Security

Hi All,

Kindly need your advise,

I already integrated Clearpass and AD. and i have 2 group. Group A and Group B.

User Group A are User1 and  User2

User Group B are User100 and User200

Group A will get Role A => VLAN A

Group B will get Role B => VLAN B

and the configuration already running well.

But , when i move user1 from group A to Group B, why the user1 still have Role A and VLAN A. I already remove on Group A and move to Group B.

Can i make that change real time or quickly ?

Kindly need your advise

You need to change to cache timeout for your AD servers.  In my lab example below I have this to zero.

Whats the effect , if i change to 0 ? any issue?

If you set that to 0 CPPM will look up a group membership on every authentication using LDAP.  While a radius server can handle so many queries/second, typically handle as many.  The end result could be many delayed authentications, as a result.

Ok, Thanks a lot for your support