Security

last person joined: 7 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Calculate radius session timeout based on MAC-Auth Expiry

Jump to Best Answer
This thread has been viewed 27 times
  • 1.  Calculate radius session timeout based on MAC-Auth Expiry

    Posted 28 days ago
    My customer has shared devices and they want to track users connecting to these devices.  Devices are tablets and they want users to authenticate by Captive Portal against AD and re-authenticate every 2 hours. I was able to create required filter in [Time Source] and users get  MAC-Auth Expiry  set correctly, but I am not able to set session timeout to match the same time. I want users to be disconnected at MAC-Auth Expiry time and authenticate by captive portal again.

    is there a way to set radius Session-Timeout to be (MAC-Auth Expiry - Current Time) in seconds?

    ------------------------------
    Ahmad Enaya
    ------------------------------


  • 2.  RE: Calculate radius session timeout based on MAC-Auth Expiry
    Best Answer

    Posted 28 days ago
    Create a new filter in Endpoint Repository using the below query:

    select (extract(epoch from(to_timestamp(attributes->>'MAC-Auth Expiry','YYYY-MM-DD HH24:MI:SS'))) - extract(epoch from(now())))::int as Remaining from tips_endpoints where mac_address ='%{Connection:Client-Mac-Address-NoDelim}';



    Then create an enforcement profile for session timeout


    Enable authorization under the service and add Endpoint Repository

    And map to the Service which will return the timeout in seconds



    ------------------------------
    SANDEEP YADAV
    Global Escalation Center, ACCP
    ------------------------------



  • 3.  RE: Calculate radius session timeout based on MAC-Auth Expiry

    Posted 22 days ago
    Amazing! This worked. Thank you Sandeep

    ------------------------------
    Ahmad Enaya
    ------------------------------