Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
8
Helpful
6
Replies

9800-WLC How to disable Session Timeout

Go to solution
Gehrig_W
Level 1
Level 1

‎03-14-2025 03:09 AM - edited ‎03-14-2025 03:10 AM

Hello Cisco WLAN experts,

this huge hospital is using a patient WLAN and people are complainig about being cut off the WLAN for patients after estimated every 15 minutes.

I found out, that on our good old 5520-WLCs, which are still hosting a big part of our 2500 WLAN APs, the session timeout marking field was not activated in the past. So far so good.

In contrast to that, on our new 9800-80-WLCs, there is no Enable session timeout checkbox anymore. Now it is an input field for a time range in seconds. The information help for this input field states:

For Dot1x profile: Allowed Range is 300 to 86400 secs (Any value less than 300 is treated as 86400 secs)

WLC 9800 Session Timeout.jpg

Guys, I simply want the same  setting as formerly being used on the 5520-WLCs.

I want a "No session timeout" !!!

When I try to simply empty the Session timeout field to conform to5520-WLC-syntax, I receive an error-message:

WLC 9800 Session Timeout field empty.jpg

Please advise how I can achieve "No session timeout" please.

And Yes, I'm so thankful for all Your help so far and in the past.

Wini

 

 

 

 

 

 

 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎03-14-2025 03:54 AM

 

  - Ref : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#clienttimer
    >...
    >

 In AireOS, a session timeout that is set to 0 (zero) means the maximum possible timeout. In the C9800 for releases before 17.4.1, it actually means “no session timeout,” so if you use the same setting as in AireOS, every roam on a C9800 network will be a slow roam and require a full reauthentication.

●     Starting with Release 17.4.1, for WLAN configured for 802.1x authentication, if user configures any value between 0 (included) and 300 seconds, the session timeout is set automatically to 86400 seconds (24 hours), which is the maximum supported value.

   So it seems that in the modern IOS-XE releases the infinite session timeout is no longer available ,

  M.

 

    



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

6 Replies 6

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎03-14-2025 03:54 AM

 

  - Ref : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#clienttimer
    >...
    >

 In AireOS, a session timeout that is set to 0 (zero) means the maximum possible timeout. In the C9800 for releases before 17.4.1, it actually means “no session timeout,” so if you use the same setting as in AireOS, every roam on a C9800 network will be a slow roam and require a full reauthentication.

●     Starting with Release 17.4.1, for WLAN configured for 802.1x authentication, if user configures any value between 0 (included) and 300 seconds, the session timeout is set automatically to 86400 seconds (24 hours), which is the maximum supported value.

   So it seems that in the modern IOS-XE releases the infinite session timeout is no longer available ,

  M.

 

    



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
Gehrig_W
Level 1
Level 1

‎03-14-2025 05:31 AM

Hello Marce1000, thank You very much for Your fast and good reply.

I will therefore choose 86400 seconds (1day) which perfectly fits to our patients daily fee for using WLAN.

Most of them do not roam very often by the way, but remain in their beds or near their rooms for recreation.

5000 patients and possible WLAN-users will be happy in future to avoid a stupid break every 1800 seconds

which is apparently the standard value for session timeout within the 9800-WLCs.

I would appreciate this standard value would be changed to 86400 seconds in future.

The rule change with Releasea 17.4.1 for values between 0 and 300 is not explainable to normal humans.

  • Starting with Release 17.4.1, for WLAN configured for 802.1x authentication, if user configures any value between 0 (included) and 300 seconds, the session timeout is set automatically to 86400 seconds (24 hours), which is the maximum supported value.

Kind regards

Wini

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Gehrig_W

‎03-14-2025 06:59 AM

I think there are two things here.  I recall on AireOS that we always had a session timeout which was 1 day and behind the scenes.  The idle time plays a big roll in this also because the idle timer would also deauthenticate if that is reached.  With Webauth and guest, you would set the session timer to like 1 day and the idle timer higher, but has to be lower than the session timer or else it would be default even if you changed the session value.  I think in most environments what also cause issues is when the dhcp lease is very low causing duplicate ip's or a device that was booted after being idle had to get a new ip address.  

-Scott
*** Please rate helpful posts ***

Go to solution
Gehrig_W
Level 1
Level 1

‎03-17-2025 12:25 AM

Hello Scott,

thank You for Your reply.

I have changed the session timeout to 86400 second =1 day for the WLAN of our patients now. The idle timer is still on 300 seconds. What is Your recommendation for the idle timer in this case ? I compared to our good old WLC-5520-config.

Here we used:

Session timeout: Not marked = Notactivaed in my opinion = 1 day ?!?

Client user idle timeout(15-100000): Not marked = Global Controller value for Client user idle timeout will be choosen. = 300 seconds 

Timeout for idle client sessions for a WLAN. This value overrides the global timeout value.

The range is from 15 to 100000 seconds. The default value is 300 seconds

 

Shall I increase the idle timeout also to which value please?

Thank You for Yor help

Kinde regards

Wini

 

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Gehrig_W

‎03-17-2025 06:50 AM

The only time I would increase the idle timer is when internal webauth is being used.  For any 802.1x/ or PSK, I typically leave that alone using the default 300.  My suggestions is to set it how you want, I mean both the session time and the idle timer and then gather data and see what is happening on the client side.  Experience on guest as an example can just be due to other things, like the dhcp lease, any throttling you might be doing, etc. Make sure you gather data before you start increasing the idle timer, etc. you really don't want to be changing this every hour unless its breaking something.

-Scott
*** Please rate helpful posts ***

Go to solution
JPavonM
VIP
VIP

‎03-17-2025 12:58 AM

As @Scott Fella said, a long idle timeout may also impact connectivity if the DHCP lease is lower than that value.

I would recommend setting idle timeout arounf 50%-75% the DHCP lease time so to avoid duplicated IP addresses.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card