Clients get deauthenticated and have to authenticate again

Unanswered Question
Jan 27th, 2012

Hi,

I have a WLC 3750 and 41 APs. Clients get authenticated by Web Authentication and the internal login-page of the WLC. Actually everything works fine but sometimes clients have to reauthenticate during a session, i.e. they get redirected to the login-page and have to type in their username and their password again. It happens during an active session so there's not idle-time or anything like this.

I took a look on the WLC 3750 and as far as I understand it, everytime the client switches to another AP because of a better connection is has to reauthenticate again.

I don't know if I'm right but it sounds like a possible solution for me. If this is the problem is there any way to solve it? So I want clients to stay authenticated also after switching to another AP.

We have Cisco Aironet 1231 APs.

Thanks!

Best regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
coe-newbie-414 Sat, 01/28/2012 - 12:44

Hi

I have an additional question: Could all this happen because we have a layer 2 feature (WPA Policy is enabled in combination with a PSK) enabled?

Could there be any improvement if we're going to disable any layer 2 security feature i.e. set layer 2 to "none"? Of course we want to keep the Web Authentication as a layer 3 security feature.

Thanks!

Best regards

Mohamed Sobair Sat, 01/28/2012 - 13:15

Hello,

I am not sure about WLC 3750, but WLC 41x and WLC 44x series have a feature called (Mobility Group), this feature allows roaming between Light Weight APs once its configured.

You need to check the Datasheet/White paper of WLC 3750 Controller,

So it has nothing to do with the Type of Authentication at layer-2.

Regards,

Mohamed

coe-newbie-414 Sun, 01/29/2012 - 03:31

Hi,

thanks for your answer! When I login to the GUI of the WLC 3750 it says "Default mobility group" : wlan . So I guess WLC 3750 supports mobility group.

We also do have a RADIUS Server in combination with a 802.1x authentication. If people authenticate with this RADIUS server they can move and switch the APs without having to login again. But not all of the people are able to use this RADIUS Server so we also need the web authentication.

The thing is that I'm not even sure if the issue "switch to another ap" is the real problem. Maybe it's a complete other problem.

Am I really the only one who has trouble with clients getting deauthenticated while being active?

Any other suggestions?

Thanks in advance!

Actions

Login or Register to take actions

This Discussion

Posted January 27, 2012 at 11:31 AM
Stats:
Replies:3 Avg. Rating:
Views:453 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard