Security

We have a controller in the LAN with a GRE tunnel to a controller in the DMZ with an external captive portal on ClearPass Guest 6.4.2. Testing has been fine, new users create an account and can login and use the guest wirless all day long.

The issue we have encountered is when users returns and logs in again after a day or so, authentication suceeds they can browse the internet for 15-30 odd seconds before they are redirected to log back in to clearpass again. Logging in again 9 times out of 10 they connect for 15-30 seconds before being prompted for authentication again.

We've set the accounts upon creation to never expire.

Any suggestions on how to resolve this?

thanks

The "expire_after" form is not enabled on the guest registration page, if I edit the form the inital value is 0. The "Manage Guest Accounts" confirms all accounts have "No Expiry". Any other suggestions?

thanks

I've checked the access tracker and can see that session was terminated - Post-Auth-Check:Action "Disconnect and Block Access". I'm just wondering if one of the Enforcement Profiles is doing this? I created the service from a template which created a number of EP's. I've checked each EP and cannot seem to find anything obvious to cause this issue. Any pointers?

I misread your issue "We've set the accounts upon creation to never expire."

A couple of things you can check :

- Do you have any rules that allows the device to pass mac auth without seeing the Captive Portal for a certain amount of time ?

- Are you guys are creating the accounts ahead of time , are you by any chance applying any bandwidth policies in which device logged off it reaches a certain amount of bandwidth ?

Also check the registration page form expire_after value which by default is set to 24 hours: