cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2085
Views
15
Helpful
12
Replies

Automatic registration of the mac adress on wlc

salilai01
Level 1
Level 1

Hi evrybody,

     

At this moment, I'm working with an WLC 5508 and the authentication is done with Freeradius,till now every thing is working correctly, when I entered my radius login the connexion was successful; if I exceed the timeout session for expample 300 seconde (it was configured on  WLAN tab => advanced tab => Enable session timeout)

but my goal is:
to login for the first time on the wlc portal and after that I want that the controller be able to save my mac address and don't ask me to login another time => automatic connexion

There is also another possibility which is: to renew the request each year for example.

Thanks for any suggestion 

12 Replies 12

Eduardo Aliaga
Level 4
Level 4

are you using dot1x authentication for your wireless users ? or what kind of authentication ? To learn the MAC address you need profiling features. You can use PacketFence www.packetfence.org which is based on FreeRadius.

Please rate if this helps.

Hi eduardoaliaga,

Thank you so much for the suggestion, It could be a very good solution, but the problem is that I don't know how to do it all, have you any website that explain it easily and quickly? because I want to know how long it will take to be implemented and if there is a support help.

Amjad Abdullah
VIP Alumni
VIP Alumni

Hi Sali,

I am not sure if I understood correctly, but the WLC can not save the mac address or remember the credentials.

Once you get disconnected you have to connect back again. (that is done usually automatically without doing anything. when the session times out and if the supplicant is saving the credentials, the supplicant can usually configured to automatically connect to this WLAN).

The other option you can take is to disable or increase the session time out.

BTW, session timeout is by default 1800 seconds, not 300 seconds.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Hi Amjad,

I've changed the timeout session to 300 sec just for a test, but I think your proposition to disable the timeout could be a very good alternative :-)

Many thanks

Hello Sali, to register MAC addresses you need an advanced Radius server like PacketFence (which uses FreeRadius) or like Cisco ISE.

I guess you want to autodetect and auto register the MAC addresses of your wireless endpoints for a couple of weeks only (to give time to all endpoints to register) ad after that you will only permit access to those MAC addresses already registered, is that right ?

You can do that with both Cisco ISE and PacketFence, but since you tell me you already use FreeRadius, then I think it makes more sense to use PacketFence.

I have lots of experience with Cisco ISE. Now I'm testing PacketFence with a Cisco switch, next week I will test PacketFence with a Cisco WLC.

Insieme is the creator of PacketFence, if you need support you can contact them. They have several videos in youtube, like these :

http://www.youtube.com/watch?v=PrUjf0_s49Q

http://www.youtube.com/watch?v=MpBgnwp1qLI

Please rate if this is helpful.

Hello eduardoaliaga,

I'll test also the PacketFence on the Freeradius, it's seems very interesting, if you have any news about it let me know please

Thanks

Hi,

how was your test with PacketFence and wlc? any good feedback

Hi,

Just to know, if I disable the timeout on wlc, the iphone should not disconnect but this not happened, do you know why?

Thanks

The iPhone and iPad when the screen goes blank doesn't respond to the WLC. If you want to keep the client on the WLC, you need to increase the idle timer. The idle timer has to be less than the session timer.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Does any one have experience in setting these parameters (User idle timeout, session timeout, ARP timeout).

My goal is that the user has to enter his login AD only the first time (I use web authentication) , I tried to disable the session timeout but the problem remains.

If this is not possible to achieve, I want to increase as much possible the intervall of re-authentication.

Thanks

If you have the session timer disabled, then set the idle timer for 2 hours or 4 hours. This allows the user to take a long lunch and come back without having to log back in. You don't need adjust the arp timer.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Ravi Singh
Level 7
Level 7

Hello Sali,

To remeber MAC address you must need ISE or PacketFence because WLC does not store MAC address. If you want to learn how to configure PacketFence you can go to the below link

http://www.packetfence.org/documentation/guides.html

AND if you are interested in Cisco ISE than you can go to the bellow link.

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_preface.html

Review Cisco Networking for a $25 gift card