Security

 View Only
Back to discussions
Expand all | Collapse all

ClearPass enforcement role is not working

This thread has been viewed 10 times

  • 1.  ClearPass enforcement role is not working

    Posted Oct 06, 2025 05:34 AM

    Dear Team,

    We are implementing a self-sponsored guest access feature where users enter their email address to receive a confirmation email and sponsor themselves. The intended workflow is as follows:

    ·        Users should be granted 5 minutes of initial access.

    ·        If they confirm their account within that period, they can continue under the same role.

    ·        If they fail to confirm their account or enter an invalid email address, they should be disconnected after 5 minutes and redirected back to the captive portal page.

    Enforcement Profile:

    First MAC-AUTH (User not sponsoring himself within the initial 5 minutes of access)

    USER-AUTH

    Second MAC-AUTH - after 5 minutes

    However, we are facing an issue: guest users are not being disconnected after the 5-minute window. Instead, they continue to have uninterrupted Wi-Fi access.

    Upon reviewing the Access Tracker, we found the following message:

    "No RADIUS enforcement profiles applicable for this device. Allowing Access."

    Could you please advise on possible causes or configurations to address this issue? Any insights or suggestions would be greatly appreciated.



    -------------------------------------------


  • 2.  RE: ClearPass enforcement role is not working

    Posted Oct 06, 2025 06:55 PM

    Search for "ClearPass self-sponsored captive portal" and you should find a few guides on this.  Namely, that first MAC auth must set a session timeout to 5 minutes or you're not going to enforce that first session.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



Related Content