Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
320
Views
0
Helpful
1
Replies

ISE 1.2 Guest Access for EAP(Dot1x) Authentication

ataro
Level 1
Level 1

‎09-06-2014 08:25 PM - edited ‎03-10-2019 10:00 PM

Hi.

I want to use encryption for guest access. 
In order to use the "RADIUS-NAC" in the WLC, you can not use or "Open + MAC" only "WPA + dot1". 
(Specification of the WLC) 

 

When the "Open + MAC", return from the ISE at the time of the "Web Authentication" in the "Session-Timeout Attribute", I was able to forcibly disconnect the radio. 
(Attribute is the same value as the (ISE TimeProfile) time the guest user can use) 
If you connect to a wireless terminal to forced disconnect after screen of Web authentication is displayed, you can not login. 
(Because the account has been revoked) 

 

I want to make even dot1x this environment. 
However, because it becomes the "re-authentication time" If dot1x, as long as the terminal is connected to the radio, it is not cut. 
In addition, even in the setting of "Attribute Termination-Action = Default", does not return until the Web authentication. 
(Status of the WLC remains "Auth Yes") 
(Session of the ISE remains "Started") 

 

Use the (EAP) Dot1x, Can I "is allowed to forcibly disconnected," "to match the time of TimeProfile" in the same way as "Open + MAC" thing? 

 

Thank you.

Labels:
0 Helpful
1 Reply 1

ataro
Level 1
Level 1

‎09-06-2014 09:07 PM

Note:

Cisco ISE:Version1.2.0.899-8

Cisco WLC(5508):Version 7.6.120

0 Helpful
Customers Also Viewed These Support Documents