We use a CCR with hotspot which in turn communicates with a radius server. Sometimes there is an odd problem where a user who's already authenticated will go away for a while then when they come back, they can't surf (they have a valid IP but the feedback is no pages will load and they can't get back to splash page). The workaround is to delete their MAC cookie and bypass them in IP bindings. I noticed in the logging (when radius debug enabled) Every user who's already authenticated uses MAC cookie to log back in. Users who have authenticated with a code on the CCR (no radius) log back in right way with no trouble, but every user who has authenticated through the radius server tries to log in by MAC cookie but then the CCR sends a new request to radius and the CCR and Radius begin handshaking. I'm wondering if there's a way to tell the CCR to NOT talk to Radius server if user has already logged in and just use the MAC cookie on the CCR without going to Radius? I know the bigger issue is why can't a user surf when they return but I think if the CCR handles all re-authentication request after initial login, the issue can be solved.
Hope this makes sense.