Wireless lan Controller Session timeout and lwapp question

Unanswered Question
Mar 8th, 2010
User Badges:

Hello, I am a bit confused about the session timeout value  found in Wlan>advanced tab. our setting is set to 1800 which is the default. Our vendor just told us that this could be causing the client disconnect that we are seeing.  I was under the impression that if a wireless client is connected and active it would not time out unless it is idle for longer than a give time. Can someone please explain what the WLAN session timeout vlaue affects...

Question Q2

Our ventor also indicated to us that the LWAP was used for routing traffic through the WISM.   Our LWAPP is a layer 3 lwap.  we are using DIstributed MA-850.  Can the LWAPP tunnels cause client timeouts.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Kayle Miller Mon, 03/08/2010 - 13:31
User Badges:
  • Silver, 250 points or more


     In response to Question #1, the session timeout means that your authenticated user session expires in 1800 seconds, it is not an activity or idle timeout.  So depending on your authentication method, this could cause your client to disconnect, I typically set this to 28800 (8 hours) unless the client has a specific requirement to re-authenticate more often.

     In response to Question #2, the LWAPP tunnel that is built between the controller and the access point is used for all traffic between the Access point and the controller (Data, Management, Client). When a client attaches to a LWAPP AP their traffic is sent to the controller thru the LWAPP encapsulate tunnel, when it reaches the controller, it then routes the data and puts it onto the actual wired network, and data sent from the wired network to the client is sent to the controller, then encapsulated in the tunnel to the AP, and then the AP sends it to the client.

     The only exception to this is when you have an access point in H-REAP mode and have the WLAN terminating locally. In this case the Management traffic is sent via the LWAPP tunnel, but user traffic is terminated locally on the switch and routed as if it were a wired client.

Hope this helps answer your questions.. Feel free to rate this answer.



BRYAN FORD Wed, 08/19/2015 - 10:44
User Badges:

I know this an old post but we are testing the session timeout on the Wireless Controller if we disable the timeout will that have any adverse affects. They were set to re-authenticate every 30 minutes not sure what the magic timeout should be but we thought we would test without any. 



BRYN JONES Tue, 03/09/2010 - 05:53
User Badges:

From this document:

(Page 13)

The Session Timeout is the maximum time for a client session with the WLC. After this

time, WLC de−authenticates the client, and the client goes through the whole authentication

(re−authentication) process again. This is a part of a security precaution to rotate the

encryption keys. If you use an Extensible Authentication Protocol (EAP) method with key

management, the rekeying occurs at every regular interval in order to derive a new encryption

key. Without key management, this timeout value is the time that wireless clients need to do a

full reauthentication. The session timeout is specific to the WLAN. This parameter can be

accessed from the WLANs > Edit menu.

mmangat Tue, 07/16/2013 - 19:16
User Badges:


By default, the session timeout parameter is configured for 1800 seconds       before a reauthentication occurs.

In order to access the session timeout parameter, click the       WLANs menu in the GUI. It displays the list of WLANs       configured in the WLC. Click the WLAN to which the client belongs. Go to       the Advanced tab and you find Enable Session       Timeout parameter. Change the default value to 180, and click       Apply for the changes to take effect.

When sent in an Access-Accept, along with a Termination-Action value of       RADIUS-Request, the Session-Timeout attribute specifies the maximum number of       seconds of service provided before re-authentication. In this case, the       Session-Timeout attribute is used to load the ReAuthPeriod constant within the       Reauthentication Timer state machine of 802.1X.

For more details please check the following cisco doc:


Hope this helps!


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode