Security

Hi,

I am testing ClearPass Guest Access (6.12), where users authenticate using a passcode. I have created a user and enabled username authentication, and everything is working as expected.

However, in my CoA WebAuth policy, I am seeing the Original Username instead of the user's MAC address.

Do I need to make any changes to my configuration to fix this?

For reference, my WLC is a Cisco 9800 CL.


Thanks in advance 
Subhojit 

What RADIUS dictionary/library is assigned to the NAD?

Hi ahollified,

I have use Cisco, Do I need to change it ?

Looks correct to me.

Why would you expect to see a MAC address for the username in a service that is using the captive portal username?  The whole point of the captive portal is to associate an account of some sort to the client device.

Hi Chulcher,

This is a requirement from customer for their internal audit.

the guest user authenticates using a passcode through the captive portal, However, when the WebAuth policy is triggered, I see the Original Guest User account (passcode) instead of the client MAC address, and I want to confirm whether this behavior is expected or if the configuration should be adjusted so that the CoA is sent using the MAC address to properly identify the client session on the ClearPass Access Tracker.

-------------------------------------------

Yes, that's how a captive portal works, the account (passcode) is authenticated which would be reflected in the Access Tracker.