Security

last person joined: 14 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

How to disconnect Users at a specified time?

Jump to Best Answer
This thread has been viewed 6 times
  • 1.  How to disconnect Users at a specified time?

    Posted Oct 31, 2014 10:12 AM

    Hey everybody,

     

    we are using CPPM 6.4 with the Guest module.

     

    I want to disconnect guest users at a specified time using CoA or Radius Session-Timeout.

     

    One customer wants to have specified time ranges for their guest users.

    I already updated the service so they can only login in the specified time, but of course don't get disconnected when the end time is reached.

     

    The biggest problem is that we have different guest roles with different time ranges.

    Would it be possible to disconnect a users with a specific user role at 10pm for example?

     

    The users shall not expire! They will be able to reconnect again at the next day in the specified time range.

     

    The authentication is using captive portal.

    The NAS device is a IAP.

     

     

    Regards,



  • 2.  RE: How to disconnect Users at a specified time?
    Best Answer

    Posted Oct 31, 2014 10:14 AM

    You would need to use the time source as an authorization source and calculate the difference between the authentication time and 10 PM and then return that amount of time as a session timeout.



  • 3.  RE: How to disconnect Users at a specified time?
    Best Answer

    Posted Oct 31, 2014 11:38 AM

     

    This required some PostgreSQL knowledge but I have a running solution now :)

     

    Step 1: Add TimeSource as Authorization Source

     

    Step 2: Add Filter to TimeSource 

    select (extract(epoch from date(CURRENT_DATE) + time '22:30' - now()))::int as Until2300;

     

    Step 3: Enforcement Profile with Session-Timeout

    Radius:IETFSession-Timeout=%{Authorization:[Time Source]:Until2300}

     

     

    Thanks



  • 4.  RE: How to disconnect Users at a specified time?

    Posted Sep 26, 2017 04:40 PM

    hello guy


     

     

    I need deploy the solution mencionated, 

    I follow: 

    Step 1: Add TimeSource as Authorization Source

     

    Step 2: Add Filter to TimeSource 

    select (extract(epoch from date(CURRENT_DATE) + time '22:30' - now()))::int as Until2300;

     

    Step 3: Enforcement Profile with Session-Timeout

    Radius:IETFSession-Timeout=%{Authorization:[Time Source]:Until2300}

     Step 4: Apply to a enforcement.

     

    conection its working but the desconection at 1700 doesnt happen, maybe Im missing some steps. attach you can find some screenshoots of my configs.

     

    Many Thanks





  • 5.  RE: How to disconnect Users at a specified time?

    Posted Sep 26, 2017 04:53 PM
    Do you have accounting enabled ? In ClearPass and the NAD


  • 6.  RE: How to disconnect Users at a specified time?

    Posted Sep 27, 2017 11:45 AM
      |   view attached

    hello,

    Thanks for you quick reply

    I had configured on controller:
    - RFC 3576 Server (ip of my CPPM).
    - RADIUS accounting server on AAA profile of captive portal (ip of my CPPM).
    - RADIUS intering accounting on AAA profile.

     

    over CPPM :
    - I think the accounting its enable because I can see the active sessions and can see "online" status form a sigle user in access tracker, but its not possible terminate the session--- image attached.

    v