I have be testing our ClearPass guest self-registration implementation and have found that Android clients disconnect as expected when guest account expires. However, windows 10 client remains connected and working indefinitely. From the windows 10 client I can disconnect and reconnect, even though the guest account is disabled. However, once I disconnect, connect to another wireless network, then try to reconnect to the CP guest network the client, finally, cannot connect again. Has anyone else experienced this issue. If so, what was your resolution. BTW, I have yet to test other client types, i.e. Mac OS so I don't know this to be an issue there.
What does access tracker show?
Now I getting different behavior. The windows device doesn't disconnect from wireless but does lose the ability to access the internet. I see mac auth failures on the windows device. The android device did not disconnect and was still able to access the internet. I manually disconnected from the CP guest SSID and successfully reconnected, although the guest user is expired. Nothing in access tracker on this reconnection. I had to go to the Cisco WLC and disconnect the android device. Then it could no longer reconnect. Sorry if this is getting convoluted.
Because you don't see anything in the access tracker, it looks like the session is cached on the cisco wlc, just disconnecting the client will not remove the session. Therefore the cisco wlc doesn't send a new request to clearpass when the client re-connects again, but allows the client direct on to the network, without checking clearpass.
Try to remove the session on the wlc, to force a check against to clearpass. In the wlc gui there is an option to remove the client's session (i think it is under monitoring, not quit sure)
Could it be that the client's connection is cached on the wireless network? try to mannulay disconnect that client, on the aruba controller you can do it with the command: aaa user delete <all or mac of client>
That way you will force it to reauthenticate or hit the mac caching rule
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.