I have a PA firewall integrated with Aruba clearpass using XMLAPI for UserID. As IP addresses get re-used, the old tags don't appear to be removed and the new user's tags are just appended. This is causing users to be given access they shouldn't be allowed. Ex: Admin user logs in and gets 192.168.1.100. Tomorrow a student logs in and gets the same IP. When I run "show object registered-ip ip x.x.x.x" the IP address has a "#" which is classified as "persistent". Has anyone run into this type of issue? Is there a way to cause these old tags to expire, or preferable, get removed when a new user logs in.
... View more