need help!!
Setup : Clearpass + Cisco 2960 switch. Captive portal based authentication for LAN users connected to cisco switch.
Problem : After guest user got expired, clearpass is not triggering CoA action (when checked in access tracker tab, there is no CoA). But, when manually triggering CoA(Cisco Terminate session), CoA is working and client getting disconnected.
More details : Using Wired Enforcement Policy document, I created service with 'Allow all mac auth' + 'web auth' for guest based solution for LAN users. user allowed initially with mac auth and given redirect url followed by web auth service to validate guest credentials and update Endpoint with username and role. Detailed screenshots attached.
checklist :
- Insight, accounting interm packets -> enabled
- radius CoA enabled in device page
- Expire post login, do expire policies added
- Authorization in service -> all databases added
- Guest>configuration>authentication settings>Selected NAS type as "Cisco systems(RFC 3576)"
Please suggest any Tips:)
Access Tracker logs one user
Thanks
Sairam