Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Preventing Frequent Web Re-Authentication

Hi.

We have some 5508 controllers with and 1142 APs + web authentication using ACS.  Ours is a Conference + Staff utility where we want our users to remain authenticated as long as possible.  To this end I had modfied User Idle Timeout to 90,000 seconds and DHCP lease to 72 hours.  This had worked well with  6.0.196.0 so that users did not need to authenticate so often. 

However, after I upgraded to                                             6.0.199.4 the following happened : (1) Users need to re-authenticate every time they close the laptop lid and laptop goes into hibernate (2) On some small devices like iPods frequent re-authentication  is needed.

After some debug etc, I found on the Controller trap messages the following entries:

204 Fri Nov 12 09:06:44 2010 Client Deauthenticated: MACAddress:de:ad:be:ef:11:11 Base Radio MAC:30:37:a6:c3:xx:xx Slot: 1 User Name: XXX Ip Address: YYYY Reason:Unspecified ReasonCode: 1

203  Fri Nov 12 09:06:44 2010User XXX logged Out. Client MAC:de:ad:be:ef:11:11, Client YYYY, AP MAC:30:37:a6:c3:xx:xx, AP Name:ap10

Looks like AP sends a de-authenticate to the client and client logs out.  Should not the User Idle Timeout to 90,000 seconds help me keep the client logged in ?

Would anybody know how this can be fixed ? Would 6.0.199.4.157 release I saw on the forum help this case in your opinion?

Thanks a lot for reading my post,

Suman

3 REPLIES
Cisco Employee

Re: Preventing Frequent Web Re-Authentication

Hi,

there is a likely reason. In 6.0.199.4, a new feature got introduced. The AP will deauthenticate the client after a certain number of retransmissions. I guess that this happens because your clients are in sleep mode.

They came up with a fix that keeps the client entry in memory so no re-authentication is needed. The fix should be contained in the special release you mention.

I suggest you open a TAC case so they can validate it and provide you with the software.

Nicolas

===

Don't forget to rate answers that you find useful

Community Member

Re: Preventing Frequent Web Re-Authentication

Dear Nicolas,

It's very kind of you to give me this information.  Thank you so much.  I will get the patch through TAC and apply it.

Many thanks and have a good day.  I will post my feedback afterwards  few days after installation.

Suman

Community Member

Re: Preventing Frequent Web Re-Authentication

Dear Nicolas,

Just as an update. Our integrator is advising us to be cautious and wait for a public release.

In any case, your comments helped us a lot - otherwise we were spending lots of time in debugs.

Many thanks,

Suman

685
Views
5
Helpful
3
Replies
CreatePlease to create content