We're seeing an issue where guest users connect via captive portal with MAC authentication, but then lose the connection at some point (it varies) and have to log in via the captive portal again.From testing that I've done, it seems that this will happen to an iOS device (I test with an iPad) when it goes into energy-saver ('sleep') mode; it will happen on my Android device if I roam between APs; a Windows 10 laptop appears to hold the connection througout the entire DHCP lease period, but I have had users see the problem on a Windows machine, too.
Our setup is IAP-305s and -315s connecting to S2500 MASs at the edge. ClearPass is the authentication server. (Note: we don't see this issue with 802.1X authenticated devices - those connections hold when roaming or going into sleep mode.) Guest logins get their IP address from our DHCP server, not from a scope configured on the VC.
I have opened a case with TAC, and both ClearPass and IAP technicians have been so far been unable to determine why this happens. The user is able to log back in and if they copied the generated password, they can paste it in, but it still requires putting in the user name (e-mail address) again. I don't think this should be necessary with MAC auth.
Any insights would be welcomed!