Security

We recently rolled out several Instant deployments throughout the enterprise and we are using an external captive portal for authenticating our guest users at each location.  The authentication component is all working fine.  However, we are receiving reports from users across different offices and geographic regions that after their device has been idling for a while (laptops, Android/iOS), upon resuming usage of the device, they are being redirected to the captive portal for authenication again.

 

We have made tweaks to the inactivity timeout, disabled the option to deauthenticate inactive clients, as well as changing the reauthentication interval (setting it to hours instead of seconds or minutes), but nothing seems to be making any difference.  Anecdotal evidence seems to indicate that a device idling for about an hour would get prompted to re-authenticate again upon "waking" up.  This issue seems most prevalent when users close their laptops to step out for lunch.  Upon returning, they are prompted to authenticate again.

 

We are new to Aruba wireless (formerly had Cisco), so is there anything else we can check or tune to address these issues, or is this normal expected behavior?

What is your external captive portal solution? You need to leverage some
type or pre-authentication to so the IAP knows the user is still valid. With
ClearPass, this is known as MAC-caching.

Hi Tim,

 

Thanks for your reply.

 

We are not using ClearPass.

 

We have an IIS webserver presenting a custom portal page and passing the username/password to the IAP (backend is RADIUS) via a pre-authentication role.  In the absense of having ClearPass, is there any workaround that we can utilize?  Would using the internal captive portal make a difference?

 

Thanks,

John