Security

Hello,

 

A customer has ClearPass cluster that is utilising only Guest services. It is expected that any connected device will use up two licenses, one guest and one core (Policy Manager). However, we are observing tenfold higher use of core ones, compared with guest.

 

Am I getting all this about licensing wrong, or are we having an issue? Thanks in advance.

 

 

NesaM

What vendor is the NAD?
Are you sending back an ACCEPT or REJECT to get users into a captive portal state?

Hi Tim,

 

Customer is using Aruba MC, Guest services are standard one (Guest MAC Auth , and Guest Access with MAC caching), and they are using "Allow Access" as default profile for Guest MAC Auth Enforcement Policy.

 

Thanks.

 

NesaM

It's likely drive-bys or users who connect and then never register.

It's likely drive-bys or users who connect and then never register.

Thanks TIm,

 

Is there any way of by-passing this by changing Enforcement policy somehow? Customer's worry is that they will run out of core licenses quite easily if they roll out Guest access to more locations/campuses (forgot to mention this is Higher Education establishment).

 

Thanks.

NesaM

Yes, send a REJECT for unknown devices and make sure your initial role in the AAA profile is the captive portal role.

Hi Tim,

 

After a week of monitoring the situation, I can confirm that this worked. Thanks for the advice.

 

 

Regards,

NesaM

Yes, send a REJECT for unknown devices and make sure your initial role in the AAA profile is the captive portal role.

Thanks, I will get on with it and let yu know of a result.

 

NesaM

What vendor is the NAD?
Are you sending back an accept or deny to get users into a captive portal state?