Wireless Access

Reply
Frequent Contributor I
Posts: 64
Registered: ‎07-16-2014

Clearpass RAP offboarding re-authentication interval?

I've found a few very good tutorials on setting up offloading the RAP whitelist to Clearpass for onboarding new RAPs, but one thing that's not clear to me is if that's a one-shot, first time deal, or are the RAPs reauthenticated periodically?  Basically, I'm looking to start deploying some RAPs to end users in the nearish future, and have an eye on what the offboarding process will look like.  If I could can an entry in Clearpass and have it also get deauthenticated from the controllers, that would be a big win.  (Bonus points if I could associate an AD account with each RAP, and have it's whitelist entry withdrawn when the AD account gets terminated!)

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Clearpass RAP offboarding re-authentication interval?

The RAP is authenticated when it attempts to connect to the controller. It
would only reauthenticate if it rebooted and reconnected.



All APs operate the same way. Campus APs are validated against the internal
whitelist when they first connect.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Clearpass RAP offboarding re-authentication interval?

The RAP is authenticated when it attempts to connect to the controller. It
would only reauthenticate if it rebooted and reconnected.



All APs operate the same way. Campus APs are validated against the internal
whitelist when they first connect.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 64
Registered: ‎07-16-2014

Re: Clearpass RAP offboarding re-authentication interval?

OK, so that just means that we'd need to include disabling any issued RAPs as part of our manual offboarding process.  Not as ideal as just doing Clearpass magic, but good to know nonetheless.

 

thanks!

Search Airheads
Showing results for 
Search instead for 
Did you mean: