Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1667
Views
0
Helpful
9
Replies

Webauth asking again for credntials

Go to solution
ittechk4u
Level 1
Level 1

‎02-06-2014 10:11 AM - edited ‎07-05-2021 12:06 AM

Hello Experts,

I am having an issue with webauth page.

I am using ISE as radius server and using sponsor account for guest account creation.

My Issue is: once I login with webauth i got internet connection but after few idle time (5-10min), I need to enter username and password again.

Can this problem can be solved??? I have guest acount for 1 year timepeariod and I dont want to enter crenditals again and again.

Is there any solution?

wlc- 2504, AP- 2602, ISE 1.1 version

Thanks

Labels:
0 Helpful
5 Accepted Solutions

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎02-06-2014 10:13 AM

Set the idle timer on the WLC to something like 7200 seconds or 14400 seconds. That will allows devices I stay idle for that long before having to login again.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎02-06-2014 10:19 AM

adding to above

You can set the session timeout up to 24 hours. That's the max and webauth users will have no other option than re-login every day.

If you want a guest PC to stay connected for longer periods, I doubt that the guest portal solution is the best for your use case.

Reagrds

Dont forget to rate helpful posts

View solution in original post

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to ittechk4u

‎02-06-2014 10:21 AM

I dont think you can do it permanently with WLC.

Reagrds

View solution in original post

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to ittechk4u

‎02-06-2014 10:24 AM

The issue is with certain devices especially Apple. The session timer has to be a higher value than the idle timer. You can use the sleeping client feature if you are just using WebAuth.

http://www.cisco.com/en/US/docs/wireless/controller/7.5/config_guide/b_cg75_chapter_0111100.html

Session timer is a hard timeout and you can leave that disabled and it default to 24 hours. The idle timer is how long you want the WLC to keep the device in the RUN state.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to ittechk4u

‎02-06-2014 10:25 AM

Hi,

As long as a client entry is not removed from the WLC, it should not have to re web-auth.

Session timeout is a hard stop, so yes you could limit the session timeout to 12 hours. The other problem is that the WLC will "remove" a client by default after 5 minutes of an AP not hearing from the client. So a client who is shut down, or in power-save (no wireless packets), will be deauthenticated after the idle timeout period.

The user idle timeout is when you shut down laptop, or move away, so no deauthenticate frame was sent the client just goes silent. The idle timeout defines how long the WLC waits before deleting the client entry when it's not hearing AT ALL a single frame from the client.

But still I feel this is not you want, you want permanent connection to guest users but I think it is not possible now.

Hope it helps.

Reagrds

Dont forget to rate helpful posts

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎02-06-2014 10:13 AM

Set the idle timer on the WLC to something like 7200 seconds or 14400 seconds. That will allows devices I stay idle for that long before having to login again.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Scott Fella

‎02-06-2014 10:14 AM

With the later code versions of the WLC, you can define this on the WLAN advanced tab instead of globally in the GUI Controller tab.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
ittechk4u
Level 1
Level 1
In response to Scott Fella

‎02-06-2014 10:17 AM

Cant I do it permanently that it never ask username and password till my account expires ??

Thanks

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to ittechk4u

‎02-06-2014 10:21 AM

I dont think you can do it permanently with WLC.

Reagrds

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to ittechk4u

‎02-06-2014 10:24 AM

The issue is with certain devices especially Apple. The session timer has to be a higher value than the idle timer. You can use the sleeping client feature if you are just using WebAuth.

http://www.cisco.com/en/US/docs/wireless/controller/7.5/config_guide/b_cg75_chapter_0111100.html

Session timer is a hard timeout and you can leave that disabled and it default to 24 hours. The idle timer is how long you want the WLC to keep the device in the RUN state.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to ittechk4u

‎02-06-2014 10:25 AM

Hi,

As long as a client entry is not removed from the WLC, it should not have to re web-auth.

Session timeout is a hard stop, so yes you could limit the session timeout to 12 hours. The other problem is that the WLC will "remove" a client by default after 5 minutes of an AP not hearing from the client. So a client who is shut down, or in power-save (no wireless packets), will be deauthenticated after the idle timeout period.

The user idle timeout is when you shut down laptop, or move away, so no deauthenticate frame was sent the client just goes silent. The idle timeout defines how long the WLC waits before deleting the client entry when it's not hearing AT ALL a single frame from the client.

But still I feel this is not you want, you want permanent connection to guest users but I think it is not possible now.

Hope it helps.

Reagrds

Dont forget to rate helpful posts

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎02-06-2014 10:19 AM

adding to above

You can set the session timeout up to 24 hours. That's the max and webauth users will have no other option than re-login every day.

If you want a guest PC to stay connected for longer periods, I doubt that the guest portal solution is the best for your use case.

Reagrds

Dont forget to rate helpful posts

0 Helpful

Go to solution
ittechk4u
Level 1
Level 1
In response to Sandeep Choudhary

‎02-06-2014 10:27 AM

OK Thanks sandep & Scott

You guys are really great.

Reagrds

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to ittechk4u

‎02-06-2014 05:03 PM

Just remember with Apple devices, it's when the device scene closes that the idle timer starts counting down. With Apple devices, I also way keep the session timer niche he and have the idle timer set at 7200 or 14400. This allows users to go to lunch etc and come back without logging back on. I would make sure that your on a code that allows this to be configured on the WLAN and not global. This can cause issues when using FlexConnect mode and keeping users in the run state.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card