Security

Reply
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

WLC and Clearpass MAC authentication

Hello,

my goal is that if an account is valid for 3 days, the guest have to authenticate with username and password only the first time, for the others authentication the Clearpass should verify only the MAC that has saved the first time and after 3 days clears this MAC entry so the guest have to renew his account.

i have configured the Guest access with mach caching, but seems that is not works.

 

When the client try to connect for the first time, he is redirected to Captive Portal and the account is created.
But when try to disconnect and reconnect the captive portal is shown again.

 

In the Tab monitoring of ClearPass I can not see any attempt of MAC Authentication... seems that the request doesn't match the service rule

 

Rule:
Connection client MAC address equals "%{Radius:IETF:User-Name}"

can you help me?

 

thanks in advance

Best regards

Andrea
Andrea
MVP
Posts: 4,180
Registered: ‎07-20-2011

Re: WLC and Clearpass MAC authentication

Are you using an Aruba controller ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Re: WLC and Clearpass MAC authentication

Hello,

no, i'm using a CISCO WLC.

 

regards

Andrea

Andrea
MVP
Posts: 4,180
Registered: ‎07-20-2011

Re: WLC and Clearpass MAC authentication

Do you have Mac filtering enabled under your Layer 2 tab and then enable On MAC filter failure under the layer 3 tab ?

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Re: WLC and Clearpass MAC authentication

Hello,

yes i have done this configuration.

 

Andrea.

Andrea
Guru Elite
Posts: 8,197
Registered: ‎09-08-2010

Re: WLC and Clearpass MAC authentication

What format is your controller sending the MAC address for the username?


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Re: WLC and Clearpass MAC authentication

i can choose it...

what is the correct format?

 

 

Andrea
MVP
Posts: 4,180
Registered: ‎07-20-2011

Re: WLC and Clearpass MAC authentication

As cappalli suggested you can take a look at the format is sending the mac address in the request under Security > Mac filtering

 

2014-09-11 11_52_45-P3-DC-WLC.png

 

Another thing you should consider doing is setting the reject delay to 0 , i noticed some issues if this wasn't use this value:

2014-09-23 10_14_27-ClearPass Policy Manager - Aruba Networks.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Re: WLC and Clearpass MAC authentication

Thanks,

i'll check this and update you.

Andrea
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Re: WLC and Clearpass MAC authentication

Hello,

i'm tried to modify the value.. but have the same issue...

 

some idea?

 

thanks in advance

Best regards

Andrea

Andrea
Search Airheads
Showing results for 
Search instead for 
Did you mean: