09-10-2013 09:12 AM - edited 07-04-2021 12:48 AM
Hi everyone,
I can connect to WLC and i disconnect then.Wehn i am back in coverage area it automatically connects me again.
Need to understand is this die to the enable session timeout settings in advanced field of SSID?
IF enable timeout is checked then does it remember the user credentials for that amont of time that is config in enable session timeout?
Regards
Mahesh
09-10-2013 02:38 PM
Hi Vlad,
I enable the debug aaa events enable bit i see no output on CLI?
09-10-2013 02:43 PM
Are there authentication events happening? There will be nothing until your authenticate/reauthenticate.
Also the command that George mentioned above - are you just running debug client? There shall be trailed MAC address after the command of the client you wish to debug.
09-10-2013 02:49 PM
Hi Vlad,
USer went near coverage area with cell phone got the IP when he tried to access internet it ask for RSA.
But i see no logs on the CLI
Regards
MAhesh
09-10-2013 02:55 PM
run "show client detail
09-10-2013 01:12 PM
Ok, some assumptions here on my part based on your comment.
You are using radius. When your wifi station comes into coverage and its configured for the network and your supplicant is configured to join automatically. Your station will connect to the wifi and radius auth will happen. After you pass then you get an IP address.
EAP is layer 2. Once you are authenticated then you get layer 3 (ip address) and network connectivity.
Does this anwser your question ?
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
09-10-2013 02:44 PM
Hi George,
More update my PC gets IP automatically but to access the internet it ask for Authentication which is RSA?
Regards
Mahesh
09-10-2013 01:14 PM
You need to do re-auth each and every timeout the session is timed out. To increase the session timer you can increase the idle time-out.
09-12-2013 03:17 AM
The session timeout parameter on the WLC can be used to accomplish this. By default, the session timeout parameter is configured for 1800 seconds before a reauthentication occurs.
Change this value to 180 seconds in order to make the client reauthenticate after three minutes.
In order to access the session timeout parameter, click the WLANs menu in the GUI. It displays the list of WLANs configured in the WLC. Click the WLAN to which the client belongs. Go to the Advanced tab and you find Enable Session Timeout parameter. Change the default value to 180, and click Apply for the changes to take effect.
When sent in an Access-Accept, along with a Termination-Action value of RADIUS-Request, the Session-Timeout attribute specifies the maximum number of seconds of service provided before re-authentication. In this case, the Session-Timeout attribute is used to load the ReAuthPeriod constant within the Reauthentication Timer state machine of 802.1X.
Please check the below link which can helpful in making decision:
http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00808b4c61.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide