Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISE 1.2 Guest Access for EAP(Dot1x) Authentication


I want to use encryption for guest access. 
In order to use the "RADIUS-NAC" in the WLC, you can not use or "Open + MAC" only "WPA + dot1". 
(Specification of the WLC) 


When the "Open + MAC", return from the ISE at the time of the "Web Authentication" in the "Session-Timeout Attribute", I was able to forcibly disconnect the radio. 
(Attribute is the same value as the (ISE TimeProfile) time the guest user can use) 
If you connect to a wireless terminal to forced disconnect after screen of Web authentication is displayed, you can not login. 
(Because the account has been revoked) 


I want to make even dot1x this environment. 
However, because it becomes the "re-authentication time" If dot1x, as long as the terminal is connected to the radio, it is not cut. 
In addition, even in the setting of "Attribute Termination-Action = Default", does not return until the Web authentication. 
(Status of the WLC remains "Auth Yes") 
(Session of the ISE remains "Started") 


Use the (EAP) Dot1x, Can I "is allowed to forcibly disconnected," "to match the time of TimeProfile" in the same way as "Open + MAC" thing? 


Thank you.

New Member

Note:Cisco ISE:Version1.2.0


Cisco ISE:Version1.2.0.899-8

Cisco WLC(5508):Version 7.6.120

CreatePlease login to create content