This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Wireless Client Disconnects After Captive Portal Registration

Wireless Client Disconnects After Captive Portal Registration

Anonymous
Not applicable

ā€Ž10-07-2017 01:12 PM

Hi,

This is probably a checkbox somewhere I can't find, but the symptom is that whenever a wireless client finishes the captive portal registration process for Guest Web Registration, it will disconnect the client and will not reconnect until I drop-out of the auto client pop-up, and then re-select the SSID again? It will then connect as it should and the correct NAC rule is applied prior to the disconnect?

The IP address is the same when unregistered as registered, just the registered device gets a policy that allows all, whereas the unregistered is redirect to NAC. The unregistered and registered policy both have the same contain to VLAN configuration.

The set up for the Guest VNS is B@EWC which goes out of the second eth port on the virtual wireless controller. This port is tied to an internet only vSwitch that's connected to the internet firewall and the second eth port on the NAC.

The wireless controller is running version 10.31.04.0009.

Not sure if anyone has had the same problem?

Many thanks in advance.
0 Kudos
7 REPLIES 7

Anonymous
Not applicable

ā€Ž10-08-2017 06:15 AM

Thanks for your posts.

Double checked the times on all the devices i.e both NAC's, EWC, NetSight and Switches. All are in perfect sync having used NTP.

Below is a screenshot of what I believe is the configuration outlined above but it looks like CoA is already enabled?

6d8b0f99a36b439f8ffcd9dae57f12e2_RackMultipart20171008-99917-1la3to8-WirelessPolicy_inline.png



NAC Version is 8.0.3.46.

Assume I'm in the right place?

Thanks
0 Kudos

Ostrovsky__Yury
Extreme Employee

ā€Ž10-07-2017 02:20 PM

I believe you are having timing issue. Please make sure that both - wireless controller and NAC are 100% in sync in terms of NTP . You can run ā€˜ntpq -pā€™ command on NAC as well as ā€˜dateā€™ to make sure the time is good. On controller -just check the current time in GUI , it should be exactly match the time on NAC. Other things mentioned by Ryan is also good thing to check - CoA and that client are not moving between different VLANs feom non-auth to auth state.
0 Kudos

Ryan_Yacobucci
Extreme Employee

ā€Ž10-07-2017 02:15 PM

Hey Martin,

As long as the client's IP address doesn't change between Unregistered and Registered you may be able to use CoA and prevent any wireless disconnect.

In NAC Manager --> Tools --> Management and Configuration --> Advanced Configuration --> Global and Appliance Settings --> Appliance Settings --> Default

In the "Reauthentication" tab edit the Extreme Identifi Wireless RFC 3576 configuration and make sure "Supports Change of Authorization" is checked.

With CoA NAC will send a CoA request instead of a "Disconnect' request to the controller on registration and there should be a policy swap instead of a disconnect and subsequent re-authentication to get the new policy.

This mechanism doesn't work well in any scenario where the end-system IP address moves from one network to another. The policy swap will perform a dynamic policy swap, so if the client gets an IP address in VLAN A and moves to VLAN B the client will have the wrong IP address in the new VLAN. The "Disconnect" mechanism causes the end system to perform DHCP again.

Thanks
-Ryan
0 Kudos
GTM-P2G8KFN