cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
401
Views
1
Helpful
4
Replies

Reauthenticate users every 60s for Guest users

M1N10N
Level 1
Level 1

• Guest users were able to connect to the SSID and gaining network access by providing code using CWA, but after 60s network is getting disconnected and redirected CWA for reauthenticate. 
• When users are created using sponsor portal via ISE 3.1 patch 6. If user with 24 day or less duration works without any issue, but when guest user duration configured with 25 days or more issue appears. We are using cisco wireless controller 5520 version 8.10.196.0.

Does anyone face this kind of issue?

1 Accepted Solution

Accepted Solutions

M1N10N
Level 1
Level 1

Workaround, In ISE Authorization access profile, enable reauthentication timer and set to lower than 65000. Issue fixed

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

Looks for me some kind of bug as per information, have you tried collecting the debug logs from WLC and looked at ISE what is the reason its going to ask re-authentication.

is this for all devices of guest or any specific devices ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

It is two issue or one 

Can you more elaborate 

Thanks

MHM

It is one issue the behavior is If we create guest user via ISE sponsor portal with maximum duration of 24 days, it works no issue. But if we create guest user more than 25 days, users able to authenticate via CWA but within 1min reauthentication message appears.

WLC packet capture I saw this output: 

*apfReceiveTask: Sep 04 14:04:43.431: 3c:06:30:1d:e1:02 apfMsExpireMobileStation (apf_ms.c:8148) Changing state for mobile 3c:06:30:1d:e1:02 on AP 5c:e1:76:1a:07:e0 from Associated to Disassociated

*apfReceiveTask: Sep 04 14:04:43.431: 3c:06:30:1d:e1:02 Scheduling deletion of Mobile Station: reasonCode 2 (callerId: 45) in 10 seconds
*osapiBsnTimer: Sep 04 14:04:53.655: 3c:06:30:1d:e1:02 apfMsExpireCallback (apf_ms.c:688) Expiring Mobile!

Looks like it is a bug: CSCwa20143 : Bug Search Tool (cisco.com). If it is this bug, question is why 24 days and 25th day is the breaking point?

 

M1N10N
Level 1
Level 1

Workaround, In ISE Authorization access profile, enable reauthentication timer and set to lower than 65000. Issue fixed