For CWA, you need to put the MAC address into a guest endpoint group. Then, if the endpoint is in guest endpoint group, just put them on instead of the portal.
Way easier than LWA + sleeping client. Sent from my iPhone > On Sep 27, 2017, at 6:50 AM, Yahya M. Jaber <[email protected]> wrote: > > Hi, > > Thanks for that. > > I do use CWA with ISE. > The issue is not with the ISE, its with the WLC that by nature has the idle > timeout for 5 minutes. Then the client would have to re-auth as its no longer > on the WLC client list. > > For idle timeout...i am trying to find a sane value that would at least give > me good repots when needed...but I think I'll go with LWA+AUP and sleeping > client. > > Yahya Jaber. > Sr. Wireless Engineer > IT Network & Communications – Engineering > Building 14, Level 3, Rm 308-WS07 > KAUST 23955-6900 Thuwal, KSA > > Email [email protected] > Office +966 (0) 12 8081237 > Mobile +966 (0) 558697555 > On Call Rotation Mobile: +966 54 470 1177 > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Joachim Tingvold > Sent: Wednesday, September 27, 2017 3:44 PM > To: [email protected] > Subject: Re: [WIRELESS-LAN] Wi-Fi Request for University Conference event > >> On 27 Sep 2017, at 14:17, Yahya M. Jaber wrote: >> - Would give up my guest SSID through ISE. As still there is no >> feature to increase the idle timeout on the WLC “like the sleeping >> client” which will stop users from complaining about the constant >> login once they go idle “”especially iPhone that turns off WiFi after >> sometime when its on the lock screen!!””…I know that I can increase >> the idle timeout, but that would prevent getting real client count >> from the WLC and PI and might affect the client WLC DB. >> - Would use simple AUP guest SSID with sleeping client timer of 1-4 >> days. > > Hi, > > You should look into CWA (Central Web Authentication), if that’s not already > what you’re looking into. Then you can use MAC-caching, where you can set the > time for how long they should he allowed into the network before needing to > re-enter the username/password. Hence, you can set the idle-timeout to a more > sane value. CWA works with most RADIUS servers (i.e. you don’t specifically > need ISE). > > -- > Joachim > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/discuss. > > ________________________________ > This message and its contents including attachments are intended solely for > the original recipient. If you are not the intended recipient or have > received this message in error, please notify me immediately and delete this > message from your computer system. Any unauthorized use or distribution is > prohibited. Please consider the environment before printing this email. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/discuss. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
