cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
557
Views
5
Helpful
4
Replies

Pre-authentication ACL disconnects

aflbakker
Level 1
Level 1

Hi,

We have a Guest WLAN where an pre authentication ACL is configured. It works but the client gets disconnected after a while. The session time-out / idle time out etc. is configured on a higher value than the actuel disconnect (+/- 15min) takes place.

When the client is authenticated (and does not use the pre auth ACL) the client doesn't get disconnected.

It seems like the same issue as the following threads but it doesn't state a solution :

https://supportforums.cisco.com/message/3687872#3687872     

https://supportforums.cisco.com/message/3424053

I'm running code 7.4.110.0

any ideas ?

1 Accepted Solution

Accepted Solutions

Sandeep Choudhary
VIP Alumni
VIP Alumni

Hi,

If clients are in Webauth_Reqd state, no matter if they are active or idle, the clients will get de-authenticated after a web-auth required timeout period (for example, 300 seconds and this time is non-user  configurable). All traffic from the client (allowed via Pre-Auth ACL)  will be disrupted. If the client associates again, it will move  back to the  Webauth_Reqd state.

There is an enhancement request filed esp. for your situation with Pre-auth ACL.

CSCtj32812 DHCP Option to mitigate the problem of guest client rejoining network

https://tools.cisco.com/bugsearch/bug/CSCtj32812

Regards

Dont forget to rate helpful posts

View solution in original post

4 Replies 4

Sandeep Choudhary
VIP Alumni
VIP Alumni

Change the idle timeout to 86400 sec.

Login to controller GUI :

THEN go to Controller > General  on this page you will see User idle Timeout, change the value to 86400 sec(By default is 300 sec)

Try this and let me know.

Reagrds

Sandeep Choudhary
VIP Alumni
VIP Alumni

Hi,

If clients are in Webauth_Reqd state, no matter if they are active or idle, the clients will get de-authenticated after a web-auth required timeout period (for example, 300 seconds and this time is non-user  configurable). All traffic from the client (allowed via Pre-Auth ACL)  will be disrupted. If the client associates again, it will move  back to the  Webauth_Reqd state.

There is an enhancement request filed esp. for your situation with Pre-auth ACL.

CSCtj32812 DHCP Option to mitigate the problem of guest client rejoining network

https://tools.cisco.com/bugsearch/bug/CSCtj32812

Regards

Dont forget to rate helpful posts

Thanks. If I understand it correctly a client in Web-auth required state will be deleted after 5 mins. At that time sessions of the client will be killed and need to be setup again.

Bottom line is at that point that the pre-authentication ACL is very limited in use.`

Thanks for your reply !

Yes.

I think cisco is working on this this and may be soon they will comeout of this issue.

Reagrds

Dont forget to arte helpful answer, also mark this questiona s answered, it may help others.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: