Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1091
Views
1
Helpful
2
Replies

ISE 1.2 guest user and Morotola wireless controller roaming re-authentication

Go to solution
rmachuli
Level 1
Level 1

‎02-03-2016 12:03 AM

Hi!

SR: 637925639

My customer is using ISE 1.2 for wireless guest users. Wireless infrastructure is built on Motorola wireless controller RFS6000 5.7.2 and Motorola 6532 APs.

From ISE perspective guest access works fine, however the problem happens when wireless user is roaming. That time guest user needs to fully authenticate again.

This happens with two Motorola wireless 'setups'

- with fist setup we can see that authentication is made on AP, so for first authentication and for second authentication after we can see different NADs, so I think that is why we need to authenticate again after roaming

- with second setup, using 'tunnel mode' and 802.11r NAD IP is the same (=wireless controller), however after roaming we can see session ID is different, so again we need to authenticate again.

Do you have some experience with such ISE guest portal and Motorola wireless solution integration?

Customer goal in here is to not have full re-authentication after roaming.

best regards

Romek

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aaron Woland
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎02-03-2016 06:00 AM

Please have your customer file a case with Motorola.  Your experience is the same as one we have shown in testing with certain Moto platforms..  They supposedly have a bug filed about the behavior.

The sesisonID needs to remain the same after the CoA-ReAuth is received, and some of their platforms are creating a new session after the CoA.

-Aaron

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎02-03-2016 04:19 AM

Correct if you're getting a new session then the user will be required to login again

either check with motorolla for how session can be remembered (think session caching on wlc) or implement access based off endpoint group and purging capabilities of ISE 1.3 or higher, ISE 1.2 has device registration but no auto endpoint purge

IS there a reason they are not on 1.4 (latest release with a good amount of patches?)

or even evaluating 2.0 with better 3rd party support (may not be necessary in this case)

Go to solution
Aaron Woland
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎02-03-2016 06:00 AM

Please have your customer file a case with Motorola.  Your experience is the same as one we have shown in testing with certain Moto platforms..  They supposedly have a bug filed about the behavior.

The sesisonID needs to remain the same after the CoA-ReAuth is received, and some of their platforms are creating a new session after the CoA.

-Aaron

0 Helpful
Customers Also Viewed These Support Documents