While implementing ClearPass guest with a Cisco WLC on 7.6 we encountered a problem. Basically it didn't work :)
The solution worked fine without MAC-caching, but for guests having to re-login all the time it's not ideal so thats why we wanted MAC-caching. So we implemented the more or less your MAC-filtering with captive portal fallback.
When connecting any unknown client we just got "Could not connect to the network", and saw this in Access Tracker:
2 seconds between re-tries, and for some reason the WLC ignores the captive portal fallback and just drops the client instead of redirecting.
I doubt that it's expected behaviour from the WLC, but still had to try to find a way around it.
Alot of googling and testing later gave cause to adjust the Radius Reject delay
==> Administration » Server Manager » Server Configuration || Radius Server || Reject Packet Delay = 1
Changed this value to 0 and it started working instantly. We changed it back and forth between 0 and 1 while changing some timing values on the WLC etc, but ended up just leaving it at 0.
If setting this to 0 has any other nasty consequences is yet to be seen, but if any of you guys have any experience with this and have a better solution then please let me know.
A quick google search will show that others have had this same problem with Cisco in the past. Even in an all-Cisco environment (including ISE) there were problems with MAC On-Failure processing. I don't know if they came to the conclusion about the Reject Delay setting, but it works with Aruba ClearPass.
Thanks John for the post.
Further to this and for my own benefit when I revisit much later, I had to do the following.
MAC Filtering --> Radius Compatibility = Cisco ACS
Radius Authentication Servers --> Call Station ID Type = System MAC Address
Can you explain why you would choose colon over hyphen for delimeter?
Clearpass doesn't care if it's Hyphen og Colon (unless you specificy this in your policy), but just use the same on both settings.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.