Clembo pretty much summed it up, but I'll add my notes on licensing gathered on the board for further details.
Clearpass Policy Manager
• Licenses based on the number of unique authenticating endpoints (devices) per day
• This is averaged across a 7 day period to take into account normal peaks and valleys to determine whether or not you are exceeding your limit.
• If you exceed your limit you will get a warning in the WebUI
• If it was an abnormal week, nothing will happen and that warning will disappear.
• If you exceed your license count for 4 out of 6 months, you will be locked out of the WebUI until you resolve the issue
• At no point will we disable the system from authenticating users if you exceed the license limit.
Pasted from <
http://community.arubanetworks.com/t5/ClearPass-formerly-known-as/Clearpass-Guest-Queries/m-p/39894/highlight/true#M605>Yes...we enact the 7 day moving average to take care of inevitable peaks and valleys in usage of the system. In the event that you exceed the 25 limit for a trailing 7 days, the system will do the following:
Each month a licensing management feature within ClearPass monitors the 7-day rolling average as described and if capacity is exceeded, then the current month is flagged as “out of policy”.
This will trigger a warning message to the administrator that is displayed on the ClearPass Policy Manager dashboard.
If authentications of guests’ devices continue to exceed 25 devices for 4 months out of a 6 month period the next step is to go beyond the warning message described above and actually lock the administrator out of the Policy Manager GUI.
While users will continue to be authenticated, exceeding the warnings will prevent the administrator from making any policy changes, running any usage reports or troubleshooting any connectivity issues that might arise.
From <
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Clearpass-Guest-Licensing-Question/m-p/88392/highlight/true#M6175>Clearpass Guest
Guest is special, the MAC addresses refresh per day. You end up with a weekly view so that you can see a daily average though. We understand that in guest environments users come and go on a much quicker basis than in the enterprise itself.
The policy manager tracks the unique MAC addresses that it sees on a daily basis, but the refresh is weekly
From <
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Clearpass-Guest-Licensing-Question/td-p/88392/highlight/true/page/2>Guest uses a daily reset model. If you have 1 appliance and use the starter bundle (25 licenses) all for guest, you can authenticate 25 unique MAC addresses per day that are connected by guests (we support bursting so that if you have not purchased the right level of licenses, users are not denied access). The next day you may see some of the same MAC addresses and new ones. If you stay under or at 25 authentications you have enough licensing (again bursting is supported).
The problem starts when you consistently see 30/40/90 authentications per day over 3 months. Then it's time to buy the next level license bundle.
Trent
ClearPass Product Management
From <
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Clearpass-Guest-Licensing-Question/td-p/88392/highlight/true/page/2>