Solved: What is the default web-auth required timeout period?

hokokshun · ‎10-24-2011

Hi,

As according to the cisco config example. (http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml),

it says:

If clients are in Webauth_Reqd state, no matter if they are active or idle, the clients will get de-authenticated after a

web-auth required timeout period (for example, 300 seconds and this time is non-user configurable). All traffic from the client (allowed via Pre-Auth ACL) will be disrupted. If the client associates again, it will move back to the Webauth_Reqd state. If clients are in Webauth_Reqd state, no matter if they are active or idle, the clients will get de-authenticated after a web-auth required timeout period (for example, 300 seconds and this time is non-user configurable). All traffic from the client (allowed via Pre-Auth ACL) will be disrupted. If the client associates again, it will move back to the Webauth_Reqd state.

What is the default web-auth required timeout period stated in the example?

Many thanks.

pcroak · ‎10-25-2011

Hello,

Wireless clients that do not complete the web-authentication process will be deauthenticated after a 5 minute period. This timer cannot be configured.

The clients will likely associate right away again, but this behavior will continue until web-authentication is passed.

-Pat

View solution in original post

Salil Prabhu · ‎10-25-2011

Hi,

Yes it is 300 seconds and non-configurable to prevent DOS by depleting IP address on Guest wlan/vlan. There is an enhancement request filed esp. for your situation with Pre-auth ACL.

CSCtj32812 DHCP Option to mitigate the problem of guest client rejoining network

Thanks.Salil

CSCtj32812

DHCP Option to mitigate the problem of guest client rejoining network CSCtj32812

DHCP Option to mitigate the problem of guest client rejoining network

View solution in original post

pcroak · ‎10-25-2011

Hello,

Wireless clients that do not complete the web-authentication process will be deauthenticated after a 5 minute period. This timer cannot be configured.

The clients will likely associate right away again, but this behavior will continue until web-authentication is passed.

-Pat

Salil Prabhu · ‎10-25-2011

Hi,

Yes it is 300 seconds and non-configurable to prevent DOS by depleting IP address on Guest wlan/vlan. There is an enhancement request filed esp. for your situation with Pre-auth ACL.

CSCtj32812 DHCP Option to mitigate the problem of guest client rejoining network

Thanks.Salil

CSCtj32812

DHCP Option to mitigate the problem of guest client rejoining network CSCtj32812

DHCP Option to mitigate the problem of guest client rejoining network

hokokshun · ‎10-25-2011

Thanks guys for explaining to me. it has been a great help.

Salil, may i ask what is CSCtj32812 which is in your reply? And what do you mean by DHCP Option to lessen the problem?

Salil Prabhu · ‎10-25-2011

Hi,

CSCtj32812, is an enhancement bug filed on the WLC to mitigate the problem you are facing.

You can look more details by going over the following link.

Bugtoolkit : http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

The idea what they are trying to use is move the client to RUN state upon utilizing DHCP options send by DHCP server..

Thanks..Salil

http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugsBugbugtoolkit

hokokshun · ‎10-25-2011

Thanks Salil...

Salil Prabhu · ‎10-26-2011

Thanks . Between if you think this question helped answer you query can you mark this questions as answered so others can benefit when they search.Ofcourse, this also gives credit to folks who responded.

Thanks..Salil