I'm testing my new wireless setup, I have the following:
pair of 5508 Internal Controllers (running 22.214.171.124 Field image 126.96.36.199)
pair of 5508 DMZ Controllers (running 188.8.131.52 Field image 184.108.40.206)
ISE VMWare Server
AP's 3600 (AIR-CAP3602I-E-K9)
My new WLAN Guest is setup for Web policy Authentication, users get redirected to my ISE Radius server for Authentication.
I connect to SSID Guest from my laptop, ISE Guest Portal page appears in my browser, I login with my account credentials successfully (locally stored on the ISE Server). Great Logged in accepted UP, can browse the Internet. Then after a period I seem to lose connection approx 10 mins, I'm still connected to SSID Guest, still have an DHCP address...debug client mac address on the Controller doesn't show any thing out of the ordinary (please find attached).
Is there some sort of timeout setting on the ISE? when I'm not connected or lose access to the webpage, I enter another URL and ISE login GuestPortal reappears I login again, then regain access.
Any ideas why my connection is timing out?
NB: I should also note that sometimes when I lose connection if I type a URL again, on the odd ocassion the ISE guest Portal page does not appear and I need to wait sometime for this to appear again, even though I'm still connected to SSID guest.
On the WLC, change the session timeout on the guest wlan to 28800 or just disable that. Then set the idle timer to 7200 (2hours) and see if that works better. You have to look at the client's Policy Manager State and see if its in the RUN state. You can also see the time let before re-auth (Re-authentication timeout) in the Monitor > Cients.
By default, the session timer is 1800 seconds and the idle timer is 300 seconds. Idle timer affects the ipads and iphones more than any other devices. Session timer affect all devices, and when using webauth, they are force to login again after the timers have expired.
Help out other by using the rating system and marking answered questions as "Answered"
As per your query i can suggest you the following solution-
A. The ARP Timeout is used to delete ARP entries on the WLC for the devices learned from the network.
The User Idle Timeout: When a user is idle without any communication with the LAP for the amount of time set as User Idle Timeout, the client is deauthenticated by the WLC. The client has to reauthenticate and reassociate to the WLC. It is used in situations where a client can drop out from its associated LAP without notifying the LAP. This can occur if the battery goes dead on the client or the client associates move away.
Note: In order to access ARP and User Idle Timeout on the WLC GUI , go to the Controller menu. Choose General from the left-hand side to find the ARP and User Idle Timeout fields.
The Session Timeout is the maximum time for a client session with the WLC. After this time, WLC de-authenticates the client, and the client goes through the whole authentication (re-authentication) process again. This is a part of a security precaution to rotate the encryption keys. If you use an Extensible Authentication Protocol (EAP) method with key management, the rekeying occurs at every regular interval in order to derive a new encryption key. Without key management, this timeout value is the time that wireless clients need to do a full reauthentication. The session timeout is specific to the WLAN. This parameter can be accessed from the WLANs > Edit menu.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...