cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
776
Views
0
Helpful
3
Replies

Clients get deauthenticated and have to authenticate again

coe-newbie-414
Level 1
Level 1

Hi,

I have a WLC 3750 and 41 APs. Clients get authenticated by Web Authentication and the internal login-page of the WLC. Actually everything works fine but sometimes clients have to reauthenticate during a session, i.e. they get redirected to the login-page and have to type in their username and their password again. It happens during an active session so there's not idle-time or anything like this.

I took a look on the WLC 3750 and as far as I understand it, everytime the client switches to another AP because of a better connection is has to reauthenticate again.

I don't know if I'm right but it sounds like a possible solution for me. If this is the problem is there any way to solve it? So I want clients to stay authenticated also after switching to another AP.

We have Cisco Aironet 1231 APs.

Thanks!

Best regards

3 Replies 3

coe-newbie-414
Level 1
Level 1

Hi

I have an additional question: Could all this happen because we have a layer 2 feature (WPA Policy is enabled in combination with a PSK) enabled?

Could there be any improvement if we're going to disable any layer 2 security feature i.e. set layer 2 to "none"? Of course we want to keep the Web Authentication as a layer 3 security feature.

Thanks!

Best regards

Hello,

I am not sure about WLC 3750, but WLC 41x and WLC 44x series have a feature called (Mobility Group), this feature allows roaming between Light Weight APs once its configured.

You need to check the Datasheet/White paper of WLC 3750 Controller,

So it has nothing to do with the Type of Authentication at layer-2.

Regards,

Mohamed

Hi,

thanks for your answer! When I login to the GUI of the WLC 3750 it says "Default mobility group" : wlan . So I guess WLC 3750 supports mobility group.

We also do have a RADIUS Server in combination with a 802.1x authentication. If people authenticate with this RADIUS server they can move and switch the APs without having to login again. But not all of the people are able to use this RADIUS Server so we also need the web authentication.

The thing is that I'm not even sure if the issue "switch to another ap" is the real problem. Maybe it's a complete other problem.

Am I really the only one who has trouble with clients getting deauthenticated while being active?

Any other suggestions?

Thanks in advance!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: