https://community.cisco.com/t5/wireless/web-authentication-behavior-and-timeouts/m-p/4495256#M235059 <P>Greetings!</P><P>&nbsp;</P><P>I have some doubts about the behavior of a scenario with Web Authentication and Timeouts configured. In this company there is an SSID with Web Authentication and it has the following timers configured:</P><P>&nbsp;</P><P>Session Timeout.................................. 28800 seconds<BR />User Idle Timeout................................ Disabled<BR />Sleep Client..................................... disable<BR />Sleep Client Timeout............................. 720 minutes<BR />Sleep Client Auto Auth Feature................... Enabled</P><P>.</P><P>.</P><P>Web Authentication Timeout.................... 300</P><P>.</P><P>.</P><P>PMF........................................... Disabled</P><P>PMF Association Comeback Time................. 1<BR />PMF SA Query RetryTimeout..................... 200<BR />Tkip MIC Countermeasure Hold-down Timer....... 60</P><P>.</P><P>.</P><P>802.11v BSS Transition Disassoc Timer............ 200<BR />802.11v BSS Transition OpRoam Disassoc Timer..... 40</P><P>.</P><P>.</P><P>11ax Target Wake Time............................ Enabled</P><P>.</P><P>.</P><P><BR />1. Is it normal behavior for a user to disconnect from the SSID and after a few minutes reconnect and be asked for credentials?</P><P>2. If the above is expected, however, I have noticed that I can disconnect from that SSID and when I reconnect it has not asked me for credentials, how long do I have to wait for that to happen?</P><P>3. I also noticed the session timeout is independent of whether the user is currently using the network or not? that is, I'm working using the Internet but after 8 hours it logs me out of the session and I have to enter my credentials again. I assume I have to increase the session timeout.</P><P>4. What are the best practices for configuring wlan timers? Are there other timers, apart from what I mentioned above, in play?</P><P>&nbsp;</P><P>Thanks</P> Fri, 29 Oct 2021 23:24:09 GMT Andy Ruiz Inami 2021-10-29T23:24:09Z https://community.cisco.com/t5/wireless/web-authentication-behavior-and-timeouts/m-p/4495256#M235059 <P>Greetings!</P><P>&nbsp;</P><P>I have some doubts about the behavior of a scenario with Web Authentication and Timeouts configured. In this company there is an SSID with Web Authentication and it has the following timers configured:</P><P>&nbsp;</P><P>Session Timeout.................................. 28800 seconds<BR />User Idle Timeout................................ Disabled<BR />Sleep Client..................................... disable<BR />Sleep Client Timeout............................. 720 minutes<BR />Sleep Client Auto Auth Feature................... Enabled</P><P>.</P><P>.</P><P>Web Authentication Timeout.................... 300</P><P>.</P><P>.</P><P>PMF........................................... Disabled</P><P>PMF Association Comeback Time................. 1<BR />PMF SA Query RetryTimeout..................... 200<BR />Tkip MIC Countermeasure Hold-down Timer....... 60</P><P>.</P><P>.</P><P>802.11v BSS Transition Disassoc Timer............ 200<BR />802.11v BSS Transition OpRoam Disassoc Timer..... 40</P><P>.</P><P>.</P><P>11ax Target Wake Time............................ Enabled</P><P>.</P><P>.</P><P><BR />1. Is it normal behavior for a user to disconnect from the SSID and after a few minutes reconnect and be asked for credentials?</P><P>2. If the above is expected, however, I have noticed that I can disconnect from that SSID and when I reconnect it has not asked me for credentials, how long do I have to wait for that to happen?</P><P>3. I also noticed the session timeout is independent of whether the user is currently using the network or not? that is, I'm working using the Internet but after 8 hours it logs me out of the session and I have to enter my credentials again. I assume I have to increase the session timeout.</P><P>4. What are the best practices for configuring wlan timers? Are there other timers, apart from what I mentioned above, in play?</P><P>&nbsp;</P><P>Thanks</P> Fri, 29 Oct 2021 23:24:09 GMT https://community.cisco.com/t5/wireless/web-authentication-behavior-and-timeouts/m-p/4495256#M235059 Andy Ruiz Inami 2021-10-29T23:24:09Z https://community.cisco.com/t5/wireless/web-authentication-behavior-and-timeouts/m-p/4495316#M235065 <P><SPAN class="">1. No.&nbsp;</SPAN></P><P><SPAN class="">2. You have idle timeout and sleeping client disabled. So only until session timeout.</SPAN></P><P><SPAN class="">3 &amp; 4. You can set the session timeout as per your business requirements. There is no industry standard. You also need to understand how these timers work.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN class="">Session Timeout - This will make sure that the Wireless client is deauthenticated after the set timer even it is actively transmitting and receiving data.</SPAN></P><P><SPAN class="">Idle Timeout - This is there to make sure that the wireless client is deauthenitcated after client is idle for certain time, where the time is defined in the WLC.</SPAN></P><P><SPAN class=""><SPAN>Web Authentication Timeout - If the user has not completed the web auth he will be prompted a new login page after the defined timer.</SPAN></SPAN></P><P><SPAN class="">Sleeping client - Once the user complete the web auth how long controller has to remember the client.&nbsp;Sleeping client doesnt work for CWA.</SPAN></P> Sat, 30 Oct 2021 05:03:59 GMT https://community.cisco.com/t5/wireless/web-authentication-behavior-and-timeouts/m-p/4495316#M235065 Arshad Safrulla 2021-10-30T05:03:59Z