03-06-2014 05:32 AM - edited 03-10-2019 09:30 PM
Good Afternoon,
Am using ISE 1.2 to authenticate guest users on the WLC.
I created a sponsor account that creates guest credentials (username and password) and a time profile of 8hours, 24hours, 1week, 1month and 3months repectively and it worked fine.
Recently, it accepts the guest credentials and gives access to the network for about 2 to 3 minutes before it terminates the session and asks the user to re-authentication on the guest portal. This continues repeatedly irrespective of the time profile i choose. Moreover, every other users aside from the Guest users authenticate on the ISE without such challenge.
Thanks for ur suggestions in advance.
03-06-2014 06:38 AM
Hi Joseph,
As shown in below screen shot , For Authz profile that these guest are hitting there is a default session timeout value set for re-authentication and also there is a attribute to maintain connectivity .
Maintain Connectivity During Reauthentication has two option :
Default :- If you set this option , it will take the CoA action 'Terminate'
Radius-Request :- If you set this option , it will take the CoA action 'Re-auth'
Can you please check if these values are intact to your configuration.
03-07-2014 01:06 AM
Hello nginjupa,
Thanks for the assistance, however, am not using the reauthentication option in the Authz profile. Am using a DACL name of which i have create the access-list on the Downloadable ACLs. This is used to push down the access-list to the switch and the WLC.
It still gives access to the network after authentication by the guest user, but knocks the user off after about 3 - 5 minutes. That is, the user will have to re-authenticate again with the same credentials and the problem re-occur again over and over.
See below the screen shots for both the Authz profile and the Authz policy.
03-11-2014 06:19 AM
08-12-2014 02:02 AM
Hi Guys,
I am also facing the same issue as we have updated the image to 1.2.1 and usinf cwa ( mac filtering ) on wlc, session time 1800 on wlc.
But still after 5-6 min guest user asking for username and password to guest redirection url.
Can anybody gives me the solution for the same.
Thanks & Reagrds
Pranav
08-12-2014 02:44 AM
It is a software bug on the wireless controller software 7.4MR2. You need to open a TAC case and request an engineering release from Cisco that contains the fix. The fix was put in 7.4.121.17
09-12-2016 05:22 AM
same issue, I have tried to configure both the radius attributes Radius:Idle-Timeout and Radius:Session-Timeout. Bot hhave been set to 1900.
I keep being disconnected around 10 min after the iphone goes to sleep.
Could you show us your authorization profile ?
09-12-2016 05:28 AM
What version of software are you running on your wireless controllers?
09-12-2016 09:44 AM
8.0.133 on both the foreign and anchor controllers
I have been told we can configure the user idle time out per SSID on 8.1
03-07-2014 08:56 AM
Hi ,
Its worth checking SSID setting in - > advanced - >Enable Session Timeout . Hope the value configured around 1800 ..
03-09-2014 02:22 PM
You might start by doing a debug client <mac> and see on the WLC what causes client disconnection.
Also make sure you are running a recent version of the WLC as there could be some issues.
Check also what is the Policy state of the client after web auth. It should move from WEBAUTH_REQD to RUN (you can see this in the monitor > Client menu). WLC will expire all clients that are in WEBAUTH_REQD state after 10 mn.
03-12-2014 03:15 PM
Hi!
I have the same problem since yestarday because I have updated the wlc to 7.4.121 and the Ise to patch6-Meanwhile I am thinking that could be a bug or a change in the default properties-I don´t know.
I hope somebody can solve the problem-otherwise I should open a case.... :(
regards alex
03-20-2014 05:14 PM
09-26-2014 04:16 PM
I had the same problem. I have vWLC and 2500 series WLC. The bug CSCul43158 Was fixed.
I upgrade from 7.6.100 to 7.6.130.0 and the problem was fixed. Now the wireless is working fine.
03-13-2014 11:45 AM
check the WLC for time out value if no change has been made on ISE since last deployment.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: