We have Wifi deployment with ISE 1.1.4 authenticating our guest users through CWA.
Whenever a client looses connection for a short time they need to reautenticate by putting in their username and password again.
This is very annoying. Is ther a solution/best practice for this problem?
Activated Guest can cache their credentials via dot1x supplicant instead of having them login to guest via redirection every time they connect to the network
We have ISE 1.2 in production. For guest users we are using centralized web authentication. Users can successfully authenticate and able to access internet. But after a certain period of time (eg.15 mins) they loose connectivity to internet but still they are connected to guest SSID. They can re authenticate with the same credentials but again after a certain period they need to re authenticate.
We have set time profiles in ISE as 2 hrs, 4hrs and 8 hrs. I have checked the WLC configuration in for guest SSID and the session timeout tab was already disabled. Is there any settings in ISE that we are missing?. Please advise.
What about if we use the web authentication of WLC and not with ISE.
Is that a bug of controller or integration with ISE?
We have upgraded the WLC from 7.6.100 to 7.6.130 but the issue still persist. Anybody can help on this??
This is not a bug, it happens because there are timers on a WLC, that when they expire, or when a device actively disassociates from an ssid, will get removed from the WLC, and the next time you connect, a new session is created, and as such must be autheticated in ISE. You can change the timers on the SSID and globally, which is default set to 300 secs.
Rather than setting the session timeout globally, you can set it via RADIUS in the AuthZ policy. We use this to stop Guest users from having to re-auth everytime they disconnect fro the wireless, works well
Try by creating new time profile and set the time duration 8 hr and account type from login.
and then check guest user that login as per this time profile, is that still face the same issue or not.
I have been getting similar problems with the ISE Guest function in 1.1.4. I am on the WISM2 controller on version 7.4.110 (unlike OP who is on 5508)
I'm in the process of setting up an alternate ssid to make guests use the dot1x supplicant to authenticate as opposed to the portal (much like vattullu's suggestion), but this doesn't work for un-activated guests.