Security

Greetings,

 

I hope someone can help. 

 

We have Clearpass guest v6.3.1.29787 and were testing the expiry feature.  The expiry type is set to disable and logout, however once the account does expire, the connected account is still able to access websites (not just previously visited / cached ones).

 

The account on guest manager is shown as expired.

 

Anyone come across this before?

 

TIA

 

Gordie 

 

Is it an Aruba wireless controller? Do you have RADIUS CoA and accounting enabled?

Hi Tim,

 

Sorry, yes.  We have Aruba iAP 105 AP managed by Airwave.

We do not have CoA or accounting turned on.  We are using the Clearpass appliance as a RADIUS server.

 

TIA

 

G

If you want the device to be disconnected immediately when the account expires, you need to turn both those features on in both Instant and CPG

Cheers Tim,

 

I have checked this setting in CPG, but cant find it on the Instant.  Where about is this setting?

 

TIA

 

G

CoA (RFC 3576) is found in your authentication server settings.

 

 

Accounting is found under the SSIDs security settings.

 

Thanks Tim,  appreciate your help.

 

I have made the changes, but its still not logging me off when my session expires.  It has had the side effect of adding data to active sessions :)

 

 

Did you start a new session with the client and delete the old one ?

 

You may have to remove the client session from the Virtual Controller List and then try again.