cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2022
Views
5
Helpful
8
Replies

Apple Clients Having To Re-Authenticate To Guest Network

Donald Wolfe
Level 1
Level 1

Hi,

We have a client that is having problems with their guest network and apple clients.  The issue is that the apple clients will drop connection after a period of time and will have to re-authenticate.  I have verified that the "idle timeout" value is set to 36000.  It only seems to be impacting the apple users on the guest network. 

8 Replies 8

Donald Wolfe
Level 1
Level 1

Hi,

I think that I may have found the answer.  I didnt realize that there was a "sleeping client" feature in the WLC/Code.  I am going to check to see if that is enabled this afternoon and if its not, I will enable it and test.  I will post my results.

Ok..it turns out that our client is not running any layer 3 services on the WLAN so the "sleeping client" feature is not there.  It is only impacting apple clients and it seems to be that when the clients go to sleep they are forced to re-authenticate once they wake back up.  Is there a resolve to this issue?

How you configured the WLAN!!

paste the output of these commands:

sh wlan <id>

sh network summary 

Regards

Dont forget to rate helpful posts

Ok..an update to the issue.  Its impacting Apple users on the Guest SSID. 

*No Layer 3 on Guest SSID

*Session Timeout set to 36000

*Client User Timeout is not enabled

*Client User Idle Threshold set to 0 Bytes.

Another question to add to the mix is...if the client goes to sleep and upon waking they associate to a different AP in the area, will they be required to re-authenticate to the Guest SSID that they were previously authenticated to?

Cisco Controller) >show network summary

RF-Network Name............................. MADRF
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
Secure Web Mode SSL Protocol................ Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Enable
Ethernet Broadcast Forwarding............... Disable
IPv4 AP Multicast/Broadcast Mode............ Unicast
IPv6 AP Multicast/Broadcast Mode............ Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds

--More-- or (q)uit
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Disable
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Enable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Enable
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect  ................... Disable
Web Auth Captive-Bypass   .................. Enable
Web Auth Secure Web  ....................... Enable
Web Auth Secure Redirection  ............... Disable
Fast SSID Change ........................... Enabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
Link Local Bridging Status ................. Disabled
CCX-lite status ............................ Disable
oeap-600 dual-rlan-ports ................... Disable
oeap-600 local-network ..................... Enable

--More-- or (q)uit
oeap-600 Split Tunneling (Printers)......... Disable
WebPortal Online Client .................... 0
WebPortal NTF_LOGOUT Client ................ 0
mDNS snooping............................... Disabled
mDNS Query Interval......................... 15 minutes
Web Color Theme............................. Default
Capwap Prefer Mode.......................... IPv4
Client ip conflict detection (DHCP) ........ Disabled

any updates on this? I'm having the same issue now on my WiSM2 and 5508 WLCs. Clients on the guest network go idle for 300 seconds and upon waking up they are being redirected to our terms page and issuing DHCP release packets and issued a new IP. It's only on our guest network, using webauth. We are on code versions 8.140.0.0 and 8.140.0.15 on the WiSM2s. I will look into the sleeping clients feature but the fact that the client is dropping and releasing it's IP address is weird. 

Create a new thread and post the output of these commands:

How you configured the WLAN!!

sh wlan <id>

sh network summary 

Regards

Dont forget to rate helpful posts

Any resolution on this issue? I am having the same problem in 2019. The Sleeping Client Timeout on our WLC is set for 720 minutes. It doesn't seem to be the Sleeping Client Timeout causing the re-authentication issue for the affected iPhone users.

 

I am almost convinced this is an Apple iOS problem or device settings problem as not all iPhone users are experiencing this.

Sandeep Choudhary
VIP Alumni
VIP Alumni

Hi,

hwre is the post about how to configure sleeping client on WLC.

http://www.borderlessccie.net/?p=220

Regards

Dont forget to rate helpful post 

Review Cisco Networking for a $25 gift card