02-12-2016 02:53 AM - edited 03-10-2019 11:28 PM
I have a network with a centralized ISE server and several distributed WLCs, these controllers assigned IP, but they consult the user and password to the database server ISE 1.4 redirecting the users to sponsor portal. I have some problems with this:
1. the Network requests AUTHENTICATION every day when people connect and passwords are configured to remain 30 days. Why is this happening? and how I can fix it?
2. I have the ISE Cluster Server and Active passive, but the problem is, when the active server fails, the passive goes up but continues redirected to the IP of this portal to the firts server and shows misleads users.
How can I fix this to get high availability?
02-12-2016 09:12 PM
Hi Jean-
For #1:
- What do you have configured in your WLC for:
1. Controller > User Idle Timeout (Seconds)
2. WLANs > Name of the SSID > Advanced > Enable Session Timeout
- What attributes are you returning in the Authorization Profile for those users
For #2:
- What happens if you: Disable Client's wireless adapter > remove the client session from the WLC, re-enable the client's adapter and reconnect again?
- Do you have the ISE PSNs configured in a Node Group
- Under the WLC, what do you have configured for Security > RADIUS > Fallback
- Under the SSID, what do you have configured for Security > AAA Servers (attach screen shot)
- How is your DNS configured for resolving the PSNs to the Gust portal
I know there are a lot of questions but we need more details before we can help :)
Thank you for rating helpful posts!
02-15-2016 08:32 AM
thank you Neno, for you assap anwer,
The ISE 1.4 server is migrated from version 1.2 with an SSID do not ask credentials daily, only weekly or when you stopped connect to the network for more than three days, and controllers were had the same configuration, I mean I think, that the Parameters to the controllers are not.
I therefore believe that the parameter must be configured in the ISE. and these parameters have not found. Previous version was in a parameter of Client timeout in this not see it.
for part two. I think the problem is the DNS resolution, and that this network is not internal but it is not public. I will review it and respond well after.
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide