topic Re: guest authentication in Wireless

guest authentication

ohassairi — Sun, 04 Jul 2021 06:27:16 GMT

dear experts

we are authenticating our wireless gests via controller web policy

but with this method, users must login every day however in corp-wireless we can define the profile with necessary security settings so the client will connect automatically

is it possible the controller will remember of guest clients ?

Re: guest authentication

Scott Fella — Thu, 31 Jan 2013 14:06:04 GMT

When using WebAuth, the answer is no. The WLAN has a session timeout which is a hard timer and when this value expires the session is automatically terminated and the client has to login again. You can disable this feature, but then the idle timer is the next value that starts to count down when the device goes idle. You can adjust this, but I wouldn't adjust this value too high. 2-4 hours is what I use.

So basically users will have to login everyday.

Sent from Cisco Technical Support iPhone App

guest authentication

David Watkins — Thu, 31 Jan 2013 21:16:27 GMT

"If" you really need to allow these "particular" guests more permanent access-or at least without the hassle of logging in, not that it's "that" intense- but a Mac Filter Bypass for WebAuth is an "option" (just throwing this out there). I believe this was added in 7.0.116.0, however does not work properly for foreign/anchor scenarios until later releases

Not sure your current version, but this is from 7.2 config guide

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_wlan.html#wp1662912

Again, this is an "option" you have, but you would need to make sure you add the desired guest/device MAC to your WLC's MAC Filter page and remove them when done.

Information About Fallback Policy with MAC Filtering and Web Authentication

You can configure a fallback policy mechanism that combines Layer 2 and Layer 3 security. In a scenario where you have both MAC filtering and web authentication implemented, when a client tries to connect to a WLAN using the MAC filter (RADIUS server), if the client fails the authentication, you can configure the authentication to fall back to web authentication. When a client passes the MAC filter authentication, the web authentication is skipped and the client is connected to the WLAN. With this feature, you can avoid disassociations based on only a MAC filter authentication failure.