11-16-2017 08:09 AM
Hi All,
I'm configuring a new guest SSID on my WLC (ver 8.2.166) and I'm using the self-registration portal on ISE (ver 2.3).
The authentication and authorization process are working well, so I'm able to create a new guest account and to login on my guest network.
Only problem is releated to sleeping client. New smartphones disconnect wifi network after some minutes, I think for saving the battery.
When smartphones wake up the radius session is terminated and for this reason client is redirected another time to captive portal.
I know that from WLC, when Layer 3 security is enabled, is possible to enable sleeping-client feature in order to cache authentication session.
Now, my question is:
Is possible to do something like sleeping client feature using MAB instead of Layer 3 authentication on WLC?
It there any setting on ISE that I can enable for avoiding this trouble?
Many Thanks to everyone.
Solved! Go to Solution.
11-16-2017 08:12 AM
See this example used for employees, you would do the same type of thing
https://communities.cisco.com/thread/79413?start=0&tstart=0
11-16-2017 08:12 AM
See this example used for employees, you would do the same type of thing
https://communities.cisco.com/thread/79413?start=0&tstart=0
11-16-2017 08:19 AM
My request is a bit different, I need to authorize users only for 4 hour and after this time the user would not be authorized for the rest of the day.
I can create a new guest type with 4 hours of lifetime and set guest endpoint purge to one day, but in this way I will lose all statistics on radius log.
Because after the first wake up, ISE will auth and authZ client using mac address and I cannot have any statistics on user and client.
11-16-2017 08:27 AM
Check out this thread using ISE 2.3
https://communities.cisco.com/docs/DOC-76415
11-16-2017 08:40 AM
Thanks for this last link.
I would share with you the screenshot below.
As you can see the first time when guest flow is done the MAC is associated to the guest username but the second time the idendity is like MAC (mab is used, and ISE is not able to lookup on which user is associated to this MAB and to check if the guest user policy is compliant or not).
11-16-2017 08:43 AM
lets dicusss offline
11-20-2017 07:43 AM
this was recommended on a call
07-18-2019 01:28 PM
I know this is an old thread, but I'm having the same issue, ISE 2.4, patch 8. Sleeping clients just get disconnected. They have to go to wireless settings and choose the network again.
07-18-2019 02:00 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide