WiSM Roaming Issue

Answered Question
Jan 16th, 2012
User Badges:

Hi All


I have 2 WiSM blades with all 4 controllers running version 7.0.98.0 code. Each controller is responsible for a floor of a building.

If I connect to the first floor I get the correct IP address on a test laptop.


I then disconnect the laptop wireless and move to a different floor and enable the wireless adaptor again.

When the wireless connects it has kept the IP address from the 1st floor controller.


Even if I disconnect the client wireless and monitor the controller that it was connected to the controller still shows the client in the client list. The only way it will disappear is if I remove the client from the controller page.


Whilst this doesn't cause an operational issue it isn't right. The client appears to stick to a controller and will not be disassociated even if the client wireless adaptor is disabled. The logs don't even show the client being de-authenticated.


Anybody seen this before?


Regards


Roger

Correct Answer by Stephen Rodriguez about 5 years 7 months ago

this is working as designed.


The client will retain the IP address that it got even if you disconnect until the entry has been removed from the MSCB. Either by you removing it manually or the user idle timeout expires, default of 5 minutes.


Steve


Sent from Cisco Technical Support iPhone App

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Scott Fella Mon, 01/16/2012 - 09:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

If you reset your wireless and you don't actually connect to a 1st floor ap even though you are on the 2nd floor, you should get an ip from the wlc that controls the 2nd floor. Verify that you connect to the correct AP


Thanks,


Scott Fella


Sent from my iPhone

Scott Fella Mon, 01/16/2012 - 09:06
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

If you wanted to have client be placed on a different subnet per floor, why not use AP Groups.  How you have it setup, there will be mobility roaming between the different wlcs.  If you use AP Groups, then you can manage the ap primary, secondary and or tertiary WLC.s  With AP Groups, you can specify AP's on floor 1 will have these ssid's and be mapped to these interfaces, AP's on floor 2 will have these ssid's and be mapped to these interfaces.  Makes it easy.


http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch2_Arch.html#wp1028169

Roger Alderman Mon, 01/16/2012 - 13:27
User Badges:


Guys


Connecting to the wrong AP is not the issue and neither is AP Groups. I am using AP Groups successfully already.


Stephen has hit the nail on the head with the user idle timeout value being at a default value of 5 minutes. Is there a command to change the default user idle timeout value? I can't find it anywhere.


Thanks for the comment about the code version - I'll look at 7.0.220.0 although I was going to use 7.0.116.0


Regards


Roger

Correct Answer
Stephen Rodriguez Mon, 01/16/2012 - 09:06
User Badges:
  • Purple, 4500 points or more

this is working as designed.


The client will retain the IP address that it got even if you disconnect until the entry has been removed from the MSCB. Either by you removing it manually or the user idle timeout expires, default of 5 minutes.


Steve


Sent from Cisco Technical Support iPhone App

weterry Mon, 01/16/2012 - 13:26
User Badges:
  • Silver, 250 points or more

To add to what Steve is saying:


Most wireless clients don't send a disassociate or deauth, and even if they did, I believe the WLC is programmed to ignore it (in case of spoofed attack).  If your client shuts down, he will remain on the WLC for the Idle Timeout period (default 5 minutes).


If at any point in time within this 5 minutes the client comes up on any other WLC that is mobility-aware of the original WLC, there will be a mobility handoff and your client will work with its original IP.  This is completely expected behavior and in most ideas consider a feature (real feature, not bug "feature").


If you dont want roaming between floors, then break mobility between the floors... But I think that would be worse practice.

Roger Alderman Mon, 01/16/2012 - 13:30
User Badges:

Guys


Connecting to the wrong AP is not the issue and neither is AP Groups. I am using AP Groups successfully already.


Stephen has hit the nail on the head with the user idle timeout value being at a default value of 5 minutes. Is there a command to change the default user idle timeout value? I can't find it anywhere.


Thanks for the comment about the code version - I'll look at 7.0.220.0 although I was going to use 7.0.116.0


Regards


Roger

Scott Fella Mon, 01/16/2012 - 13:34
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

You would have to change the idle timeout then you can't change a user timeout.


Sent from Cisco Technical Support iPhone App

Roger Alderman Mon, 01/16/2012 - 14:11
User Badges:

Can this be changed from the CLI or the GUI? I can't see a CLI command.


Regards


Roger

Scott Fella Mon, 01/16/2012 - 14:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

On the GUI it's under the controller tab. I don't know the CLI command off hand.


Thanks,


Scott Fella


Sent from my iPhone

Scott Fella Mon, 01/16/2012 - 15:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

config network usertimeout


Thanks,


Scott Fella


Sent from my iPhone

George Stefanick Mon, 01/16/2012 - 16:20
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Normally this gets tuned the other way (longer duration timeout). I dont know of many folks tuning it down. You may want to monitor your logs and clients.

Stephen Rodriguez Mon, 01/16/2012 - 15:37
User Badges:
  • Purple, 4500 points or more

be careful how much you lower the idle timeout. You may cause unnecessary authentications if you put it too low.


Sent from Cisco Technical Support iPhone App

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode