We moved away from this in favor of all network auth going to ClearPass, but we used to use Captivator-gw with moderate success in a small section of our network: http://net.doit.wisc.edu/~dwcarder/captivator/
Matt Freitag Network Engineer Information Technology Michigan Technological University (906) 487-3696 <%28906%29%20487-3696> https://www.mtu.edu/ https://www.mtu.edu/it On Tue, Apr 3, 2018 at 11:09 AM, Hector J Rios <hr...@lsu.edu> wrote: > Authentication might not stop, but what about access to the UI or the > ability to make config changes? > > > > -H > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba > Security) > *Sent:* Tuesday, April 03, 2018 9:43 AM > > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] ClearPass - not so clear anymore > > > > Hector, > > > > During a roam event where a new session is created, a stop should also be > generated by the NAD, so this should be a non-issue. > > > > Also, as of 6.7.2, TACACS+ does not directly consume any access licenses > (as long as you have at least 100 access licenses installed, TACACS+ usage > is unlimited). > > > > I should also add that all licensing ‘violations’ in ClearPass are UI / > trap warning only. Authentication will never stop. > > > > Tim > > > > > > *From: *The EDUCAUSE Wireless Issues Constituent Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Hector J Rios < > hr...@lsu.edu> > *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > *Date: *Tuesday, April 3, 2018 at 10:02 AM > *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV. > EDUCAUSE.EDU> > *Subject: *Re: [WIRELESS-LAN] ClearPass - not so clear anymore > > > > Ian, > > > > 6.7 introduced a new licensing scheme which is based on concurrent users, > and it encompasses both guests, mac-auth, TACACS, etc. This means that each > user or device will consume an Access License during an active session. > This is the Access license. The part that really sucks is the way sessions > are treated. Basically, if a session end is not identified, the license > that is being used is not freed until after a period of 24 hours. In > wireless environments, it is normal for devices to roam, turn off and on > continuously, and thus establish multiple sessions. So, for every device > that authenticates to your network, it will be very likely that you will > see multiple active sessions, thus consuming more licenses than you would > have planned for. > > > > All of these new “features” were not part of the previous licensing > scheme. > > > > Hector Rios > > Louisiana State University > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ > mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] *On Behalf Of *Ian Lyons > *Sent:* Monday, April 02, 2018 5:10 PM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] ClearPass - not so clear anymore > > > > Jason > > That price *was* real, many years ago. > > I got a pair of 5000 user licenses for ~15k, last year. > > Word of caution, I have seen some vendors that say they sell Cisco and > Aruba products "forget' discounting on Aruba. > > Shop around, that is not necessarily accurate. > > Having said that, quantity of users and features where not mentioned. 50k > or more users and all the features enabled.....I can not speak to that. > > Hector > > I have had clearpass, on and off, for 6 years...it has always been > concurrent users....yes to a rolling average, but not an immediate cut off > if you exceed once or twice. > > Can you elaborate? > > Get Outlook for Android <https://aka.ms/ghei36> > > > > From: Trinklein, Jason R > > Sent: Monday, April 2, 17:48 > > Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore > > To: wireless-lan@listserv.educause.edu > > We are considering clearpass for our guest network captive portal. We have > a case of sticker shock, however…at a cost of nearly $50K, it seems > expensive for a captive portal. > > > > What alternative solutions are people using? We are very happy with > FreeRADIUS for wireless auth, but we need a robust captive portal that > allows OAuth/social media login or validated email/sms login. We tried > packetfence, but in cluster mode, it wasn’t reliable. > > > > -- > > *Jason Trinklein* > > *Wireless Engineering Manager* > > College of Charleston > > 81 St. Philip Street | Office 311D | Charleston, SC 29403 > <https://maps.google.com/?q=81+St.+Philip+Street+%7C+Office+311D+%7C+Charleston,+SC+29403&entry=gmail&source=g> > > trinkle...@cofc.edu | (843) 300–8009 <(843)%20300-8009> > > *From: *The EDUCAUSE Wireless Issues Constituent Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Hector J Rios < > hr...@lsu.edu> > > *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > > *Date: *Monday, April 2, 2018 at 5:23 PM > > *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV. > EDUCAUSE.EDU> > > *Subject: *[WIRELESS-LAN] ClearPass - not so clear anymore > > > > I’ve got two complaints about this product. One, it seems like with every > patch or upgrade, this solution is getting worse and worse. This is > disappointing because when we bought this solution two years ago it was > rock solid. Second, due to the new licensing scheme, we are now exceeding > our licensing capacity. How convenient for Aruba, right? As some of you > might know, the new licensing scheme is based on concurrency. When we > purchased the solution the licensing scheme was based on rolling averages. > Yes, the new licensing scheme is attempting to make things simpler, but at > a higher cost. Ask your rep how much a 25K server costs and you’ll see what > I’m talking about. > > > > Hector Rios > > Louisiana State University > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss&data=02%7C01%7C%7C416aa0adcd3740e218df08d598dffc6e%7Ce285d438dbba4a4c941c593ba422deac%7C0%7C0%7C636583010131355986&sdata=L2hgyGRxLEshPCcPVnAxQCrmoaMp%2FlC8Nq8V0B8IdaM%3D&reserved=0>. > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.