Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Cisco WCS eating up ClearPass sessions

This thread has been viewed 0 times

  • 1.  Cisco WCS eating up ClearPass sessions

    Posted Sep 04, 2012 04:16 PM

    Just wondering if there is an easy solution to this.  We have ClearPass configured with our Aruba controller and our legacy Cisco WCS controllers to feed guest/byod captive web portals, and since connecting the WCS controllers as Radius clients, every connection made to the captive portal WLANs, regardless of captive portal authentication state, is showing up as an active session in ClearPass and flooding it out until it won't hand out legitimate connections anymore.  They show up with the mac address, no session time, and zero data.  The Aruba controller is performing normally in this regard, so I feel I can probably eliminate ClearPass as the issue.

     

    I've tried turning down the session timeout on the Cisco WLANs and that's worked, somewhat.  However a lot of devices will just re-scan and jump right back on.

     

    Has anyone seen this type of problem before and knows what magic combination of buttons will make the Cisco controllers cooperate with ClearPass?



  • 2.  RE: Cisco WCS eating up ClearPass sessions

    Posted Sep 04, 2012 08:17 PM

    I think this is very software version specific on the Cisco WLC's. We have seen issues at customer sites where RADIUS accounting traffic is received for SSID not configured to integrate with ClearPass Guest. It is assumed to be a bug in their RADIUS client implementation and the workaround was to configure different accounting servers for the other SSID's in question to ensure the traffic is not sent to ClearPass Guest. This address is some customer environments was just a loopback or non existent host address.



  • 3.  RE: Cisco WCS eating up ClearPass sessions

    Posted Sep 05, 2012 10:30 AM

    Okay, that's what it seems like was occuring.  Looking further into it and comparing what I'm seeing to what's showing up in Airwave makes it look like it's dumping accounting data for the entire system into ClearPass.  I'm also going to upgrade my Cisco infrastructure from v6.x to v7.x, which is supposedly also beneficial in this regard from what I've read.  That and setting up a different accounting server on my other SSIDs will hopefully solve it.  Thanks for your help.



  • 4.  RE: Cisco WCS eating up ClearPass sessions

    Posted Jun 11, 2013 11:43 PM
    Regarding clearpass guest licence...

    When is a license counted. We have an external user database that we will use to authenticate users in a captive portal. We will also allow users to self-register and login?

    Do you use a license for each captive portal authentication? Or just when someone authenticates using the internal guest database?

    Thanks