11-06-2013 05:46 AM - edited 07-04-2021 01:13 AM
Cisco 2106 controller
Cisco 1252 AP
Is there a way to prevent session timeouts? Is there a way users don't have to re-authenticate but the BOYD devices once they have authenticated, login automatically?
Solved! Go to Solution.
11-06-2013 12:24 PM
11-06-2013 12:31 PM
(Cisco Controller) >show wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... WLAN_GUEST
Network Name (SSID).............................. ENCSD_GUESt
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Number of Active Clients......................... 1
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. Infinity
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ wlan_guest
Multicast Interface.............................. Not Configured
--More-- or (q)uit
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
--More-- or (q)uit
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
ACL............................................. Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Local Authentication................... Disabled
H-REAP Learn IP Address....................... Enabled
--More-- or (q)uit
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------
(Cisco Controller) >
11-06-2013 12:33 PM
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.235.3
RTOS Version..................................... 7.0.235.3
Bootloader Version............................... 4.0.191.0
Emergency Image Version.......................... 6.0.199.4
Build Type....................................... DATA + WPS
System Name...................................... Cisco_e2:31:60
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.828
IP Address....................................... 10.100.0.49
System Up Time................................... 5 days 1 hrs 6 mins 15 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +52 C
11-06-2013 02:09 PM
Keep in mind, while increasing the idle timeout fixes the apple ipad issue. It does cause of problems with client tables and troubleshooting. One example would be clients that "walk off" or shut down without sending a DEAUTH frame to the wireless network.
The WLC will keep the client in the table until the idle timer expires. Say you move this to 3 hours. You have a laptop and close the lid and go home for the day. Most client wont send a deauth frame in this scenario. For 3 hours the wlc will report its connected to the WLC.
Idle time out is a global setting. In 7.5 you can configure per WLAN, like guest where the WEBAUTH page lives ..
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
11-06-2013 05:37 PM
Yeah there are drawbacks, but too many ipad's and iphones out there, and since the 2106 can't use the code that allows the change in the WLAN, the OP is pretty much stuck.
Your setting seem fine, so you need to look at the client statistics and verify that the client is not timing out. If they are hitting the logout button, then yes they will have to login again. Your session timer is disabled and you said your idle timer is set higher, so test again.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
11-07-2013 07:15 AM
Here is what I have to the user idle timeput: 14400
Once the ipad, phone, etc, goes into sleep mode, user awaken and prompted tolgin again.
11-07-2013 07:19 AM
Are you anchoring?
Sent from Cisco Technical Support iPhone App
11-07-2013 07:28 AM
Yes
11-07-2013 07:35 AM
I mean if you have another WLC your anchoring the WLAN to. If so then you really need to set the idle timer in the foreign WLC.
Sent from Cisco Technical Support iPhone App
11-07-2013 08:30 AM
No I have 3 WLC's and they are configured the same.
11-08-2013 08:27 AM
Scott,
Thanks for the help! It is now working. So far no timeouts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: