02-27-2013 10:03 AM - edited 07-03-2021 11:38 PM
I am trying to setup a scenario where a user logs in via Web Auth and witha successfull connection the Mac Address is remembered for 7 days. That way if the user connects again during the course of 7 days they aren't required to authenticate via web auth again they just get access. After 7 days they will need to login again through the web auth. Similar scenario to what you see at a Hotel wireless network. Anyone know how I would go about setting up the dyanmic mac filtering and set the timer for 7 days? With that said I want it to be for a single SSID.
Solved! Go to Solution.
02-27-2013 10:30 AM
Not possible.... the reason being is the max timer for the session timeout on the guest WLAN. Also when the user sits idle, the idle timeout start counting down. So having the WLC remember the mac address and allow x number of days before having to log back on, is not possible.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
02-27-2013 10:30 AM
Not possible.... the reason being is the max timer for the session timeout on the guest WLAN. Also when the user sits idle, the idle timeout start counting down. So having the WLC remember the mac address and allow x number of days before having to log back on, is not possible.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
02-27-2013 12:21 PM
That's what I was afraid of. But kind of what I thought based off some of the research I have done.
02-27-2013 12:37 PM
Yeah it been asked many times so maybe one day it will be possible.
Sent from Cisco Technical Support iPhone App
02-27-2013 12:43 PM
well, it's not possible with just the WLC.
You can do it, but you need to have a way to pull the MAC address from the webauth page, and insert that into a LDAP db, which you control the age out process in.
Then on a subsequent visits they get mac-authed instead of having to re-accept the page.
in the webauth config you would check the On MAC filter failure box.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
02-27-2013 12:54 PM
Yes so that is kind of what I will do with ISE. I just won't be able to age out the device from the db automatically. It will have to be a manual process from my understanding with the latest version of ISE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide