11-07-2019 01:02 AM - edited 07-05-2021 11:15 AM
Hi, i'm working in CWA deployment using WLC and ISE. It's works as expected but I have many problems with client disconnections issues.
This is the flow:
- Client connect to open ssid (hidden) and using MAB ISE show up a guest portal.
- When client is authenticated ISE send CoA to WLC and client is re authenticated.
- ISE permit access with a reauthentication timeout of 28800 seg.
The problem is that users report that need to reauthenticate again (guest portal) two or three times in this 8 hours
At WLC the configuration timers are:
Advanded-> Enable Session Timeout -> 3600
Client user idle timeout(15-100000) -> 14400
I have been able to try that reauth occurs when users roam from AP or when users go out (coffe break for example) and then back clients need to authenticate again via guest portal
¿With client idle timeout session is mantained for 4h when client idle?
How I can do more to adjust this timers and the client not need to re authenticate in 8hours
Thanks in advance
11-10-2019 03:17 AM
The Session-Timeout value that you see in the WLC's WLAN profile is the session timeout that applies to clients who have not passed the CWA Portal authentication (and that includes things like users who have not yet clicked on the AUP).
Once the guest is officially authenticated, ISE sends a CoA to the WLC and that triggers the client disconnection. The MAB auth will be sent to ISE again, and this time ISE will know this is an authenticated guest and this is the point where you should send the Access-Accept and Session-Timeout = 28800 ( 8 hours)
regards
Arne
11-11-2019 11:58 AM
Thanks Arne for the clarification, as I expected the configuration seens to be right.
In this case, the session-timeout in the WLC must be short for avoid clients to take long time wihout auth. As I said, clients report issues because the portal appears more than one time in this 8 hours.
What can I configure, test or change so that the user only has to authenticate once during that time?
Thanks in advance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide