09-10-2013 09:12 AM - edited 07-04-2021 12:48 AM
Hi everyone,
I can connect to WLC and i disconnect then.Wehn i am back in coverage area it automatically connects me again.
Need to understand is this die to the enable session timeout settings in advanced field of SSID?
IF enable timeout is checked then does it remember the user credentials for that amont of time that is config in enable session timeout?
Regards
Mahesh
09-10-2013 10:55 AM
No Sir.. That feature will kick a client off when the timer his hit. Thus causing the client to reauth. In your case when you leave coverage and return you are coming back onto the network and requires a reauth. If you are trying to keep a session live you could move the idle session timer higher. Although this is a work around and I wouldn't suggest it.
Normal practice is you should reauth when you leave and come back into the network .. As for asking for you ID. Most supplicant cache this or are configured to present them for you to the wireless.
Can you share more about what you are trying to archive ?
Sent from Cisco Technical Support iPad App
09-10-2013 01:07 PM
Hi George,
I want to know when i take my cell phone near the WAP today it connects me automatically.
I can see the IP address on my cell phone.
so need to understand if radius authentication is config on WLC then when i come closer to coverage area before giving IP to my cell phone it should ask for PW right?
How my PC is getting IP automatically when i come close to coverage area?
Regards
Mahesh
09-10-2013 01:10 PM
Mahesh18,
I guess that your WLC is setup with locally stored password (pre-shared password). When you first time connected your phone it probably cashed that password. Try and make your phone "forget" your network - it should not re-join. Same applies to your PC.
09-10-2013 01:14 PM
Hi Vlad,
But the password was RSA token so does it remembers RSA token also?
Regards
Mahesh
09-10-2013 01:16 PM
Under your controller tab what is your user idle timer at ?
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
09-10-2013 01:18 PM
Hi George,
It is 300 secs.
Regards
Mahesh
09-10-2013 01:19 PM
No, it should not remember anything related to EAP-types. There may be user never dropped out. Does the WLC show the user been still authenticated or does the user disapear? (Client section of the GUI).
09-10-2013 01:26 PM
Wrong statement above. Profiles should not retain anything related to your RSA tokiens. But the generated pairwise master keys may be retained for some time before they expire. I am not sure but 'debug aaa events enable' may reveal what is happenning.
09-10-2013 01:34 PM
Hi Vlad,
If i enable debugging how can i see the debug output?
in switches we use terminal monitor.
Also how can i stop debugging ?
Regards
Mahesh
09-10-2013 02:11 PM
If you are logged in to the WLC over SSH you don't need the "terminal monitor" - just "debug ... ". To disable you can use wither "debug aaa events disable" or "debug disable-all". Also debug will stop if you exit ssh session.
As usually whith debug be careful not to over-stress your terminal sessions.
09-10-2013 02:22 PM
I world think idle timeout would kick in delet the client record along with the pmk ..
Sent from Cisco Technical Support iPhone App
09-10-2013 02:24 PM
Along with Vlads comment I would do a client debug leave the network and come back back on .. Post the log
Sent from Cisco Technical Support iPhone App
09-10-2013 02:39 PM
Debug client alone does not work.
should i use some options?
09-10-2013 02:45 PM
Yes I think so too. Session should time out and get cleared from the WLC along with all its attribute. That is my understanding..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: