cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2037
Views
1
Helpful
8
Replies

ISE Guest Auth and sleeping client

AndreaTornaghi
Level 1
Level 1

Hi All,

I'm configuring a new guest SSID on my WLC (ver 8.2.166) and I'm using the self-registration portal on ISE (ver 2.3).

The authentication and authorization process are working well, so I'm able to create a new guest account and to login on my guest network.

Only problem is releated to sleeping client. New smartphones disconnect wifi network after some minutes, I think for saving the battery.

When smartphones wake up the radius session is terminated and for this reason client is redirected another time to captive portal.

I know that from WLC, when Layer 3 security is enabled, is possible to enable sleeping-client feature in order to cache authentication session.

Now, my question is:

Is possible to do something like sleeping client feature using MAB instead of Layer 3 authentication on WLC?

It there any setting on ISE that I can enable for avoiding this trouble?

Many Thanks to everyone.

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee

See this example used for employees, you would do the same type of thing

https://communities.cisco.com/thread/79413?start=0&tstart=0

View solution in original post

8 Replies 8

Jason Kunst
Cisco Employee
Cisco Employee

See this example used for employees, you would do the same type of thing

https://communities.cisco.com/thread/79413?start=0&tstart=0

My request is a bit different, I need to authorize users only for 4 hour and after this time the user would not be authorized for the rest of the day.

I can create a new guest type with 4 hours of lifetime and set guest endpoint purge to one day, but in this way I will lose all statistics on radius log.

Because after the first wake up, ISE will auth and authZ client using mac address and I cannot have any statistics on user and client.

Check out this thread using ISE 2.3

https://communities.cisco.com/docs/DOC-76415

Thanks for this last link.

I would share with you the screenshot below.

As you can see the first time when guest flow is done the MAC is associated to the guest username but the second time the idendity is like MAC (mab is used, and ISE is not able to lookup on which user is associated to this MAB and to check if the guest user policy is compliant or not).

Capture.JPG

lets dicusss offline

erga
Level 1
Level 1

I know this is an old thread, but I'm having the same issue, ISE 2.4, patch 8. Sleeping clients just get disconnected. They have to go to wireless settings and choose the network again.

Thre are several different issues here. Can you please explain in full detail what the issue is on new thread.