Security

Hi,

I have 3 MC on the network. The client move from MC1 -> MC2 -> MC3. It's will redirect to the captive portal to authenticate.

Can I fix this problem about the captive portal authentication when the client moves to other MC

Cluster Connection Types: L2 Connected
3 MC on Clusters
AOS 8.3.0.5
Redundancy: Enable
AP Load Balancing: Enable

The user should never move to another MC in a cluster.  It always should remain on the same controller, no matter what access point it roams to.

On the MM, the command 

show global-user-table list

should show you what controller a user is on.  It should not change, in a cluster.  If your user has to reauthenticate, your cluster might be misconfigured.

SSH into any controller in your cluster and type "show lc-cluster group-membership" to see if they are fully clustered.

I have checked the cluster as below. I think it fully clustered. Any another point to check this problem

I would turn on user debugging for that user at the cluster level to understand why the user is being returned to the captive portal.

config t

logging level debugging user-debug <mac address of user>

You would then do "write mem" on the MM

SSH into the MD with the user on it and type "show log user-debug all" to see why the user is being returned to the logon role 

Hi,

I have test again by walking around my office to check this problem. It does not occur if the client is in coverage of WiFi signal.
The client will re-authentication when out of WiFi coverage. I have attached debug log.

The idle timer change to 0 sec when client out of coverage.

Jan 30 16:10:12 authmgr[4019]: <522234> <5221> <DBUG> |authmgr| Setting idle timer for user d0:c5:f3:18:90:71 to 0 seconds (idle timeout: 900 ageout: 1000).

How I can fix this problem?

Attachment(s)

log-dis.txt   9 KB 1 version