Hector, During a roam event where a new session is created, a stop should also be generated by the NAD, so this should be a non-issue.
Also, as of 6.7.2, TACACS+ does not directly consume any access licenses (as long as you have at least 100 access licenses installed, TACACS+ usage is unlimited). I should also add that all licensing ‘violations’ in ClearPass are UI / trap warning only. Authentication will never stop. Tim From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Hector J Rios <hr...@lsu.edu> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Date: Tuesday, April 3, 2018 at 10:02 AM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore Ian, 6.7 introduced a new licensing scheme which is based on concurrent users, and it encompasses both guests, mac-auth, TACACS, etc. This means that each user or device will consume an Access License during an active session. This is the Access license. The part that really sucks is the way sessions are treated. Basically, if a session end is not identified, the license that is being used is not freed until after a period of 24 hours. In wireless environments, it is normal for devices to roam, turn off and on continuously, and thus establish multiple sessions. So, for every device that authenticates to your network, it will be very likely that you will see multiple active sessions, thus consuming more licenses than you would have planned for. All of these new “features” were not part of the previous licensing scheme. Hector Rios Louisiana State University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian Lyons Sent: Monday, April 02, 2018 5:10 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore Jason That price *was* real, many years ago. I got a pair of 5000 user licenses for ~15k, last year. Word of caution, I have seen some vendors that say they sell Cisco and Aruba products "forget' discounting on Aruba. Shop around, that is not necessarily accurate. Having said that, quantity of users and features where not mentioned. 50k or more users and all the features enabled.....I can not speak to that. Hector I have had clearpass, on and off, for 6 years...it has always been concurrent users....yes to a rolling average, but not an immediate cut off if you exceed once or twice. Can you elaborate? Get Outlook for Android<https://aka.ms/ghei36> From: Trinklein, Jason R Sent: Monday, April 2, 17:48 Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore To: wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu> We are considering clearpass for our guest network captive portal. We have a case of sticker shock, however…at a cost of nearly $50K, it seems expensive for a captive portal. What alternative solutions are people using? We are very happy with FreeRADIUS for wireless auth, but we need a robust captive portal that allows OAuth/social media login or validated email/sms login. We tried packetfence, but in cluster mode, it wasn’t reliable. -- Jason Trinklein Wireless Engineering Manager College of Charleston 81 St. Philip Street | Office 311D | Charleston, SC 29403 trinkle...@cofc.edu<mailto:trinkle...@cofc.edu> | (843) 300–8009 From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Monday, April 2, 2018 at 5:23 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] ClearPass - not so clear anymore I’ve got two complaints about this product. One, it seems like with every patch or upgrade, this solution is getting worse and worse. This is disappointing because when we bought this solution two years ago it was rock solid. Second, due to the new licensing scheme, we are now exceeding our licensing capacity. How convenient for Aruba, right? As some of you might know, the new licensing scheme is based on concurrency. When we purchased the solution the licensing scheme was based on rolling averages. Yes, the new licensing scheme is attempting to make things simpler, but at a higher cost. Ask your rep how much a 25K server costs and you’ll see what I’m talking about. Hector Rios Louisiana State University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss&data=02%7C01%7C%7C416aa0adcd3740e218df08d598dffc6e%7Ce285d438dbba4a4c941c593ba422deac%7C0%7C0%7C636583010131355986&sdata=L2hgyGRxLEshPCcPVnAxQCrmoaMp%2FlC8Nq8V0B8IdaM%3D&reserved=0>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.