Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
35529
Views
20
Helpful
6
Replies

Wireless lan Controller Session timeout and lwapp question

janet.maxwell
Level 1
Level 1

‎03-08-2010 01:11 PM - edited ‎07-03-2021 06:35 PM

Hello, I am a bit confused about the session timeout value  found in Wlan>advanced tab. our setting is set to 1800 which is the default. Our vendor just told us that this could be causing the client disconnect that we are seeing.  I was under the impression that if a wireless client is connected and active it would not time out unless it is idle for longer than a give time. Can someone please explain what the WLAN session timeout vlaue affects...

Question Q2

Our ventor also indicated to us that the LWAP was used for routing traffic through the WISM.   Our LWAPP is a layer 3 lwap.  we are using DIstributed MA-850.  Can the LWAPP tunnels cause client timeouts.

Labels:
0 Helpful
6 Replies 6

Kayle Miller
Level 7
Level 7

‎03-08-2010 01:31 PM

Janet,

     In response to Question #1, the session timeout means that your authenticated user session expires in 1800 seconds, it is not an activity or idle timeout.  So depending on your authentication method, this could cause your client to disconnect, I typically set this to 28800 (8 hours) unless the client has a specific requirement to re-authenticate more often.

     In response to Question #2, the LWAPP tunnel that is built between the controller and the access point is used for all traffic between the Access point and the controller (Data, Management, Client). When a client attaches to a LWAPP AP their traffic is sent to the controller thru the LWAPP encapsulate tunnel, when it reaches the controller, it then routes the data and puts it onto the actual wired network, and data sent from the wired network to the client is sent to the controller, then encapsulated in the tunnel to the AP, and then the AP sends it to the client.

     The only exception to this is when you have an access point in H-REAP mode and have the WLAN terminating locally. In this case the Management traffic is sent via the LWAPP tunnel, but user traffic is terminated locally on the switch and routed as if it were a wired client.

Hope this helps answer your questions.. Feel free to rate this answer.

Thanks,

Kayle

BRYAN FORD
Level 1
Level 1
In response to Kayle Miller

‎08-19-2015 10:44 AM

I know this an old post but we are testing the session timeout on the Wireless Controller if we disable the timeout will that have any adverse affects. They were set to re-authenticate every 30 minutes not sure what the magic timeout should be but we thought we would test without any. 

Thanks

Bryan 

Jose Wang
Level 1
Level 1
In response to BRYAN FORD

‎05-24-2018 07:12 PM

Althoug almost 3 years has past since you post this message, I'm suffering same 30 minutes re-auth issue today. Did you find solution to avoid this 30 minutes re-auth? Thanks.

0 Helpful

BRYN JONES
Level 1
Level 1

‎03-09-2010 05:53 AM

From this document:

(Page 13)

The Session Timeout is the maximum time for a client session with the WLC. After this

time, WLC de−authenticates the client, and the client goes through the whole authentication

(re−authentication) process again. This is a part of a security precaution to rotate the

encryption keys. If you use an Extensible Authentication Protocol (EAP) method with key

management, the rekeying occurs at every regular interval in order to derive a new encryption

key. Without key management, this timeout value is the time that wireless clients need to do a

full reauthentication. The session timeout is specific to the WLAN. This parameter can be

accessed from the WLANs > Edit menu.

0 Helpful

raypotot
Level 1
Level 1
In response to BRYN JONES

‎07-16-2013 02:35 AM

What happen if i disable the session timeout and the user change its password in ldap. Willl it ask to re-authenticate or will keep the old credential.

Thanks,

0 Helpful

mmangat
Level 1
Level 1

‎07-16-2013 07:16 PM

Hello,

By default, the session timeout parameter is configured for 1800 seconds       before a reauthentication occurs.

In order to access the session timeout parameter, click the       WLANs menu in the GUI. It displays the list of WLANs       configured in the WLC. Click the WLAN to which the client belongs. Go to       the Advanced tab and you find Enable Session       Timeout parameter. Change the default value to 180, and click       Apply for the changes to take effect.

When sent in an Access-Accept, along with a Termination-Action value of       RADIUS-Request, the Session-Timeout attribute specifies the maximum number of       seconds of service provided before re-authentication. In this case, the       Session-Timeout attribute is used to load the ReAuthPeriod constant within the       Reauthentication Timer state machine of 802.1X.

For more details please check the following cisco doc:

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00808b4c61.shtml

Hope this helps!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card