I am using Aruba Instant and Clearpass Guest to provide guest and staff wireless access.
Users use the CP Guest captive portal to self-register, then get 30 days seamless access using MAC caching.
The 2 services were based on the standard "Guest MAC Authentication" service template.
All works well. After 30 days, users are shown the captive portal again to re-register. If they register again using the same username the cycle is repeated as expected.
HOWEVER, we are finding if a different username (email address) is used to re-register a particular device, although the initial captive portal login works, the subsequent MAC authentications fails. Consequently after a period of inactivity, the user is always shown the captive portal login page.
Access Tracker shows the cause of the problem. When Instant passes the MAC address for authentication, Clearpass mistakenly evaluates the status of the PREVIOUSLY REGISTERED USERNAME - which has expired - not the new one.
Under Request details -> Computer Attributes, the now expired username for that device is being returned.
So where is Clearpass remembering this username against the MAC address? I was expecting this to be an issue with the Endpoint not being updated with the new username. But that is not the case.
If we look in Endpoints -> Attributes, the correct, newly registered username is there. No sign of the old one.
I've noticed that if I click the "Clear Cache" button that sometimes appears at the bottom of the Endpoint window, the problem is solved.
So far this is the only workaround. Can anyone suggest something I can change to the services to prevent the old cached username from being returned?