Cisco Support Community
Community Member

What maintains the authentication "session" for pass-through authentication?

We have Web Authentication set up where we are using pass-through authentication. Everything work but we are having issues were clients have to reauthenticate. What maintains the session infomation for a client? Meaning after they click Ok and go to the target web page does the controller track the client or does the browser track the session with the controller?

I guess what I'm looking at is trying to figure out where the connection is being lost and what is forcing the user to reauthenticate.

Hall of Fame Super Silver

Re: What maintains the authentication "session" for pass-through

The controller manages that. You have two timers, a session timer and an idle timer. Upon successful authentication, the session timer counts down. By default the session timer is 30 minutes and the idle timer is 5 minutes. When the session timer expires, the device is removed from the WLC and a reauth is required. If the device is shut down or if in sleep mode and doesn't respond to probes from the AP, the idle timer starts counting down. When this timer expires, then the client is removed from the WLC. When a client is removed from the WLC, the user is forced to hit the splash page and have to hit accept again.

Typically I would either set the session timer to infinity or let's say 12 hours and the idle timer for 2-4 hours. So in case a user goes for a long lunch and comes back, they don't have to log back in.

Hope this helps you understand the timers.

Sent from Cisco Technical Support iPhone App

*** Please rate helpful posts ***
CreatePlease to create content