Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

wlc 4402 - problems in unauthenticated state


Using a 4402, ver 4.0.185,

I'm configuring a WLAN with no layer2 security, and I have configured the web-policy layer 3 security method with a preauth acl to allow connections to a couple of vpn concentrators for unauthenticated users.

Everything works fine, but I have observed a few things that worry me

a. When a client disassociates from my wlan, the wireless controller takes about 5 minutes to discover that this has happened. It looks as if it doesn't get the disassociation event.

b. if the client has not authenticated through the web-auth page, every about 5 minutes the client seems to be briefly disconnected from the WLAN and connect again immediately. This displays an annoying popup to the user and one-two packets are lost (I see this from a continuous ping I run concurrently)

The client statistics on the PC show that a roaming event has occurred but since the only AP with adequate signal is next to the PC I don't see any reasons for roaming.

Any ideas?




Re: wlc 4402 - problems in unauthenticated state

Does the roam event occur every 5 minutes or every 10? If it is 10 I bet you have your RRM refresh set to 600 seconds (default). When a RRM refresh occurs if there is a change of channel selection on the APs or power for that matter, there is a brief disconnection to the client to allow for reassociation under the new channel/power assignment configuration. This could be your problem. To test turn RRM off for about 30 minutes. If you have no disconnect, you have your answer. You can then set RRM refreshes to occur less frequently.

New Member

Re: wlc 4402 - problems in unauthenticated state

well, the reassociation/roam happens every 5 minutes, so I guess it's not RRM. Also, actually the version of the software is 4.1.185 ...

The strange thing is that I have found out that this behavior is directly related to the Auth status of the user.

When I have the web-policy enabled, each user that has not passed through web auth appears in the "Clients" report with unauthenticated status, and he faces the problem I have described.

If for example I disable the web-policy, and have a fully open WLAN, in the "clients" report the user appears as authenticated.

In this case the reassociation problem does not occur....

thanks for your time!

Re: wlc 4402 - problems in unauthenticated state

Try increasing your user idle timeout to 10 minutes and see if the time changes to 10 minutes.

New Member

Re: wlc 4402 - problems in unauthenticated state

I changed it to 10 minutes (arp timeout & user idle timeout == 600 ) but still every 5 minutes I have the same behavior. I also removed every setting about MFP, still the same.

I did some debugs and I see that at the time that this occurs there is a state transition:


I guess there is a hardcoded 5 min timeout for the user to do the web auth somewhere.

CreatePlease to create content