Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Pre-authentication ACL disconnects

Hi,

We have a Guest WLAN where an pre authentication ACL is configured. It works but the client gets disconnected after a while. The session time-out / idle time out etc. is configured on a higher value than the actuel disconnect (+/- 15min) takes place.

When the client is authenticated (and does not use the pre auth ACL) the client doesn't get disconnected.

It seems like the same issue as the following threads but it doesn't state a solution :

https://supportforums.cisco.com/message/3687872#3687872     

https://supportforums.cisco.com/message/3424053

I'm running code 7.4.110.0

any ideas ?

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Pre-authentication ACL disconnects

Hi,

If clients are in Webauth_Reqd state, no matter if they are active or idle, the clients will get de-authenticated after a web-auth required timeout period (for example, 300 seconds and this time is non-user  configurable). All traffic from the client (allowed via Pre-Auth ACL)  will be disrupted. If the client associates again, it will move  back to the  Webauth_Reqd state.

There is an enhancement request filed esp. for your situation with Pre-auth ACL.

CSCtj32812 DHCP Option to mitigate the problem of guest client rejoining network

https://tools.cisco.com/bugsearch/bug/CSCtj32812

Regards

Dont forget to rate helpful posts

4 REPLIES
VIP Purple

Pre-authentication ACL disconnects

Change the idle timeout to 86400 sec.

Login to controller GUI :

THEN go to Controller > General  on this page you will see User idle Timeout, change the value to 86400 sec(By default is 300 sec)

Try this and let me know.

Reagrds

VIP Purple

Pre-authentication ACL disconnects

Hi,

If clients are in Webauth_Reqd state, no matter if they are active or idle, the clients will get de-authenticated after a web-auth required timeout period (for example, 300 seconds and this time is non-user  configurable). All traffic from the client (allowed via Pre-Auth ACL)  will be disrupted. If the client associates again, it will move  back to the  Webauth_Reqd state.

There is an enhancement request filed esp. for your situation with Pre-auth ACL.

CSCtj32812 DHCP Option to mitigate the problem of guest client rejoining network

https://tools.cisco.com/bugsearch/bug/CSCtj32812

Regards

Dont forget to rate helpful posts

Community Member

Pre-authentication ACL disconnects

Thanks. If I understand it correctly a client in Web-auth required state will be deleted after 5 mins. At that time sessions of the client will be killed and need to be setup again.

Bottom line is at that point that the pre-authentication ACL is very limited in use.`

Thanks for your reply !

VIP Purple

Pre-authentication ACL disconnects

Yes.

I think cisco is working on this this and may be soon they will comeout of this issue.

Reagrds

Dont forget to arte helpful answer, also mark this questiona s answered, it may help others.

210
Views
5
Helpful
4
Replies
CreatePlease to create content