Solved: Need to relogin web auth again and again

mahesh18 · ‎08-29-2015

Hi everyone,

PC is connected with AP.

In WLC user timeout settings are 30000.

enable session timeout is unchecked.

WLC Software Version 7.0.230.0

Then also Laptop loses the connection.i can not ping the default gateway form laptop.

i need to do web login again to fix the issue.

Need to know what else i can do to fix this issue?

Regards

MAhesh

gohussai · ‎08-31-2015

From WLC GUI.

1- "Enable Sleeping Client" by checking the box On WLAN you want the PC to connect.

2- Make sure that the session timeout is greater than the client idle timeout,only then Enable Sleeping Client will work.

Ref:-

http://www.borderlessccie.net/?p=220

This will solve your issue.

View solution in original post

Sandeep Choudhary · ‎09-01-2015

Mahesh,

You have old controller with old Software version so you don't have many feature which other people suggesting.

I am using a WLAN with webauth and its not asking for reauth again and again.

But for this you need to set these parameter:

Session Timeout -65535
User Idle Timeout - 86400
ARP Timeout - 86400

Regards

Don't forget to rate helpful posts

View solution in original post

Sandeep Choudhary · ‎08-31-2015

Hi Mahes,

You can Change These Time-out(Max one day).

set These and try again:

Session Timeout -65535
User Idle Timeout - 86400
ARP Timeout - 86400

More info: https://rscciew.wordpress.com/2014/05/07/timeout-setting-on-wireless-lan-controller/

***You need to re-authenticate the devices each and every time the timer expires.

Regards

Don't Forget to rate helpful posts

Prakash Parvathala · ‎08-31-2015

I think, it's a expected. client has to re-login/reauth after session timeout or deauth.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml

(search - session timeout on the page)

Note: If clients are active after successful login, they will get de-authenticated and entry can still be removed from the controller after the session timeout period configured on that WLAN (for example,1800 seconds by default and can be changed using this CLI command: config wlan session-timeout ). When this occurs, client entry is removed from the controller. If the client associates again, it will move back in a Webauth_Reqd state.

If clients are in Webauth_Reqd state, no matter if they are active or idle, the clients will get de-authenticated after a web-auth required timeout period (for example, 300 seconds and this time is non-user configurable). All traffic from the client (allowed via Pre-Auth ACL) will be disrupted. If the client associates again, it will move back to the Webauth_Reqd state.

mahesh18 · ‎08-31-2015

but in my case session idle timeout is unchecked.

So this should mean that even if client PC is idle it should not ask for relogin right?

where in WLC i can find the web-auth required timeout period?

i have configured internal local user account and that account is permanent it is not guest account.

Regards

Mahesh

Sandeep Choudhary · ‎09-01-2015

Mahesh,

You have old controller with old Software version so you don't have many feature which other people suggesting.

I am using a WLAN with webauth and its not asking for reauth again and again.

But for this you need to set these parameter:

Session Timeout -65535
User Idle Timeout - 86400
ARP Timeout - 86400

Regards

Don't forget to rate helpful posts

mahesh18 · ‎09-03-2015

Many thanks Sandeep i will do as you suggested.

Regards

Mahesh

Saravanan Lakshmanan · ‎09-06-2015

This option not available on old wlc version. Guess the default is one hr. and we're stuck with it unless web-auth never timesout. passive client, sleeping clients are other features available.

http://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/118963-config-web-auth-timeout-wlc-00.html

Log in via the CLI and enter the config wlan security web-auth timeout command in order to increase the Web-auth timeout value.

(WLC)>config wlan security web-auth timeout ?
<value> Configures Web authentication Timeout (300-14400 seconds).

(WLC)>config wlan security web-auth timeout 3600 <Wlan_id>

Verify

Use this section to confirm that your configuration works properly.

The Web-auth session timeout value for your WLAN appears as this example output shows:

(WLC)>show wlan 10
Web Based Authentication...................... Enabled
Web Authentication Timeout.................... 3600

gohussai · ‎08-31-2015

From WLC GUI.

1- "Enable Sleeping Client" by checking the box On WLAN you want the PC to connect.

2- Make sure that the session timeout is greater than the client idle timeout,only then Enable Sleeping Client will work.

Ref:-

http://www.borderlessccie.net/?p=220

This will solve your issue.

mahesh18 · ‎08-31-2015

Seems 4402 does not support this feature

(Cisco Controller) >config wlan custom-web ?

ext-webauth-url Configures an External Web-Auth URL.
global         Configures the Global Status for the WLAN.
login-page     Configures a Login Page Name.
loginfailure-page Configures a Loginfailure Page Name.
logout-page    Configures a Logout Page Name.
webauth-type   Configures the Web-Auth-Type for the WLAN.

(Cisco Controller) >config wlan custom-web

Regards

Mahesh

gohussai · ‎09-01-2015

If the above doesn't work ,as I mentioned earlier. Then Clients will have to Re-Auth.

Note:- Check again to make sure you can configure these parameters.

mahesh18 · ‎09-01-2015

Seems this feature is only supported on WLC with version 7.5 as per link which you send me.

markwi001 · ‎09-05-2019

So the session timeout is in the GUI

WLAN, Advanced, Enable session timeout

Then ARP Timeout and User Idle Timeout are in GUI

Controller, General.

Is this still best practice to set this to 86400 for a modern web auth. setup on a 5520 controller with 8.3 code.

I wonder if perhaps Scott Fella or one of the other luminaries would comment on this?

Thank you.