, but for guests having to re-login all the time it's not ideal so thats why we wanted MAC-caching. So we implemented the more or less your MAC-filtering with captive portal fallback.


When connecting any unknown client we just got "Could not connect to the network", and saw this in Access Tracker:



2 seconds between re-tries, and for some reason the WLC ignores the captive portal fallback and just drops the client instead of redirecting. 


I doubt that it's expected behaviour from the WLC, but still had to try to find a way around it.


Alot of googling and testing later gave cause to adjust the Radius Reject delay

==> Administration » Server Manager » Server Configuration || Radius Server || Reject Packet Delay = 1


Changed this value to 0 and it started working instantly. We changed it back and forth between 0 and 1 while changing some timing values on the WLC etc, but ended up just leaving it at 0.


If setting this to 0 has any other nasty consequences is yet to be seen, but if any of you guys have any experience with this and have a better solution then please let me know.



John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Aruba Employee

Re: Trick to get MAC Caching working on Cisco WLC 7.6 with ClearPass

A quick google search will show that others have had this same problem with Cisco in the past.  Even in an all-Cisco environment (including ISE) there were problems with MAC On-Failure processing.  I don't know if they came to the conclusion about the Reject Delay setting, but it works with Aruba ClearPass.


Thanks John for the post.



Re: Trick to get MAC Caching working on Cisco WLC 7.6 with ClearPass

Further to this and for my own benefit when I revisit much later, I had to do the following.


MAC Filtering --> Radius Compatibility = Cisco ACS



Radius Authentication Servers --> Call Station ID Type = System MAC Address


If my post is helpful please give kudos, or mark as solved if it answers your post.

Search Airheads
Showing results for 
Search instead for 
Did you mean: