If the question isn't related to the lab, you can use ISE with device registration feature. The logic is quite simple: firstly we use MAB, if the device's MAC isn't in the database, switch to CWA (Central web auth). After successful web auth we store device's MAC address and use MAB which is transparent to the user... Just another look to the problem...
From: [email protected] [mailto:[email protected]] On Behalf Of Jason Boyers Sent: Sunday, July 22, 2012 9:40 PM To: Oliver Jancevski Cc: [email protected] Subject: Re: [OSL | CCIE_Wireless] Web authentication timeout Technically, the User Idle Timeout applies to all users. So, by default, if a MAC address doesn't send traffic for 300 seconds, that device is removed from the Client list and would require a reauthentication when reconnecting. You can increase that timeout to try to cover the scenario you are describing. There are 2 things to keep in mind eith this. The longer the timeout value, the more clients are held in the list. So, you increase the risk that you will max out on clients for the WLC. Second, iPads (and possibly iPhones) send an active deauthentication when they go to sleep or hibernate. So, they will be removed. As Oliver said, there is also the WLAN Session timeout, which requires a reauthentication at the timeout value. So, adjust that value to also be greater than the expected time that the clients will not be on the network. This value is for all authentication types, but Open simply continues as is, while PSK will negotiate a new PTK at that time (without client intervention.) Jason Boyers On Jul 22, 2012 11:03 AM, "Oliver Jancevski" <[email protected]<mailto:[email protected]>> wrote: First, I took liberty to change the subject ;-) Depending what kind of authentication you are using for guest access, there are following timers on the WLC itself that you can increase: 1. Open/PSK - User Idle Timeout - (Contoller>General). Default is 5min 2. EAP - Session Timeout - (WLAN>Advanced). Default it 30min. In this case the shorter of two takes presedence. Aditionally if adding guest user on the WLC verify Guest Account timeout, or specific EAP timer on the AAA server. Regards, Oliver --- On Sun, 7/22/12, Manolo Encelan <[email protected]<mailto:[email protected]>> wrote: From: Manolo Encelan <[email protected]<mailto:[email protected]>> Subject: Re: [OSL | CCIE_Wireless] AAA override and HREAP To: "Victor Platov (viplatov)" <[email protected]<mailto:[email protected]>>, "Anton L. Vinokurov" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Received: Sunday, July 22, 2012, 7:40 AM Hi all, Got a quick question regarding the authentication of a user to WLC using the web authentication. Scenario: Using smartphone, customer already connected to the network. After going out for a while and leave the network user will be again asked to re-insert his username and password. Do we have a way to make the smartphone reconnect to the network without the authentication again like a normal laptop? Tried several times with iphones, samsung and blackberry with NO luck. Tried to check the controller if we can tweak. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
