05-01-2012 12:13 PM
Users have been experiencing issues with maintaining connectivity when using the guest network. They are directed to the captive portal and authenticate fine. Once the user authenticates they browse the web and can ping internet IP's without issue. Suddenly after working fine for 20-40 minutes they can't access the internet or ping any internet IP's. When this occurs they are still connected to the SSID and all appears normal. I experienced something similar on our corporate SSID and resolved it by removing the layer 3 IP on the controller for the VLAN because it already had a layer 3 ip used as a gateway on an upstream switch. I cannot do the same for guest because it requires L3 for cp redirect to work. I am not sure that is even the issue. Has anyone had any similar experiences?
05-01-2012 12:43 PM
I have not seen that in my guest network. What role do you see those users in after that 20-30 minutes and they stop working properly? Is it the authenticated role, the non-authenticated role, or something else?
05-01-2012 03:02 PM
The appear to be in the same role as when they were functioning. I am lookig at my config and see that this VAP does have broadcast-filter all and broadcast-filter arp applied. I notice my other VAP's do not. I do not recall what these commands were used for, any input on what the filters accomplish?
wlan virtual-ap "SDX-GUEST-vap-profile"
05-01-2012 05:05 PM
- drop-broadcast all drops all broadcast / multicast traffic on a VAP except for DHCP broadcasts.
- drop-broadcast arp converts the ARP request to unicast ARP request (on that VAP) if the target IP/mac are part of user table and station table.
I don't see these Knobs causing the issue your encountering.
05-02-2012 08:35 AM
It appears it may be related to inactivity leading to authentication timeout. The issue is it is not graceful. The user still appears in the user-table in the authenticated role however they need to disconnect from the SSID and open a web browser again to be directed to the CP for authentication. This appears only to happen after the laptop is left idle. It seems like the controller should change the user role accordingly. Can anyone weigh in on how their guest network handles this?