Security

Hello,

We are switch vendor looking to integrate the central web authentication feature of ClearPass. When the user enters username and password on the login portal page, the client MAC status is changed to known and a CoA reauthenticate message is sent to switch and at the same time the client browser is redirected to a page defined on the ClearPass guest (Default Destination). The switch needs about 10 seconds to process the CoA so we need to delay the redirection. Currently there is no delaying mechanism built into our switch and I was wondering if this delay can be controlled and configured from the ClearPass.

Thanks,

Ali

ClearPass has a server configuration option: RADIUS Dynamic Authorization (DM/CoA) Delay which can be set to 0-15 seconds. And there is the Login Delay in the Web login configuration which probably is what you are looking for.

If you can control the switch side, it may be an option to mimic the way Instant AP and controller do a login by posting the guest credentials to the AP/controller and use RADIUS in the back to ClearPass. That takes out the delay caused by CoA; if you don't need to switch VLANs.

Also, if you are a switch vendor and developing products, it may make senses to join the Aruba Technology partner program: https://www.arubanetworks.com/partners/programs/ 

Thanks for your response. Could you please point to where in CPPM and Guest that these two parameters can be configured, I looked around but couldn't find the two.

Sure,

The CoA timeout is in Policy Manager » Administration » Server Manager » Server Configuration - <your server> - Service Parameters - Command Control

The Web Login Delay is in Guest » Configuration » Pages » Web Logins.