cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2292
Views
3
Helpful
25
Replies

enable session time-outs

hugh.lancaster
Level 1
Level 1

Cisco 2106 controller

Cisco 1252 AP

Is there a way to prevent session timeouts? Is there a way users don't have to re-authenticate but the BOYD devices once they have authenticated, login automatically? 

25 Replies 25

(Cisco Controller) >show wlan 2

WLAN Identifier.................................. 2

Profile Name..................................... WLAN_GUEST

Network Name (SSID).............................. ENCSD_GUESt

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Disabled

Network Admission Control

  Radius-NAC State............................... Disabled

  SNMP-NAC State................................. Disabled

  Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Number of Active Clients......................... 1

Exclusionlist Timeout............................ 60 seconds

Session Timeout.................................. Infinity

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ wlan_guest

Multicast Interface.............................. Not Configured

--More-- or (q)uit

WLAN ACL......................................... unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

Static IP client tunneling....................... Disabled

Quality of Service............................... Silver (best effort)

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Enabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

IPv6 Support..................................... Disabled

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

   Authentication................................ Global Servers

--More-- or (q)uit

   Accounting.................................... Global Servers

   Dynamic Interface............................. Disabled

Local EAP Authentication......................... Disabled

Security

   802.11 Authentication:........................ Open System

   Static WEP Keys............................... Disabled

   802.1X........................................ Disabled

   Wi-Fi Protected Access (WPA/WPA2)............. Disabled

   CKIP ......................................... Disabled

   Web Based Authentication...................... Enabled

        ACL............................................. Unconfigured

        Web Authentication server precedence:

        1............................................... local

        2............................................... radius

        3............................................... ldap

   Web-Passthrough............................... Disabled

   Conditional Web Redirect...................... Disabled

   Splash-Page Web Redirect...................... Disabled

   Auto Anchor................................... Disabled

   H-REAP Local Switching........................ Disabled

   H-REAP Local Authentication................... Disabled

   H-REAP Learn IP Address....................... Enabled

--More-- or (q)uit

   Client MFP.................................... Optional but inactive (WPA2 not configured)

   Tkip MIC Countermeasure Hold-down Timer....... 60

Call Snooping.................................... Disabled

Roamed Call Re-Anchor Policy..................... Disabled

SIP CAC Fail Send-486-Busy Policy................ Enabled

SIP CAC Fail Send Dis-Association Policy......... Disabled

Band Select...................................... Disabled

Load Balancing................................... Disabled

Mobility Anchor List

WLAN ID     IP Address            Status

-------     ---------------       ------

(Cisco Controller) >

Manufacturer's Name.............................. Cisco Systems Inc.

Product Name..................................... Cisco Controller

Product Version.................................. 7.0.235.3

RTOS Version..................................... 7.0.235.3

Bootloader Version............................... 4.0.191.0

Emergency Image Version.......................... 6.0.199.4

Build Type....................................... DATA + WPS

System Name...................................... Cisco_e2:31:60

System Location..................................

System Contact...................................

System ObjectID.................................. 1.3.6.1.4.1.9.1.828

IP Address....................................... 10.100.0.49

System Up Time................................... 5 days 1 hrs 6 mins 15 secs

System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)

Configured Country............................... US  - United States

Operating Environment............................ Commercial (0 to 40 C)

Internal Temp Alarm Limits....................... 0 to 65 C

Internal Temperature............................. +52 C

Keep in mind, while increasing the idle timeout fixes the apple ipad issue. It does cause of problems with client tables and troubleshooting. One example would be clients that "walk off" or shut down without sending a DEAUTH frame to the wireless network.

The WLC will keep the client in the table until the idle timer expires. Say you move this to 3 hours. You have a laptop and close the lid and go home for the day. Most client wont send a deauth frame in this scenario. For 3 hours the wlc will report its connected to the WLC.

Idle time out is a global setting. In 7.5 you can configure per WLAN, like guest where the WEBAUTH page lives ..

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Yeah there are drawbacks, but too many ipad's and iphones out there, and since the 2106 can't use the code that allows the change in the WLAN, the OP is pretty much stuck.

Your setting seem fine, so you need to look at the client statistics and verify that the client is not timing out.  If they are hitting the logout button, then yes they will have to login again.  Your session timer is disabled and you said your idle timer is set higher, so test again.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Here is what I have to the user idle timeput: 14400

Once the ipad, phone, etc, goes into sleep mode, user awaken and prompted tolgin again.

Are you anchoring?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Yes

I mean if you have another WLC your anchoring the WLAN to. If so then you really need to set the idle timer in the foreign WLC.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

No I have 3 WLC's and they are configured the same.

Scott,

Thanks for the help! It is now working. So far no timeouts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: