09-04-2013 12:45 AM
i want to know, which role i have to select in the internal db, logon or authentication ?
Now the Major Problem is, I have entered the username/password MAC in the internal db and also the enable the this user, sometimes this user is able and sometimes unable to browse and when i disable this user it still able to browse.
I disabled this user, after 30 secs i have again enabled this user , now is there any specific time period when user session is proper established again and able to browse ? because after 30 secs i am unable to browse.
kindly help me in this regard
Solved! Go to Solution.
09-04-2013 03:04 AM
The best way to configure the initial role for mac authentication is "Denyall" role. Create the customized role and write the acl "any any any deny" so that if the user failed the mac authentication; will not be able to pass any traffic until the mac address being authenticated against the internal db of the controller.
Normally, by default when the mac-auth failts you will go to logon role which contains the captive portal acl for the user to get the redirection CP page. Again logon role should contatin the captive portal mapped to it in order to avoid the "web authentication disabled" message.
It depends on what you want. Either you can force them to put the user on logon when the mac auth fail or place the user on denyall role to block all traffic.
Hope this helps. Thank you.
09-05-2013 01:02 AM
Thanks for the valuable information. I have facing the same problem
we have implemented MAC based authentication with initial role "logon" so that if mac authentication is failed the user is redirected to captive portal page.
In our case when mac authentication failed the user get CP page properly and when it enter "Email address" ( we we have applied only guest login) the same page of web authentication is disable has shown although user gets authentication role and start using service but whenever a user user sees CP page it always see web authenticated page for a moment.
Please also note that we have disable welcome page as well
Please advice how to resolve this issyu.
Syed Murad Ali
ACMP ACMA CCNA