Solved: 7.5 web-auth client sleep timer feature

Anthony Poli · ‎08-21-2013

The 7.5 release advertises the ability to configure a timeout value so that guest clients which go to sleep are not re-prompted for web-auth. Does anyone know if 7.5 would only be required on the anchor WLC or must it also be on the foreign? We utilize web-auth for a guest WLAN and anchor it to a WLC in the DMZ. Preference would be to NOT load 7.5 on every WLC we have and only upgrade our guest anchor.

Thanks!

Anthony

Scott Fella · ‎08-21-2013

Since the client associates to the foreign wlc, the timers are set there.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎08-21-2013

Since the client associates to the foreign wlc, the timers are set there.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Anthony Poli · ‎08-22-2013

Thanks Scott.

We upgraded a test WLC to confirm this behavior.

One thing I failed to mention is that we are using web-passthrough instead of authentication, which appears to be the only way to utilize the sleep timer, officially. If you select web-passthrough, the sleep selection is not available. I found a workaround by selecting web-passthrough in the GUI, then enabling the sleep timer via CLI which then made it appear in the GUI! Odd, but it's working the way we want it to so far.

Thanks again.

Anthony

Scott Fella · ‎08-22-2013

Yeah... sleeping clients is used only for the captive portal, which I though you were using:) During your test, did you anchor it and which one did you set the timers on?

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Anthony Poli · ‎08-22-2013

We only upgraded the foreign WLC to 7.5. The anchor is still 7.4, so all the configuration was on the foreign side.

This guest SSID has always been in an anchor configuration.

Anthony

Scott Fella · ‎08-22-2013

Okay... for some reason I was thinking you got it to work just on the anchor.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

LUIGI PIETRONAVE · ‎03-13-2015

Hi Scott ( and all ),

I was making some tests with sleeping client with a infrastructure like this:

- 2 foreign ( 5508 ) with the APs and client association

- 2 anchor ( 4402 ) on the DMZ

- radius for client auth

From my understand the :

- clients are associated to the foreign but

- the authentication is forwarded to the anchor

( I can see the request on the radius with the anchor NAS IP address and, before the client is authenticated, i get the status as REQ_D state on the anchor )

So I suppose the sleeping client feature should be on the anchor ( or on both wontroller ) and not only on the foreign. I'm wrong ?

If You've some Idea to let it works with only sleeping config on the foreign i will solve one big issue because my anchors are 4402 without sleeping feature available.

All is working fine on the foreign if I remove the anchor configuration ( by the way, like this isn't anymore a foreign )

Saravanan Lakshmanan · ‎04-09-2014

what you're seeing is right.

//Sleeping client feature was developed to work only for WLAN with Web Auth security. Web Pass through is not supported.

https://tools.cisco.com/bugsearch/bug/CSCuj26050

CSCuj26050 Sleeping client feature fails with Web Passthrough