Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wifi Guests need to reauthenticate when loosing connection

We have Wifi deployment with ISE 1.1.4 authenticating our guest users through CWA.

Whenever a client looses connection for a short time they need to reautenticate by putting in their username and password again.

This is very annoying. Is ther a solution/best practice for this problem?

 

Everyone's tags (3)
13 REPLIES
Cisco Employee

Activated Guest can cache

Activated Guest can cache their credentials via dot1x supplicant instead of having them login to guest via redirection every time they connect to the network

New Member

Hi VattulluWe have ISE 1.2 in

Hi Vattullu

We have ISE 1.2 in production. For guest users we are using centralized web authentication. Users can successfully authenticate and able to access internet. But after a certain period of time (eg.15 mins) they loose connectivity to internet but still they are connected to guest SSID. They can re authenticate with the same credentials but again after a certain period they need to re authenticate.

We have set time profiles in ISE as 2 hrs, 4hrs and 8 hrs. I have checked the WLC configuration in for guest SSID and the session timeout tab was already disabled. Is there any settings in ISE that we are missing?. Please advise.

 

 

 

New Member

What version of WLC are you

What version of WLC are you using?

New Member

version: 7.6.100Model: 5508

version: 7.6.100
Model: 5508

New Member

You should upgrade your WLC

You should upgrade your WLC

 

https://tools.cisco.com/bugsearch/bug/CSCul43158

 

 

New Member

Thanks.. What about if we use

Thanks..

 

What about if we use the web authentication of WLC and not with ISE.

Is that a bug of controller or integration with ISE?

New Member

I don't know if this bug is

I don't know if this bug is related to ISE.

Please, create a new SSID and test without ISE.

New Member

Hi Team, We have upgraded the

Hi Team,

 

We have upgraded the WLC from 7.6.100  to 7.6.130 but the issue still persist. Anybody can help on this??

 

https://tools.cisco.com/bugsearch/bug/CSCul43158

This is not a bug, it happens

This is not a bug, it happens because there are timers on a WLC, that when they expire, or when a device actively disassociates from an ssid, will get removed from the WLC, and the next time you connect, a new session is created, and as such must be autheticated in ISE. You can change the timers on the SSID and globally, which is default set to 300 secs.

New Member

Rather than setting the

Rather than setting the session timeout globally, you can set it via RADIUS in the AuthZ policy. We use this to stop Guest users from having to re-auth everytime they disconnect fro the wireless, works well

 

New Member

This worked |||||...

This worked |||||....Configured the Radius: Session and Idle time out and everything goes smooth. Thanks for the solution provided.

 

 

Bronze

Hi,Try by creating new time

Hi,

Try by creating new time profile and set the time duration 8 hr and account type from login.

and then check guest user that login as per this time profile, is that still face the same issue or not. 

 

New Member

I have been getting similar

I have been getting similar problems with the ISE Guest function in 1.1.4. I am on the WISM2 controller on version 7.4.110 (unlike OP who is on 5508)

 

I'm in the process of setting up an alternate ssid to make guests use the dot1x supplicant to authenticate as opposed to the portal (much like vattullu's suggestion), but this doesn't work for un-activated guests. 

790
Views
0
Helpful
13
Replies