Clients get deauthenticated and have to authenticate again

Unanswered Question
Jan 27th, 2012
User Badges:


I have a WLC 3750 and 41 APs. Clients get authenticated by Web Authentication and the internal login-page of the WLC. Actually everything works fine but sometimes clients have to reauthenticate during a session, i.e. they get redirected to the login-page and have to type in their username and their password again. It happens during an active session so there's not idle-time or anything like this.

I took a look on the WLC 3750 and as far as I understand it, everytime the client switches to another AP because of a better connection is has to reauthenticate again.

I don't know if I'm right but it sounds like a possible solution for me. If this is the problem is there any way to solve it? So I want clients to stay authenticated also after switching to another AP.

We have Cisco Aironet 1231 APs.


Best regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
coe-newbie-414 Sat, 01/28/2012 - 12:44
User Badges:


I have an additional question: Could all this happen because we have a layer 2 feature (WPA Policy is enabled in combination with a PSK) enabled?

Could there be any improvement if we're going to disable any layer 2 security feature i.e. set layer 2 to "none"? Of course we want to keep the Web Authentication as a layer 3 security feature.


Best regards

Mohamed Sobair Sat, 01/28/2012 - 13:15
User Badges:
  • Gold, 750 points or more


I am not sure about WLC 3750, but WLC 41x and WLC 44x series have a feature called (Mobility Group), this feature allows roaming between Light Weight APs once its configured.

You need to check the Datasheet/White paper of WLC 3750 Controller,

So it has nothing to do with the Type of Authentication at layer-2.



coe-newbie-414 Sun, 01/29/2012 - 03:31
User Badges:


thanks for your answer! When I login to the GUI of the WLC 3750 it says "Default mobility group" : wlan . So I guess WLC 3750 supports mobility group.

We also do have a RADIUS Server in combination with a 802.1x authentication. If people authenticate with this RADIUS server they can move and switch the APs without having to login again. But not all of the people are able to use this RADIUS Server so we also need the web authentication.

The thing is that I'm not even sure if the issue "switch to another ap" is the real problem. Maybe it's a complete other problem.

Am I really the only one who has trouble with clients getting deauthenticated while being active?

Any other suggestions?

Thanks in advance!


This Discussion