https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085575#M93526 <P>Hi Sree,</P> <P>I just checked security policies for GUEST User : it is saying WEB AUTH.</P> <P>For my CORP: WPA+WPA2.</P> <P></P> <P>Can u pls suggest what WEB AUTH mean here. wht typ of authentication is this.</P> Fri, 04 Aug 2017 08:24:06 GMT gauravpundir231 2017-08-04T08:24:06Z https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085569#M93520 <P>Hi ALL,</P> <P></P> <P>Can someone pls suggest on below problem urgently.</P> <P></P> <P>We have 2 users who are sitting in our company but using laptop of their client and connecting to internet thru our GUEST WIFI. Their guest wifi is getting dropped off after every 20-30 mins. We havent applied any time out policy in our WLC and our other users who are using laptops provided by us are not facing any issues with guest wifi.</P> <P></P> <P>Pls suggest wht could be the issue and wht can be done.Also, if this is caused by certificate. Anyone can advise wht typ of certificates are required for this.</P> Mon, 05 Jul 2021 14:29:18 GMT https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085569#M93520 gauravpundir231 2021-07-05T14:29:18Z https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085570#M93521 <P>Hi Gaurav,</P> <P></P> <P>I don't think it is related to timeout. What type of authentication are we using here for guest users?</P> <P>Are we pushing some policies or something from radius server which isolates these users based on the account? Or are we all using same credentials?</P> <P></P> <P>How <G class="gr_ gr_279 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" id="279" data-gr-id="279">does</G> the users in your company different from the guest users authentication wise?&nbsp;</P> <P>Also, it would be great if you can enable debug for the user and update here as you mentioned this is happening every 20-30 min and reproducible.</P> <P></P> <P>debug client mac &lt;user mac&gt;</P> <P></P> <P>show client detail &lt;mac address&gt;</P> <P></P> <P></P> <P>Thanks</P> <P>Sreejith</P> <P></P> <P></P> <P></P> <P></P> Fri, 04 Aug 2017 05:04:00 GMT https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085570#M93521 sremk 2017-08-04T05:04:00Z https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085571#M93522 <P>Hi Sree,</P> <P>We are using 802.1x auth.</P> <P>No policies are being pushed for guest users.</P> <P>Pls advise if you have some info on certificates for authentication. As this user is using client's laptop in our company.</P> Fri, 04 Aug 2017 05:44:14 GMT https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085571#M93522 gauravpundir231 2017-08-04T05:44:14Z https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085572#M93523 <P>If you are using dot1x, then yes we might be using certificates at the time of login but not after successfully authenticated.&nbsp;</P> <P>For <G class="gr_ gr_353 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="353" data-gr-id="353">eap</G>-<G class="gr_ gr_354 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling" id="354" data-gr-id="354">peap</G> mschapv2, we use one side server side validation certificate. For this, we need server <G class="gr_ gr_267 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="267" data-gr-id="267">ceritificate</G> on <G class="gr_ gr_316 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" id="316" data-gr-id="316">server</G>(radius) and trusted ca on <G class="gr_ gr_317 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" id="317" data-gr-id="317">client</G> side.</P> <P>For <G class="gr_ gr_372 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="372" data-gr-id="372">eap</G>-TLS, we use two side server side validation <G class="gr_ gr_412 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="412" data-gr-id="412">ceritifacate</G>. For <G class="gr_ gr_448 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-ins replaceWithoutSep" id="448" data-gr-id="448">this</G> we need 1.&nbsp;<SPAN>server&nbsp;</SPAN>certificate<SPAN><SPAN>&nbsp;</SPAN>on<SPAN>&nbsp;</SPAN></SPAN>server<SPAN>(radius) and trusted ca on<SPAN>&nbsp;</SPAN></SPAN>client<SPAN><SPAN>&nbsp;</SPAN>side&nbsp;</SPAN></P> <P><SPAN>2. Client certificate on Client and trusted ca of the same on radius server.</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>Thanks</SPAN></P> <P><SPAN>Sreejith</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN></SPAN></P> Fri, 04 Aug 2017 05:53:51 GMT https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085572#M93523 sremk 2017-08-04T05:53:51Z https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085573#M93524 <P>Thanks Sree,</P> <P></P> <P>Still have one qustn. Even after authenticating user , why it is dropping him after 20-30 minutes</P> Fri, 04 Aug 2017 05:58:52 GMT https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085573#M93524 gauravpundir231 2017-08-04T05:58:52Z https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085574#M93525 <P>That's what. We need to look into the logs to see what is happening with these guest laptops.&nbsp;</P> <P></P> <P>Thank</P> <P>Sreejith</P> Fri, 04 Aug 2017 06:10:36 GMT https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085574#M93525 sremk 2017-08-04T06:10:36Z https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085575#M93526 <P>Hi Sree,</P> <P>I just checked security policies for GUEST User : it is saying WEB AUTH.</P> <P>For my CORP: WPA+WPA2.</P> <P></P> <P>Can u pls suggest what WEB AUTH mean here. wht typ of authentication is this.</P> Fri, 04 Aug 2017 08:24:06 GMT https://community.cisco.com/t5/wireless/guest-wifi-issue/m-p/3085575#M93526 gauravpundir231 2017-08-04T08:24:06Z