04-16-2014 12:27 AM - edited 03-10-2019 09:38 PM
We have Wifi deployment with ISE 1.1.4 authenticating our guest users through CWA.
Whenever a client looses connection for a short time they need to reautenticate by putting in their username and password again.
This is very annoying. Is ther a solution/best practice for this problem?
04-22-2014 09:07 PM
Activated Guest can cache their credentials via dot1x supplicant instead of having them login to guest via redirection every time they connect to the network
06-25-2014 06:42 AM
Hi Vattullu
We have ISE 1.2 in production. For guest users we are using centralized web authentication. Users can successfully authenticate and able to access internet. But after a certain period of time (eg.15 mins) they loose connectivity to internet but still they are connected to guest SSID. They can re authenticate with the same credentials but again after a certain period they need to re authenticate.
We have set time profiles in ISE as 2 hrs, 4hrs and 8 hrs. I have checked the WLC configuration in for guest SSID and the session timeout tab was already disabled. Is there any settings in ISE that we are missing?. Please advise.
06-25-2014 06:52 AM
What version of WLC are you using?
06-25-2014 07:02 AM
version: 7.6.100
Model: 5508
06-25-2014 07:11 AM
You should upgrade your WLC
https://tools.cisco.com/bugsearch/bug/CSCul43158
06-25-2014 07:24 AM
Thanks..
What about if we use the web authentication of WLC and not with ISE.
Is that a bug of controller or integration with ISE?
06-25-2014 07:29 AM
I don't know if this bug is related to ISE.
Please, create a new SSID and test without ISE.
12-14-2014 12:59 AM
Hi Team,
We have upgraded the WLC from 7.6.100 to 7.6.130 but the issue still persist. Anybody can help on this??
https://tools.cisco.com/bugsearch/bug/CSCul43158
12-14-2014 11:09 AM
This is not a bug, it happens because there are timers on a WLC, that when they expire, or when a device actively disassociates from an ssid, will get removed from the WLC, and the next time you connect, a new session is created, and as such must be autheticated in ISE. You can change the timers on the SSID and globally, which is default set to 300 secs.
12-14-2014 12:45 PM
Rather than setting the session timeout globally, you can set it via RADIUS in the AuthZ policy. We use this to stop Guest users from having to re-auth everytime they disconnect fro the wireless, works well
12-29-2014 10:54 PM
This worked |||||....Configured the Radius: Session and Idle time out and everything goes smooth. Thanks for the solution provided.
07-24-2014 04:46 AM
Hi,
Try by creating new time profile and set the time duration 8 hr and account type from login.
and then check guest user that login as per this time profile, is that still face the same issue or not.
06-25-2014 09:45 PM
I have been getting similar problems with the ISE Guest function in 1.1.4. I am on the WISM2 controller on version 7.4.110 (unlike OP who is on 5508)
I'm in the process of setting up an alternate ssid to make guests use the dot1x supplicant to authenticate as opposed to the portal (much like vattullu's suggestion), but this doesn't work for un-activated guests.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide