Hello,
At a customer, I'm doing CPPM 6.7.5 integration with Cisco Switching and WLC. I've followed Tim's Wired integration guide, but I'm observing a few strange things in what regards web page authentications with mac caching.
For reference, I have a MAC Address Authentication service that redirects to the web portal by default. Then I rely on the webportal service to update the endpoint attributes (Guest Role and User ID) and send a CoA to the switch (I'm using reauthenticate session instead of terminate).
Once the CoA is done, the MAC address authentication should look at the updated endpoint attributes and apply the final enforcement profiles.
What I'm observing is that the endpoint update is not immediate and as the CoA (reauthenticate session) is sent, the switch immediately authenticates the mac address again, but as the endpoint attributes didn't change (yet) I'm stuck in a redirection loop.
If I remove my cable and reinsert I'm then properly authorized, but because in that time the endpoint update has been done.
I've fiddled with the CoA delay settings at the server level as well as the redirect delay on the web page but it still takes 18 sec to get something stable.
I've also reduced the eager poller timer from 30 sec to 15.
My questions are:
- is it normal that the endpoint update takes so long (a few seconds?)
- it that process synchronous, or does it depend on a periodic timer to run?
- would changing the CoA type from reauthenticate to terminate or bounce change anything? I'll also have IP Phones on the deployment with potential hosts attached to them, what would be the impact?
Any assistance or suggestion is welcome.
Regards
Gustavo