topic Wireless lan Controller Session timeout and lwapp question in Wireless

Wireless lan Controller Session timeout and lwapp question

janet.maxwell — Sun, 04 Jul 2021 01:35:31 GMT

Hello, I am a bit confused about the session timeout value found in Wlan>advanced tab. our setting is set to 1800 which is the default. Our vendor just told us that this could be causing the client disconnect that we are seeing. I was under the impression that if a wireless client is connected and active it would not time out unless it is idle for longer than a give time. Can someone please explain what the WLAN session timeout vlaue affects...

Question Q2

Our ventor also indicated to us that the LWAP was used for routing traffic through the WISM. Our LWAPP is a layer 3 lwap. we are using DIstributed MA-850. Can the LWAPP tunnels cause client timeouts.

Re: Wireless lan Controller Session timeout and lwapp question

Kayle Miller — Mon, 08 Mar 2010 21:31:00 GMT

Janet,

In response to Question #1, the session timeout means that your authenticated user session expires in 1800 seconds, it is not an activity or idle timeout. So depending on your authentication method, this could cause your client to disconnect, I typically set this to 28800 (8 hours) unless the client has a specific requirement to re-authenticate more often.

In response to Question #2, the LWAPP tunnel that is built between the controller and the access point is used for all traffic between the Access point and the controller (Data, Management, Client). When a client attaches to a LWAPP AP their traffic is sent to the controller thru the LWAPP encapsulate tunnel, when it reaches the controller, it then routes the data and puts it onto the actual wired network, and data sent from the wired network to the client is sent to the controller, then encapsulated in the tunnel to the AP, and then the AP sends it to the client.

The only exception to this is when you have an access point in H-REAP mode and have the WLAN terminating locally. In this case the Management traffic is sent via the LWAPP tunnel, but user traffic is terminated locally on the switch and routed as if it were a wired client.

Hope this helps answer your questions.. Feel free to rate this answer.

Thanks,

Kayle

Re: Wireless lan Controller Session timeout and lwapp question

BRYN JONES — Tue, 09 Mar 2010 13:53:51 GMT

From this document:

(Page 13)

The Session Timeout is the maximum time for a client session with the WLC. After this

time, WLC de−authenticates the client, and the client goes through the whole authentication

(re−authentication) process again. This is a part of a security precaution to rotate the

encryption keys. If you use an Extensible Authentication Protocol (EAP) method with key

management, the rekeying occurs at every regular interval in order to derive a new encryption

key. Without key management, this timeout value is the time that wireless clients need to do a

full reauthentication. The session timeout is specific to the WLAN. This parameter can be

accessed from the WLANs > Edit menu.

Wireless lan Controller Session timeout and lwapp question

raypotot — Tue, 16 Jul 2013 09:35:03 GMT

What happen if i disable the session timeout and the user change its password in ldap. Willl it ask to re-authenticate or will keep the old credential.

Thanks,

Wireless lan Controller Session timeout and lwapp question

mmangat — Wed, 17 Jul 2013 02:16:02 GMT

Hello,

By default, the session timeout parameter is configured for 1800 seconds before a reauthentication occurs.

In order to access the session timeout parameter, click the WLANs menu in the GUI. It displays the list of WLANs configured in the WLC. Click the WLAN to which the client belongs. Go to the Advanced tab and you find Enable Session Timeout parameter. Change the default value to 180, and click Apply for the changes to take effect.

When sent in an Access-Accept, along with a Termination-Action value of RADIUS-Request, the Session-Timeout attribute specifies the maximum number of seconds of service provided before re-authentication. In this case, the Session-Timeout attribute is used to load the ReAuthPeriod constant within the Reauthentication Timer state machine of 802.1X.

For more details please check the following cisco doc:

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00808b4c61.shtml

Hope this helps!

I know this an old post but

BRYAN FORD — Wed, 19 Aug 2015 17:44:14 GMT

I know this an old post but we are testing the session timeout on the Wireless Controller if we disable the timeout will that have any adverse affects. They were set to re-authenticate every 30 minutes not sure what the magic timeout should be but we thought we would test without any.

Thanks

Bryan

Re: I know this an old post but

Jose Wang — Fri, 25 May 2018 02:12:03 GMT

Althoug almost 3 years has past since you post this message, I'm suffering same 30 minutes re-auth issue today. Did you find solution to avoid this 30 minutes re-auth? Thanks.