01-31-2013 12:54 AM - edited 07-03-2021 11:27 PM
dear experts
we are authenticating our wireless gests via controller web policy
but with this method, users must login every day however in corp-wireless we can define the profile with necessary security settings so the client will connect automatically
is it possible the controller will remember of guest clients ?
01-31-2013 06:06 AM
When using WebAuth, the answer is no. The WLAN has a session timeout which is a hard timer and when this value expires the session is automatically terminated and the client has to login again. You can disable this feature, but then the idle timer is the next value that starts to count down when the device goes idle. You can adjust this, but I wouldn't adjust this value too high. 2-4 hours is what I use.
So basically users will have to login everyday.
Sent from Cisco Technical Support iPhone App
01-31-2013 01:16 PM
"If" you really need to allow these "particular" guests more permanent access-or at least without the hassle of logging in, not that it's "that" intense- but a Mac Filter Bypass for WebAuth is an "option" (just throwing this out there). I believe this was added in 7.0.116.0, however does not work properly for foreign/anchor scenarios until later releases
Not sure your current version, but this is from 7.2 config guide
http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_wlan.html#wp1662912
Again, this is an "option" you have, but you would need to make sure you add the desired guest/device MAC to your WLC's MAC Filter page and remove them when done.
You can configure a fallback policy mechanism that combines Layer 2 and Layer 3 security. In a scenario where you have both MAC filtering and web authentication implemented, when a client tries to connect to a WLAN using the MAC filter (RADIUS server), if the client fails the authentication, you can configure the authentication to fall back to web authentication. When a client passes the MAC filter authentication, the web authentication is skipped and the client is connected to the WLAN. With this feature, you can avoid disassociations based on only a MAC filter authentication failure.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide