×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Guest Wireless with Web Portal

Unanswered Question
Jul 2nd, 2013
User Badges:

I have my guest wireless accepting terms through a web portal, but it seems they have to accept these terms about every 30 minutes to an hour to get access to the internet again. They are not idle, their session just stops working, and when they open a new browser it redirects them to the web portal. Is there a timer for this somewhere that I am missing?                   

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Tue, 07/02/2013 - 04:48
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

You have two timers... one is the session timeout which is configured in the WLAN advanced tab.  I usually set that to 8 or 12 hours.  Then on the Controller tab in the GUI, you have an idle timer, I would set that to 2 (7200 sec) hours or 4 (14400 sec) hours.  Give that a try.  With newer code versions, you can set the idle timer on the WLAN and not have to touch the global setting.


Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

mmangat Tue, 07/02/2013 - 19:14
User Badges:

Hello,


From the Lifetime drop-down lists, choose the amount of time (in days, hours, minutes, and seconds) that this guest user account is to remain active. A value of zero (0) for all four text boxes creates a permanent account.


Default: 1 day


Range: 5 minutes to 30 days


Note The smaller of this value or the session timeout for the guest WLAN, which is the WLAN on which the guest account is created, takes precedence. For example, if a WLAN session timeout is due to expire in 30 minutes but the guest account lifetime has 10 minutes remaining, the account is deleted in 10 minutes upon guest account expiry. Similarly, if the WLAN session timeout expires before the guest account lifetime, the client experiences a recurring session timeout that requires reauthentication.


Note You can change a guest user account with a nonzero lifetime to another lifetime value at any time while the account is active. However, to make a guest user account permanent using the controller GUI, you must delete the account and create it again. If desired, you can use the config netuser lifetime user_name 0 command to make a guest user account permanent without deleting and recreating it.


For more information, Please check the following cisco doc:

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70users.html

Shaoqin Li Wed, 07/03/2013 - 09:31
User Badges:
  • Bronze, 100 points or more

Did the client roam? I don't think it is some session timeout or idle timeout issue if client did not hibernate. also nothing to do with client life time.
get debug client for the real reason why it is back in webauth_req status.
btw if radio get reset the issue may also happen, but again first get debug client

Sent from Cisco Technical Support iPhone App

Scott Fella Wed, 07/03/2013 - 10:36
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

WebAuth and Apple devices when the screen sleeps, typically that's when the idle timer starts. This is a know issue when using WebAuth and you have iPads or iPhones. The idle timer needs to be increase or else you will have to login every 5 minutes which is the default timer. That is after the iPad or iPhone sleeps. Passthrough also will request you hit the accept button.

Just look at the client status in the WLC. If you see the idle timer counting down, then you will eventually not see the client once it expires. This means you have to login again.

Sent from Cisco Technical Support iPhone App

JASON SIMMONS Thu, 01/23/2014 - 10:16
User Badges:

Scott


Where do I go to view the idle timer? All I see on the Clients detail page is UpTime and Timeout values.  UpTime time is raising while the Timeout value is static.


running version 7.4.110.0 on a 5508.

Scott Fella Thu, 01/23/2014 - 18:17
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Jason,


I think I was looking at the sleeping client feature.... I was looking at it again and did notice that after the idle timer expired and when using sleeping client, the client mac address would appear on the sleeping client section and that would start counting down.  There isn't a value for the idle timer, which would be nice though.


Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

JASON SIMMONS Thu, 01/23/2014 - 21:00
User Badges:

Thanks.  I opened a case and learned that option is in v7.5. There was a reason why we didn't jump from 7.3 to 7.5 now I have to remember why.

JASON SIMMONS Sat, 02/01/2014 - 10:38
User Badges:

I installed v7.5 configured the sleeping client feature and I'm not getting the desired result.   My test device (Ipod model MD067LL/A) isn't being added to the sleeping clients list.  I saw the following in the configuration guide.

  • The authentication of sleepling clients feature is not supported with Layer 2 security and web authentication enabled.


I don't think that applies to my situation.


The WLANs configuration is below.


WLAN Identifier.................................. 4

Profile Name..................................... xxxxxxxxxx

Network Name (SSID).............................. xxxxxxxxxx

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Disabled

Network Admission Control

Client Profiling Status

    Radius Profiling ............................ Disabled

     DHCP ....................................... Disabled

     HTTP ....................................... Disabled

    Local Profiling ............................. Disabled

     DHCP ....................................... Disabled

     HTTP ....................................... Disabled

  Radius-NAC State............................... Disabled

  SNMP-NAC State................................. Disabled

  Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Maximum number of Clients per AP Radio........... 200

Number of Active Clients......................... 0

Exclusionlist.................................... Disabled

Session Timeout.................................. 36000 seconds

User Idle Timeout................................ 300 seconds

Sleep Client..................................... enable

Sleep Client Timeout............................. 8 hours

User Idle Threshold.............................. 0 Bytes

NAS-identifier................................... xxxxxxxxxxxxxxx

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ xxxxxxxxxx

Multicast Interface.............................. Not Configured

WLAN IPv4 ACL.................................... unconfigured

WLAN IPv6 ACL.................................... unconfigured

WLAN Layer2 ACL.................................. unconfigured

mDNS Status...................................... Disabled

mDNS Profile Name................................ unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

Static IP client tunneling....................... Disabled

PMIPv6 Mobility Type............................. none

    PMIPv6 MAG Profile........................... Unconfigured

    PMIPv6 Default Realm......................... Unconfigured

    PMIPv6 NAI Type.............................. Hexadecimal

Quality of Service............................... Silver

Per-SSID Rate Limits............................. Upstream      Downstream

Average Data Rate................................   0             0

Average Realtime Data Rate.......................   0             0

Burst Data Rate..................................   0             0

Burst Realtime Data Rate.........................   0             0

Per-Client Rate Limits........................... Upstream      Downstream

Average Data Rate................................   0             0

Average Realtime Data Rate.......................   0             0

Burst Data Rate..................................   0             0

Burst Realtime Data Rate.........................   0             0

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Enabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

   Authentication................................ Global Servers

   Accounting.................................... Global Servers

      Interim Update............................. Disabled

      Framed IPv6 Acct AVP ...................... Prefix

   Dynamic Interface............................. Disabled

   Dynamic Interface Priority.................... wlan

Local EAP Authentication......................... Disabled

Security



   802.11 Authentication:........................ Open System

   FT Support.................................... Disabled

   Static WEP Keys............................... Disabled

   802.1X........................................ Disabled

   Wi-Fi Protected Access (WPA/WPA2)............. Enabled

      WPA (SSN IE)............................... Disabled

      WPA2 (RSN IE).............................. Enabled

         TKIP Cipher............................. Disabled

         AES Cipher.............................. Enabled

                                                               Auth Key Management

         802.1x.................................. Disabled

         PSK..................................... Enabled

         CCKM.................................... Disabled

         FT-1X(802.11r).......................... Disabled

         FT-PSK(802.11r)......................... Disabled

         PMF-1X(802.11w)......................... Disabled

         PMF-PSK(802.11w)........................ Disabled

      FT Reassociation Timeout................... 20

      FT Over-The-DS mode........................ Disabled

      GTK Randomization.......................... Disabled

      SKC Cache Support.......................... Disabled

      CCKM TSF Tolerance......................... 1000

   WAPI.......................................... Disabled

   Wi-Fi Direct policy configured................ Disabled

   EAP-Passthrough............................... Disabled

   CKIP ......................................... Disabled

   Web Based Authentication...................... Disabled

   Web-Passthrough............................... Enabled

        IPv4 ACL........................................ Unconfigured

        IPv6 ACL........................................ Unconfigured

        Web-Auth Flex ACL............................... Unconfigured

        Email Input..................................... Disabled



   Conditional Web Redirect...................... Disabled

   Splash-Page Web Redirect...................... Disabled

   Auto Anchor................................... Disabled

   FlexConnect Local Switching................... Enabled

   flexconnect Central Dhcp Flag................. Disabled

   flexconnect nat-pat Flag...................... Disabled

   flexconnect Dns Override Flag................. Disabled

   flexconnect PPPoE pass-through................ Disabled

   flexconnect local-switching IP-source-guar.... Disabled

   FlexConnect Vlan based Central Switching ..... Disabled

   FlexConnect Local Authentication.............. Disabled

   FlexConnect Learn IP Address.................. Disabled

   Client MFP.................................... Disabled

   PMF........................................... Disabled

   PMF Association Comeback Time................. 1

   PMF SA Query RetryTimeout..................... 200

   Tkip MIC Countermeasure Hold-down Timer....... 60

Scott Fella Sat, 02/01/2014 - 10:54
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

With sleeping clients, it only works with layer 3 using WebAuth. Since you have a layer 2 and passthrough, you device will not be out into the sleeping client role. It will only work with layer 2 being open and layer 3 using WebAuth.

Sent from Cisco Technical Support iPhone App

Scott Fella Sat, 02/01/2014 - 11:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Just create a test SSID with WebAuth so you can see the process. Once the idle timer expires, the client will be put in the sleeping client.

Sent from Cisco Technical Support iPhone App

Actions

This Discussion

 

 

Trending Topics - Security & Network