Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Questions about the web authentication behaviour

Hello colleagues,

I have a question: we have a set up with WLC 55xx and WLC as managements system. We use guest wlan with web authentication.

The authentication in general works fine: the users get asked for login when they try to access a web page, once authenticated they can access the web page they are trying to open. When they then logout and try to access again some web page they get asked for a new authentication and so on, everything here is fine.

But if a user doesn't press the logout button but just closes the browser and later tries to access a web page he gets access with the need to authenticate.

So, here I have a few questions:

- what is the time out after which he will get automatically logged out?

- can this be changed?

- is there some configuration way in which even without the logout button being pressed to get the user logged out once he has closed the browser?

Thanks in advance for the input,

Vesko

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Questions about the web authentication behaviour

Hello Vesko:

-  what is the time out after which he will get automatically logged out?

A: This is the user idle timeout. configurable under Controller-> General. The default is 300 seconds ( 5 minutes).

- can this be changed?

A: Yes. from the location specified above.

- is there some configuration way in which even without the logout button being pressed to get the user logged out once he has closed the browser?

No. You should wait for the user-idle timeout to expire. You can minimize the user idle timeout to the minimum. valid range for the user idletimeout is 15-100000 seconds.

The User Idle Timeout: When a user is idle without any communication with the LAP for the amount of time set as User Idle Timeout, the client is deauthenticated by the WLC. The client has to reauthenticate and reassociate to the WLC. It is used in si...

Reference: http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00808b4c61.shtml

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
3 REPLIES

Re: Questions about the web authentication behaviour

Hello Vesko:

-  what is the time out after which he will get automatically logged out?

A: This is the user idle timeout. configurable under Controller-> General. The default is 300 seconds ( 5 minutes).

- can this be changed?

A: Yes. from the location specified above.

- is there some configuration way in which even without the logout button being pressed to get the user logged out once he has closed the browser?

No. You should wait for the user-idle timeout to expire. You can minimize the user idle timeout to the minimum. valid range for the user idletimeout is 15-100000 seconds.

The User Idle Timeout: When a user is idle without any communication with the LAP for the amount of time set as User Idle Timeout, the client is deauthenticated by the WLC. The client has to reauthenticate and reassociate to the WLC. It is used in si...

Reference: http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00808b4c61.shtml

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
Hall of Fame Super Silver

Re: Questions about the web authentication behaviour

Here is what I have ran into.... Do you want to get on the guest wireless and then have to find out that your outlook mail stopped or your VPN connection has ended because you closed out your browser? To me that's a terrible guest wireless. You should be able to stay connected even if your browser is closed, not may use that logout button anyways... I'm talking about in any free hotspot areas. At least I don't. The other issue is that some browsers automatically close the logout browser pop up so you don't have that issue. Now for the catch... If you change the session timeout, then that will force the user to have to log back in. I usually set this at 4-8 hours so users don't complain and they have a good experience. Idle timeout will clear the Mac address from the wlc when the client goes to sleep or leaves the wireless area. The issue with setting a low idle timeout or leaving it at default is the iDevices after it goes to sleep will always have to go through the webauth. It gets annoying! So I even increase this to 4 hours just so these users also has a good experience.

Sent from Cisco Technical Support iPad App

-Scott
*** Please rate helpful posts ***
New Member

Questions about the web authentication behaviour

Thank you for the answers,

Vesko

446
Views
0
Helpful
3
Replies
CreatePlease to create content