Original Message:
Sent: Jan 23, 2024 01:47 AM
From: GorazdKikelj
Subject: Wired Mac Auth Time based in Clearpass Aruba
Hi Manu.
I did not see any Deny Access profile in Your policy. You need to have Deny Access as a Default profile and explicit Allow Access in your allow enforcement line.
Best, Gorazd
------------------------------
Gorazd Kikelj
MVP Expert 2023
Original Message:
Sent: Jan 22, 2024 09:45 PM
From: Jainmanu
Subject: Wired Mac Auth Time based in Clearpass Aruba
please check my attach document
do not know where i am wrong because still the policy is not working.
Original Message:
Sent: Jan 22, 2024 04:52 AM
From: GorazdKikelj
Subject: Wired Mac Auth Time based in Clearpass Aruba
Hi Jain.
Session Timeout will force authentication request in Clearpass and you need to handle it in your service role mapping and enforcement policies to check, if it is Allow or Deny response.
Check Access tracker if you receive session authorization every 100 seconds.
Best, Gorazd
------------------------------
Gorazd Kikelj
MVP Expert 2023
Original Message:
Sent: Jan 22, 2024 04:45 AM
From: Jainmanu
Subject: Wired Mac Auth Time based in Clearpass Aruba
Hello
it is not working.
i created one Enforcement profile and under the profile i have added Radius-IETF - Session - Timeout - 100 Seconds .
but it is not working and user is continue with work.
Original Message:
Sent: Jan 22, 2024 03:17 AM
From: GorazdKikelj
Subject: Wired Mac Auth Time based in Clearpass Aruba
Hi Jainmanu.
You should send IETF Session Timeout in seconds.
You have several options.
Simplest one is to send fixed number of seconds to reauthorize the session and then you can check in Clearpass, if it is expired.
You can calculate how many seconds is to the end of allowed period and send this into IETF: Session Timeout.
Best, Gorazd
------------------------------
Gorazd Kikelj
MVP Expert 2023
Original Message:
Sent: Jan 21, 2024 08:33 PM
From: Jainmanu
Subject: Wired Mac Auth Time based in Clearpass Aruba
any idea what enforcement policy i need to configure ?
Original Message:
Sent: Jan 20, 2024 01:51 AM
From: GorazdKikelj
Subject: Wired Mac Auth Time based in Clearpass Aruba
Hi Jainmanu.
You should send session timeout attribute to set the time when session need to be reauthorized. Then you can check in Clearpass if session can proceed/be reauthorized or need to be terminated.
Best, Gorazd
------------------------------
Gorazd Kikelj
MVP Expert 2023
Original Message:
Sent: Jan 19, 2024 04:13 AM
From: Jainmanu
Subject: Wired Mac Auth Time based in Clearpass Aruba
please find attachment of my enforcement policy but here after ending the time still connection is working , by rights it should be denied automatically correct ?
Original Message:
Sent: Jan 19, 2024 03:48 AM
From: Jainmanu
Subject: Wired Mac Auth Time based in Clearpass Aruba
Hello Team,
now it is working successfully but there is one small issue actually after ending the time the port is not bouncing automatically so user are doing continue working with the cable.
but I want after ending the time it should be denied for them.
not understanding how to achieve this.
Original Message:
Sent: Jan 16, 2024 04:13 AM
From: Jainmanu
Subject: Wired Mac Auth Time based in Clearpass Aruba
Hello Team,
today i have configured some policy and services in aruba clear pass for mac authentication which is Time based but it is not working for me. I am attaching the documents which mentioned all the steps.
could you please help me to fix the issue and complete my setup.
after expiring the time it is still working which is wrong right ?