04-16-2012 09:22 AM
Is it possible?
We are presenting guest SSID users a Captive Portal, with a guest only "authentication", meaning an agreement to AUP. This is all working nicely.
It has been requested to re-present that page at an interval - say 90 or 120 minutes. I cannot seem to be able to configure this - is it possible?
I know about the User Idle timeout value and the Logon User Lifetime, but I belive the latter only applies to pre-authenticated users. If I am understanding correctly, a Guest user who has logged on using captive portal (even as a guest) is still "authenticated", so would not apply. Is this true or do I have it not quite right?
04-16-2012 11:16 AM - edited 04-16-2012 11:16 AM
I think you are going to get a lot of complaints is doing something like this. As the user will have to accept and whatever they were doing just got killed by having to reauthenicate.
Can you give a little more details on why you would want to present them with the AUP page every X minutes?
04-16-2012 12:24 PM
It has been discussed as a re-education tool. Our prevous guest network was open with no captive portal. Students (and facstaff) had no reason to connect to anything else. We are encouraging people to move to our WPA2 profile. Our guest captive portal would either let them stay on as a guest (with re-auth) or direct actual users through an onboarding (to WPA2 SSID) process.
Our thinking was that true guest/temporal access was primarily used for meetings, and forcing a guest "re-auth" during this interval would be acceptable for free usage.
04-16-2012 01:27 PM
You’re looking for behavior modification..
We have used BW contacts for guest account for the very same thing. We make the guest connections usable but don't let them have as much BW as they would like. Every school that I have worked with has BW issues with students. This helps ensure guest don't take to much BW and get students to move to your preferred SSID.
As far as the AUP popping back up. I still think your going to get in to bad light when someone is downloading a large file, the system
kicks them out to accept the AUP but what they were almost done with a large download now they have to start over.
04-17-2012 06:39 AM
Agreed, regarding Behavior modification.... we were just kicking this around as an idea.
I just found out this is possible per user role, under re-authentication timeout. Missed it the first time through.