Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

User Inactivity timouts

This thread has been viewed 3 times

  • 1.  User Inactivity timouts

    Posted Aug 29, 2013 12:53 PM

    Is there a way in ClearPass to be able to do actions on WiFi login inactivity after a certain amount of days? Basically once a WiFi user has authenticated initially via captive portal, all future authentication requests are processed via mac auth. If they haven’t connected again for example say a minimum of 20 days via mac auth they should fall back to captive portal authentication, since the account has been inactive during that time period. If they are regularly connecting in via mac auth (within the 20day period) then they will never get the captive portal page and always authenticate via mac auth. Any advice on how to set this up on ClearPass would be appreciated.



  • 2.  RE: User Inactivity timouts

    EMPLOYEE
    Posted Aug 29, 2013 07:52 PM

    I can't confirm that this works but you could try and add a condition to the top of your Guest MAC Cache enforcement policy with:

     

    Type: Authorization:[Insight Repository]

    Name: Days-Since-Auth

    Operator: GREATER_THAN_OR_EQUALS

    Value: 20

     

    and then assign the appropriate enforcement profile for that condition to have them re-register.