I don't know if this bug is

dirks_2 · ‎04-16-2014

We have Wifi deployment with ISE 1.1.4 authenticating our guest users through CWA.

Whenever a client looses connection for a short time they need to reautenticate by putting in their username and password again.

This is very annoying. Is ther a solution/best practice for this problem?

Venkatesh Attuluri · ‎04-22-2014

Activated Guest can cache their credentials via dot1x supplicant instead of having them login to guest via redirection every time they connect to the network

deepuvarghese1 · ‎06-25-2014

Hi Vattullu

We have ISE 1.2 in production. For guest users we are using centralized web authentication. Users can successfully authenticate and able to access internet. But after a certain period of time (eg.15 mins) they loose connectivity to internet but still they are connected to guest SSID. They can re authenticate with the same credentials but again after a certain period they need to re authenticate.

We have set time profiles in ISE as 2 hrs, 4hrs and 8 hrs. I have checked the WLC configuration in for guest SSID and the session timeout tab was already disabled. Is there any settings in ISE that we are missing?. Please advise.

Emerson Rodrigues · ‎06-25-2014

What version of WLC are you using?

deepuvarghese1 · ‎06-25-2014

version: 7.6.100
Model: 5508

Emerson Rodrigues · ‎06-25-2014

You should upgrade your WLC

https://tools.cisco.com/bugsearch/bug/CSCul43158

deepuvarghese1 · ‎06-25-2014

Thanks..

What about if we use the web authentication of WLC and not with ISE.

Is that a bug of controller or integration with ISE?

Emerson Rodrigues · ‎06-25-2014

I don't know if this bug is related to ISE.

Please, create a new SSID and test without ISE.

deepuvarghese1 · ‎12-14-2014

Hi Team,

We have upgraded the WLC from 7.6.100 to 7.6.130 but the issue still persist. Anybody can help on this??

https://tools.cisco.com/bugsearch/bug/CSCul43158

jan.nielsen · ‎12-14-2014

This is not a bug, it happens because there are timers on a WLC, that when they expire, or when a device actively disassociates from an ssid, will get removed from the WLC, and the next time you connect, a new session is created, and as such must be autheticated in ISE. You can change the timers on the SSID and globally, which is default set to 300 secs.

bhose · ‎12-14-2014

Rather than setting the session timeout globally, you can set it via RADIUS in the AuthZ policy. We use this to stop Guest users from having to re-auth everytime they disconnect fro the wireless, works well

deepuvarghese1 · ‎12-29-2014

This worked |||||....Configured the Radius: Session and Idle time out and everything goes smooth. Thanks for the solution provided.

abwahid · ‎07-24-2014

Hi,

Try by creating new time profile and set the time duration 8 hr and account type from login.

and then check guest user that login as per this time profile, is that still face the same issue or not.

evanspall · ‎06-25-2014

I have been getting similar problems with the ISE Guest function in 1.1.4. I am on the WISM2 controller on version 7.4.110 (unlike OP who is on 5508)

I'm in the process of setting up an alternate ssid to make guests use the dot1x supplicant to authenticate as opposed to the portal (much like vattullu's suggestion), but this doesn't work for un-activated guests.

Wifi Guests need to reauthenticate when loosing connection