Security

last person joined: 3 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

apple devices not being cached

Jump to Best Answer
  • 1.  apple devices not being cached

    Posted Jul 15, 2014 04:42 PM

    We have a guest WLAN that is using captive portal to authenticate guest users via a Clear Pass server. The captive portal lives on the controller but the guest accounts are created and maintained on the CP server. Authentication seems to be working properly, but Apple devices are having to reauthenticate every 30 minutes. So far it is only Apple deivces that have this issue. Windows and Android work fine.

     

    I am not sure if there are any special settings for Apple devices or not with this scenario. The Clear Pass is on  the latest 6.2.6.x release.



  • 2.  RE: apple devices not being cached

    Posted Jul 15, 2014 04:44 PM
    Are the requests from those devices hitting your MAC cache service?


  • 3.  RE: apple devices not being cached

    Posted Jul 15, 2014 04:46 PM

    Yes, they are hitting the service.



  • 4.  RE: apple devices not being cached

    Posted Jul 15, 2014 04:47 PM
    What is the role thats being returned? Do you have the insight repository and endpoint database as authorization sources?


  • 5.  RE: apple devices not being cached

    Posted Jul 15, 2014 04:58 PM

    It's returning the guest role. I don't have Insight enabled as an auth source, just endpoints and timesource. We are using date stamps in the rules so the MAC will be cached until the next day. Their requirement was for the MAC's to be cahced until midnight then cleared out and forced to re-authenticate. Using date stamps was the only way we could figure out how to do this.



  • 6.  RE: apple devices not being cached
    Best Answer

    Posted Jul 18, 2014 10:20 PM

    Just wanted to give an update. We are narrowing down the symptoms. It appears that when the Apple devices such as iPads and iPhones go into power save and disable their radios the controller is aging them out of the user table which I am pretty sure is what is causing them to have to reauthenticate. They are still a known endpoint in ClearPass though and I verified that they are hitting the MAC caching service.

     

    Technically, I guess the controller is behaving normally in a sense. One idea is to extend the global user idle timeout or set an idle timeout on the captive portal profile. An argument has been made that if they are idle that long then do they really need to be connected? As you can guess the political side of that one is thin ice....



  • 7.  RE: apple devices not being cached

    Posted Aug 13, 2014 09:25 AM

    The solution to this was enabling the Insight functionality in Clear Pass which is slightly infuriating since Aruba TAC originally told me to disable that.... It was causing the MAC caching to fail. I thought Insight was just for reporting and stats????