Security

Hi Forum,

 

I'm trying to see if I can change that clearpass guest MAC caching to something less that 24 hours. I'm looking for 4 hours time period for MAC caching after guest account is created and then to not allow access after the 4 hours or redirect back to the captive portal. My guest account are only valid for 4 hours but MAC caching still works for 24 hours.

 

thanks,

Is your MAC-caching set up to use the value from the guest account or a
custom time source value?

Tim, this is what I have in the role mapping for mac caching:

 

Please post the enforcement policy from your web auth service and the
contents of the enforcement profile that is setting the MAC-auth expiry.

below:

 

 

 

I see it say one day DT but ot sure how to set it up to less.

You're manually setting a time for the expiration. If you want it to match what is set on the guest account, change that value to:     %{Authorization:[Guest User Repository]:ExpireTime}

I will change and test. honestly I'm not "manually" setting anything. I just used the template and that was created.

You may have selected "One Day" during the wizard instead of "Account Expiry
Time".

Correct. I did that.

 

Thanks for the help.