Security

Dear Community,

 I need to use IAP205 APs with ClearPass. I have a guest SSID where the ClearPass provides the external Captive Portal. I can see that the guest users needs to authenticate on the Captive Portal every time when they connect to the SSID. I try to configure that once a client successfully authenticate on the Captive Portal the next few hours there won't be need to reauthenticate with the same device. How can I configure this?

Thanks a lot!

Best Regards,
Gabor

Hi,

if i would like to authenticate with my domain username and password on Captive Portal with Guest MAC Cache service, how change my service settings?

I added my AD auth source to the MAC cache service (Radius Enforcement Generic), but it's not work for me. I got a reject, when the mac auth is in progress.

I can see the following error in Request Details Alert tab:
"Failed to get value for attributes=[UserName]"

Regards,
Balazs

Hi Tim,

we have two services in ClearPass Tips:

I added my AD to Authentication Source to User Authentication with MAC. If I connect to my SSID, the Captive Portal page displayed. I logged in my domain username and password, the connection was ACCEPT.

If I disconnected my device, and i connect again my SSID, I got a REJECT from MAC Authentication service. The following error is:

Thanks,

Balazs

You shouldn't have MAC-authentication in your web login service.

Can you try setting this up with the service template instead?

Hi Tim,

I resolved the issue. I can use my userAccountStatus attribute than Guest Role ID.
The MAC service can find this value, what contains every standard user account.
This value is constant 512. And I modified the [Employee] Post Authentication Role, and I use this value.

Thanks,

Balazs