Re: WLAN with 802.1x

teddyhamster · ‎09-26-2012

Hi!

Since the sw upgrade to version 7.3.101.0 (wlc 5508) i have the following issue.

We have a WLAN with 802.1x (WPA2/AES) secured. Before the update the users need to enter user/ pw every time when they reconnect (WLAN switch off/ on again) to the WLAN.

Now the users don`t need to enter user/ pw when they reconnect to the WLAN.

I could not find any setting on wlc to clear this issue.

Thank you for your help!

Scott Fella · ‎09-26-2012

Is the device itself saving the credentials?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

George Stefanick · ‎09-26-2012

Good point from Scott. I would also get back to basics. Maybe try a new device, check the radius logs and see what is going on there as well. What supplicant is the wireless devices using ...

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

teddyhamster · ‎09-26-2012

I`m sure, that there are devices who try to save the credentials.

What i mean is, is there any way to force that users need to enter the credentials for every new connection?

George Stefanick · ‎09-26-2012

What supplicant are you using ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

teddyhamster · ‎09-26-2012

Radius server is a ACS 5.3.x

Clients are mobile devices like ipad 1, android..

teddyhamster · ‎09-27-2012

Is there no way?

Scott Fella · ‎09-27-2012

If you want to force them to enter credentials when logging on, then use webauth. I know in windows 7 you can force them to enter credentials every time, but that's on the client side and not very scalable.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

grabonlee · ‎09-27-2012

Scott is correct. You can only force the user to enter login credentials on the client side. This can be done by making sure the device is not set to automatically remember logon credentials.

teddyhamster · ‎09-27-2012

So i think there is now way, because the client devices are not managed (e.g. smartphones).

What i try is this setup:

Layer 2 Security:

WPA+WPA2

WPA2 Policy

AES

Authentication Key Management set to 802.1x

Layer 3 Security:

Web Policy/ Splash Page

...connection is working, but user don`t need to re enter credentials after reconnect (ipad; galaxy 3..)