Am using ISE 1.2 to authenticate guest users on the WLC.
I created a sponsor account that creates guest credentials (username and password) and a time profile of 8hours, 24hours, 1week, 1month and 3months repectively and it worked fine.
Recently, it accepts the guest credentials and gives access to the network for about 2 to 3 minutes before it terminates the session and asks the user to re-authentication on the guest portal. This continues repeatedly irrespective of the time profile i choose. Moreover, every other users aside from the Guest users authenticate on the ISE without such challenge.
Thanks for ur suggestions in advance.
As shown in below screen shot , For Authz profile that these guest are hitting there is a default session timeout value set for re-authentication and also there is a attribute to maintain connectivity .
Maintain Connectivity During Reauthentication has two option :
Default :- If you set this option , it will take the CoA action 'Terminate'
Radius-Request :- If you set this option , it will take the CoA action 'Re-auth'
Can you please check if these values are intact to your configuration.
Thanks for the assistance, however, am not using the reauthentication option in the Authz profile. Am using a DACL name of which i have create the access-list on the Downloadable ACLs. This is used to push down the access-list to the switch and the WLC.
It still gives access to the network after authentication by the guest user, but knocks the user off after about 3 - 5 minutes. That is, the user will have to re-authenticate again with the same credentials and the problem re-occur again over and over.
See below the screen shots for both the Authz profile and the Authz policy.
I am also facing the same issue as we have updated the image to 1.2.1 and usinf cwa ( mac filtering ) on wlc, session time 1800 on wlc.
But still after 5-6 min guest user asking for username and password to guest redirection url.
Can anybody gives me the solution for the same.
Thanks & Reagrds
It is a software bug on the wireless controller software 7.4MR2. You need to open a TAC case and request an engineering release from Cisco that contains the fix. The fix was put in 126.96.36.199
same issue, I have tried to configure both the radius attributes Radius:Idle-Timeout and Radius:Session-Timeout. Bot hhave been set to 1900.
I keep being disconnected around 10 min after the iphone goes to sleep.
Could you show us your authorization profile ?
You might start by doing a debug client <mac> and see on the WLC what causes client disconnection.
Also make sure you are running a recent version of the WLC as there could be some issues.
Check also what is the Policy state of the client after web auth. It should move from WEBAUTH_REQD to RUN (you can see this in the monitor > Client menu). WLC will expire all clients that are in WEBAUTH_REQD state after 10 mn.
I have the same problem since yestarday because I have updated the wlc to 7.4.121 and the Ise to patch6-Meanwhile I am thinking that could be a bug or a change in the default properties-I don´t know.
I hope somebody can solve the problem-otherwise I should open a case.... :(
I had the same problem. I have vWLC and 2500 series WLC. The bug CSCul43158 Was fixed.
I upgrade from 7.6.100 to 188.8.131.52 and the problem was fixed. Now the wireless is working fine.
We had the same challenges. The issue is that the device is going to sleep and the WLC times out the connection.
The way we fixed it was to use RADIUS attribute in the AuthZ profile to set the session timeout and inactivity timeout value to 8hrs. Works great