Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Guest MAC caching - cannot connect again from the same device

This thread has been viewed 5 times

  • 1.  Clearpass Guest MAC caching - cannot connect again from the same device

    Posted Oct 02, 2017 09:34 AM

    I am testing Clearpass guest with MAC caching and self-registration.  I have been using an iPad to test.  I have followed the setup using the Clearpass Workshop Series

     

    The guest mac caching is working now since I added "Allow All MAC Auth" to the authentication method.  Now when I test with my iPad, after the account expires, I cannot re-connect to my guest SSID unless I delete the iPad from the endpoint's database.  Is there a way to delete the endpoint from the database after the account has expired or is there a better way that I am missing?



  • 2.  RE: Clearpass Guest MAC caching - cannot connect again from the same device

    Posted Oct 02, 2017 09:39 AM
    In your enforcement policy remove the amount of unique-devices per user allowed


  • 3.  RE: Clearpass Guest MAC caching - cannot connect again from the same device

    Posted Oct 02, 2017 09:54 AM

    Victor,

     

    Thanks for the quick response.  Do you mean under the "Role"?

     

    Capture.JPG



  • 4.  RE: Clearpass Guest MAC caching - cannot connect again from the same device

    Posted Oct 02, 2017 10:07 AM

    You can either increase the amount of unique devices allowed per user or remove the rule if you think that enforcement is not needed

     

    2017-10-02 09_05_29-ClearPass Policy Manager - Aruba Networks.png



  • 5.  RE: Clearpass Guest MAC caching - cannot connect again from the same device

    Posted Oct 02, 2017 12:09 PM

    Hmm, I took it out of the role completely and it still won't let my iPad on.  I wouldn't expect it to be an issue with unique device count since I'm using the same device repeatedly, correct?

     

    Capture.JPG

     

     



  • 6.  RE: Clearpass Guest MAC caching - cannot connect again from the same device

    Posted Oct 02, 2017 12:12 PM
    Are you using different names every time you register?


  • 7.  RE: Clearpass Guest MAC caching - cannot connect again from the same device

    Posted Oct 02, 2017 01:09 PM
    What do you see in access tracker when your authentication fails ?


  • 8.  RE: Clearpass Guest MAC caching - cannot connect again from the same device

    Posted Oct 02, 2017 02:20 PM

    I think I may have found the issue.  I checked access tracker and the client was getting assigned the [Guest] role instead of getting the default [Deny Access Profile].  I removed the second condition on the Enforcement Profile and that forced the client to get the Deny Access Profile and get now it gets the Captive Portal Page.Capture.JPG