Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
2
Helpful
6
Replies

Cisco WLC 9800 and Central Web authentication

Go to solution
Harutyun Hakobyan
Level 1
Level 1

‎08-29-2024 12:33 AM

Hi All,

On Cisco WLC 9800 for Guest authentication external web portal authentication (non Cisco) is used. On web portal sponsor can approve for example 7 days for guest, however Guest wireless connection asks every day for authentication.

I increased "Sleeping Client Timeout" from default 720 minutes to 7 days, however that did not help. On policy config "Session Timeout" is default 86400 sec, which is max possible value and "Idle Timeout" is default 300 sec.

What other timing parameter can be changed, that during 7 days approved Guests can connect without new authentication?

Thanks

 

 

 

1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎08-29-2024 03:50 AM

 

  - I doubt it's even possible ; general settings are discussed here (indeed) : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#clienttimer

   + The question is  : does it make sense in security terms , especially for guests. I would consider each day a 'security minimum' to avoid irregular use , devices being passed on to 'unknowns' for malicious use , etc (?)

 M,.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

0 Helpful
6 Replies 6

Go to solution
marce1000
VIP
VIP

‎08-29-2024 03:50 AM

 

  - I doubt it's even possible ; general settings are discussed here (indeed) : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#clienttimer

   + The question is  : does it make sense in security terms , especially for guests. I would consider each day a 'security minimum' to avoid irregular use , devices being passed on to 'unknowns' for malicious use , etc (?)

 M,.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Rich R
VIP
VIP

‎09-01-2024 12:06 PM

Agreed with @marce1000 - it's not possible to do with timers.
You would need to use a solution which supports MAC auth so that the client MAC is remembered and automatically authenticated on successive visits till expiry.
This is a standard feature offered by most WiFi portal services.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎09-01-2024 12:09 PM

I see your post I will update ypu tomorrow if you want to waiting 

Thanks 

MHM

0 Helpful

Go to solution
Harutyun Hakobyan
Level 1
Level 1

‎09-06-2024 06:07 AM

Update: after increasing "Sleeping Client Timeout" more than 1 day, some users reported, that they had Guest connection in the next day without reauthentication.

Go to solution
MHM Cisco World
VIP
VIP
In response to Harutyun Hakobyan

‎09-06-2024 06:12 AM

But you mention that you increase sleep timeout to 7 days 

Can you more elaborate 

Thanks 

MHM

0 Helpful

Go to solution
Harutyun Hakobyan
Level 1
Level 1

‎09-06-2024 06:39 AM

Actually need some time for more Guest users results.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card