×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Automatic registration of the mac adress on wlc

Unanswered Question
Jul 3rd, 2013
User Badges:

Hi evrybody,

     

At this moment, I'm working with an WLC 5508 and the authentication is done with Freeradius,till now every thing is working correctly, when I entered my radius login the connexion was successful; if I exceed the timeout session for expample 300 seconde (it was configured on  WLAN tab => advanced tab => Enable session timeout)

but my goal is:
to login for the first time on the wlc portal and after that I want that the controller be able to save my mac address and don't ask me to login another time => automatic connexion

There is also another possibility which is: to renew the request each year for example.


Thanks for any suggestion 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Eduardo Aliaga Wed, 07/03/2013 - 06:32
User Badges:
  • Silver, 250 points or more

are you using dot1x authentication for your wireless users ? or what kind of authentication ? To learn the MAC address you need profiling features. You can use PacketFence www.packetfence.org which is based on FreeRadius.



Please rate if this helps.

salilai01 Wed, 07/03/2013 - 09:22
User Badges:

Hi eduardoaliaga,


Thank you so much for the suggestion, It could be a very good solution, but the problem is that I don't know how to do it all, have you any website that explain it easily and quickly? because I want to know how long it will take to be implemented and if there is a support help.

Amjad Abdullah Wed, 07/03/2013 - 06:36
User Badges:
  • Red, 2250 points or more

Hi Sali,


I am not sure if I understood correctly, but the WLC can not save the mac address or remember the credentials.

Once you get disconnected you have to connect back again. (that is done usually automatically without doing anything. when the session times out and if the supplicant is saving the credentials, the supplicant can usually configured to automatically connect to this WLAN).


The other option you can take is to disable or increase the session time out.

BTW, session timeout is by default 1800 seconds, not 300 seconds.


Regards,


Amjad


Rating useful replies is more useful than saying "Thank you"

salilai01 Wed, 07/03/2013 - 09:31
User Badges:

Hi Amjad,


I've changed the timeout session to 300 sec just for a test, but I think your proposition to disable the timeout could be a very good alternative :-)


Many thanks

Eduardo Aliaga Wed, 07/03/2013 - 23:47
User Badges:
  • Silver, 250 points or more

Hello Sali, to register MAC addresses you need an advanced Radius server like PacketFence (which uses FreeRadius) or like Cisco ISE.


I guess you want to autodetect and auto register the MAC addresses of your wireless endpoints for a couple of weeks only (to give time to all endpoints to register) ad after that you will only permit access to those MAC addresses already registered, is that right ?


You can do that with both Cisco ISE and PacketFence, but since you tell me you already use FreeRadius, then I think it makes more sense to use PacketFence.


I have lots of experience with Cisco ISE. Now I'm testing PacketFence with a Cisco switch, next week I will test PacketFence with a Cisco WLC.



Insieme is the creator of PacketFence, if you need support you can contact them. They have several videos in youtube, like these :


http://www.youtube.com/watch?v=PrUjf0_s49Q

http://www.youtube.com/watch?v=MpBgnwp1qLI


Please rate if this is helpful.

salilai01 Thu, 07/04/2013 - 00:35
User Badges:

Hello eduardoaliaga,


I'll test also the PacketFence on the Freeradius, it's seems very interesting, if you have any news about it let me know please


Thanks

salilai01 Fri, 07/12/2013 - 07:18
User Badges:

Hi,

how was your test with PacketFence and wlc? any good feedback

salilai01 Thu, 07/04/2013 - 07:15
User Badges:

Hi,


Just to know, if I disable the timeout on wlc, the iphone should not disconnect but this not happened, do you know why?


Thanks

Scott Fella Thu, 07/04/2013 - 09:10
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

The iPhone and iPad when the screen goes blank doesn't respond to the WLC. If you want to keep the client on the WLC, you need to increase the idle timer. The idle timer has to be less than the session timer.

Sent from Cisco Technical Support iPhone App

salilai01 Fri, 07/05/2013 - 01:17
User Badges:

Does any one have experience in setting these parameters (User idle timeout, session timeout, ARP timeout).

My goal is that the user has to enter his login AD only the first time (I use web authentication) , I tried to disable the session timeout but the problem remains.

If this is not possible to achieve, I want to increase as much possible the intervall of re-authentication.


Thanks

Scott Fella Fri, 07/05/2013 - 04:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

If you have the session timer disabled, then set the idle timer for 2 hours or 4 hours. This allows the user to take a long lunch and come back without having to log back in. You don't need adjust the arp timer.

Sent from Cisco Technical Support iPhone App

Ravi Singh Sun, 07/21/2013 - 20:17
User Badges:
  • Cisco Employee,

Hello Sali,


To remeber MAC address you must need ISE or PacketFence because WLC does not store MAC address. If you want to learn how to configure PacketFence you can go to the below link


http://www.packetfence.org/documentation/guides.html


AND if you are interested in Cisco ISE than you can go to the bellow link.


http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_preface.html

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode