Enable Session Timeout in WLC - Page 2

mahesh18 · ‎09-10-2013

Hi everyone,

I can connect to WLC and i disconnect then.Wehn i am back in coverage area it automatically connects me again.

Need to understand is this die to the enable session timeout settings in advanced field of SSID?

IF enable timeout is checked then does it remember the user credentials for that amont of time that is config in enable session timeout?

Regards

Mahesh

mahesh18 · ‎09-10-2013

Hi Vlad,

I enable the debug aaa events enable bit i see no output on CLI?

vlad.mihailov · ‎09-10-2013

Are there authentication events happening? There will be nothing until your authenticate/reauthenticate.

Also the command that George mentioned above - are you just running debug client? There shall be trailed MAC address after the command of the client you wish to debug.

mahesh18 · ‎09-10-2013

Hi Vlad,

USer went near coverage area with cell phone got the IP when he tried to access internet it ask for RSA.

But i see no logs on the CLI

Regards

MAhesh

vlad.mihailov · ‎09-10-2013

run "show client detail " while user is associated.

George Stefanick · ‎09-10-2013

Ok, some assumptions here on my part based on your comment.

You are using radius. When your wifi station comes into coverage and its configured for the network and your supplicant is configured to join automatically. Your station will connect to the wifi and radius auth will happen. After you pass then you get an IP address.

EAP is layer 2. Once you are authenticated then you get layer 3 (ip address) and network connectivity.

Does this anwser your question ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

mahesh18 · ‎09-10-2013

Hi George,

More update my PC gets IP automatically but to access the internet it ask for Authentication which is RSA?

Regards

Mahesh

Abhishek Abhishek · ‎09-10-2013

You need to do re-auth each and every timeout the session is timed out. To increase the session timer you can increase the idle time-out.

aqjaved · ‎09-12-2013

The session timeout parameter on the WLC can be used to accomplish this. By default, the session timeout parameter is configured for 1800 seconds before a reauthentication occurs.

Change this value to 180 seconds in order to make the client reauthenticate after three minutes.

In order to access the session timeout parameter, click the WLANs menu in the GUI. It displays the list of WLANs configured in the WLC. Click the WLAN to which the client belongs. Go to the Advanced tab and you find Enable Session Timeout parameter. Change the default value to 180, and click Apply for the changes to take effect.

When sent in an Access-Accept, along with a Termination-Action value of RADIUS-Request, the Session-Timeout attribute specifies the maximum number of seconds of service provided before re-authentication. In this case, the Session-Timeout attribute is used to load the ReAuthPeriod constant within the Reauthentication Timer state machine of 802.1X.

Please check the below link which can helpful in making decision:

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00808b4c61.shtml