topic Re: LWA with MAB using ISE in Network Access Control

LWA with MAB using ISE

Nicholas Copeland — Mon, 11 Mar 2019 03:08:10 GMT

I am trying to setup a wireless solution using a 4400 series controller and ISE to present a web auth page for users to log in and register there device. I also want them to have to accept the AUP. After the device is registered I don't want them to have to see the web auth page again using Mac Filtering. Which I believe will work based off some research I have done. The real question I have is if I can force users to periodically to have to reauth that device or to reaccept the AUP? I don't want to actually have to manually disable the accounts or delete the device out of the database to force them to verify the device and account again.

Really what I am trying to get is the experience you see at a hotel. Where you are given a username and password and regardless of whether you restart yoru computer or leave for the day you are valid for the set time frame they give you. After that you have to reauthenticate your device.

Any ideas if this is supported or how to do this?

LWA with MAB using ISE

mjensen323 — Wed, 27 Feb 2013 20:15:19 GMT

Under Web Portal Management

Settings

Guest

-> Portal Policy

You can specify expirations, etc...

Would that accomplish your goal?

LWA with MAB using ISE

Nicholas Copeland — Wed, 27 Feb 2013 20:56:24 GMT

No only because that expires the account and not the device from what I can see. I am looking to never expire the account so I am not even building them as Guest users. I had just wanted to expire the device or force them to have to re-auth the device after a certain period of time.

Re: LWA with MAB using ISE

Nicholas Copeland — Fri, 01 Mar 2013 17:12:14 GMT

So I am killing the need to re-accept the AUP page. But I am having issues with the LWA and the return radius COA coming back to the controllers. I can see in ISE that the device is being authenticated via MAB but I am still getting sent to the splash page regardless. I tried to change the Radius state to Radius NAC on the controller but it won't let me apply that setting to an open SSID. It works on the 7.2 controllers just not on the 7.0 controller. Any ideas of how to get LWA with MAB to work using ISE as the external web auth page and for the controller to accept the COA from ISE?

Sent from Cisco Technical Support iPad App