Security

Reply
Contributor II
Posts: 50
Registered: ‎04-13-2009

apple devices not being cached

We have a guest WLAN that is using captive portal to authenticate guest users via a Clear Pass server. The captive portal lives on the controller but the guest accounts are created and maintained on the CP server. Authentication seems to be working properly, but Apple devices are having to reauthenticate every 30 minutes. So far it is only Apple deivces that have this issue. Windows and Android work fine.

 

I am not sure if there are any special settings for Apple devices or not with this scenario. The Clear Pass is on  the latest 6.2.6.x release.

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: apple devices not being cached

Are the requests from those devices hitting your MAC cache service?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 50
Registered: ‎04-13-2009

Re: apple devices not being cached

Yes, they are hitting the service.

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: apple devices not being cached

What is the role thats being returned? Do you have the insight repository and endpoint database as authorization sources?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 50
Registered: ‎04-13-2009

Re: apple devices not being cached

It's returning the guest role. I don't have Insight enabled as an auth source, just endpoints and timesource. We are using date stamps in the rules so the MAC will be cached until the next day. Their requirement was for the MAC's to be cahced until midnight then cleared out and forced to re-authenticate. Using date stamps was the only way we could figure out how to do this.

Contributor II
Posts: 50
Registered: ‎04-13-2009

Re: apple devices not being cached

Just wanted to give an update. We are narrowing down the symptoms. It appears that when the Apple devices such as iPads and iPhones go into power save and disable their radios the controller is aging them out of the user table which I am pretty sure is what is causing them to have to reauthenticate. They are still a known endpoint in ClearPass though and I verified that they are hitting the MAC caching service.

 

Technically, I guess the controller is behaving normally in a sense. One idea is to extend the global user idle timeout or set an idle timeout on the captive portal profile. An argument has been made that if they are idle that long then do they really need to be connected? As you can guess the political side of that one is thin ice....

Contributor II
Posts: 50
Registered: ‎04-13-2009

Re: apple devices not being cached

The solution to this was enabling the Insight functionality in Clear Pass which is slightly infuriating since Aruba TAC originally told me to disable that.... It was causing the MAC caching to fail. I thought Insight was just for reporting and stats????

Search Airheads
Showing results for 
Search instead for 
Did you mean: