Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
1
Helpful
4
Replies

Reauthenticate users every 60s for Guest users

Go to solution
M1N10N
Level 1
Level 1

‎09-05-2024 08:31 PM - edited ‎09-05-2024 08:58 PM

• Guest users were able to connect to the SSID and gaining network access by providing code using CWA, but after 60s network is getting disconnected and redirected CWA for reauthenticate. 
• When users are created using sponsor portal via ISE 3.1 patch 6. If user with 24 day or less duration works without any issue, but when guest user duration configured with 25 days or more issue appears. We are using cisco wireless controller 5520 version 8.10.196.0.

Does anyone face this kind of issue?

Preview file
36 KB
1 Accepted Solution

Accepted Solutions

Go to solution
M1N10N
Level 1
Level 1

‎09-10-2024 04:02 AM

Workaround, In ISE Authorization access profile, enable reauthentication timer and set to lower than 65000. Issue fixed

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-05-2024 10:53 PM

Looks for me some kind of bug as per information, have you tried collecting the debug logs from WLC and looked at ISE what is the reason its going to ask re-authentication.

is this for all devices of guest or any specific devices ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎09-05-2024 11:23 PM

It is two issue or one 

Can you more elaborate 

Thanks

MHM

0 Helpful

Go to solution
M1N10N
Level 1
Level 1
In response to MHM Cisco World

‎09-06-2024 01:40 AM

It is one issue the behavior is If we create guest user via ISE sponsor portal with maximum duration of 24 days, it works no issue. But if we create guest user more than 25 days, users able to authenticate via CWA but within 1min reauthentication message appears.

WLC packet capture I saw this output: 

*apfReceiveTask: Sep 04 14:04:43.431: 3c:06:30:1d:e1:02 apfMsExpireMobileStation (apf_ms.c:8148) Changing state for mobile 3c:06:30:1d:e1:02 on AP 5c:e1:76:1a:07:e0 from Associated to Disassociated

*apfReceiveTask: Sep 04 14:04:43.431: 3c:06:30:1d:e1:02 Scheduling deletion of Mobile Station: reasonCode 2 (callerId: 45) in 10 seconds
*osapiBsnTimer: Sep 04 14:04:53.655: 3c:06:30:1d:e1:02 apfMsExpireCallback (apf_ms.c:688) Expiring Mobile!

Looks like it is a bug: CSCwa20143 : Bug Search Tool (cisco.com). If it is this bug, question is why 24 days and 25th day is the breaking point?

 

0 Helpful

Go to solution
M1N10N
Level 1
Level 1

‎09-10-2024 04:02 AM

Workaround, In ISE Authorization access profile, enable reauthentication timer and set to lower than 65000. Issue fixed

0 Helpful
Customers Also Viewed These Support Documents