Solved: Apple devices keep connecting

MPribadi · ‎12-13-2023

Hi,

I'm using C9800-CL with 17.3.7 IOS, I have issue with users use Apple devices (MacBook, iPad, iPhone). I set the session timeout for 12 hours (43200 seconds), but all apple devices never get timeout, but android and windows users will have their time out. This issue consumes our bandwidth which limited because we use volume based for Starlink.

When I saw the client monitor, I found the session timer is not running as one of the user below:

When I check, all users have the same status (session timer not running). But once again, the session timeout is working for android and windows devices, but not with apple.

Any help would be appreciated.

Scott Fella · ‎12-13-2023

Have you tried to disable sleeping client on your test SSID?

-Scott
*** Please rate helpful posts ***

View solution in original post

MPribadi · ‎12-13-2023

Hello @Scott Fella, this is solved my problem. Even though the device seems connected to wireless:

But traffic is not passing through:

the device also removed from Client monitoring page. From show wireless client mac detail, i cannot see the mac after the timer reach 0.

xxx-vWLC#show wireless client mac 9ab9.e33d.5375 detail | in Time
Session Timeout : 600 sec (Remaining time: 17 sec)
Session Warning Time : Timer not running
Mobility Complete Timestamp : 12/13/2023 17:52:43 CET
Client Join Time:
Join Time Of Client : 12/13/2023 17:52:43 CET
Client Entry Create Time : 652 seconds
Absolute-Timer : 600
Absolute-Timer : 600
Reassociation Timeout : 20
Client Scan Report Time : Timer not running
xxx-vWLC#show wireless client mac 9ab9.e33d.5375 detail | in time
Idle state timeout : N/A
Session Timeout : 600 sec (Remaining time: 14 sec)
Session timeout : 600
xxx-vWLC#show wireless client mac 9ab9.e33d.5375 detail | in Time

xxx-vWLC#
xxx-vWLC#show wireless client mac 9ab9.e33d.5375 detail | in time

xxx-vWLC#

Many thanks!

MP

View solution in original post

marce1000 · ‎12-13-2023

- Advising to go to https://software.cisco.com/download/home/286322605/type/282046477/release/Cupertino-17.9.4a ,
since 17.3.x is end of support ; check if that can help ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

MPribadi · ‎12-13-2023

Hi @marce1000, I'll try to upgrade it. Just need a permission to have a good time to upgrade and reload it. I'll let you know the result.

MPribadi · ‎12-13-2023

Hi again @marce1000, upgraded to 17.9.4a. I'm still experiencing the issue.

marce1000 · ‎12-13-2023

- Investigate further with :
Controller# show wireless client mac <Apple CLIENT MAC ADDRESS> detail | inc time
| inc Time

(note sure if the first time after inc is case sensitive or not)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

MHM Cisco World · ‎12-13-2023

What auth method for wlan apple connect to?

MHM

MPribadi · ‎12-13-2023

Hi @MHM Cisco World, all devices (apple, android, windows) are using the same method which is web-auth:

And I configured the web-auth as follow:

MHM Cisco World · ‎12-13-2023

Local or central WebAuth

MHM

MPribadi · ‎12-13-2023

This is local web-auth. If they're authenticated the firewall will give the address since the DHCP server is on our firewall. This was working perfectly when we're using Cisco 3504 WLC but now it stops working for Apple product.

MP

MHM Cisco World · ‎12-13-2023

Hi

The apple run 802.11K

There is assisted roaming 11k in advanced tab of wlan edit' select all three option and check again

MHM

MPribadi · ‎12-13-2023

Hi @MHM Cisco World, made new ssid with same configuration (different assigned vlan and ssid name of course) so I won't disrupt production network. I made shorter timeout which is 10 minutes and tried to select all three option. The issue still there. Then tried to unselect all of 3 options with the same result. Tried it on 17.3.7 and 17.9.4a IOS. Now the controller using 17.9.4a version.

When remaining time reached 0, then it returns back to 600 seconds and apple devices (tested with iphone and ipad) are still connecting to the network (until now), but windows and android devices were timeout and we need to relogin using web-auth.

MP

Scott Fella · ‎12-13-2023

Have you tried to disable sleeping client on your test SSID?

-Scott
*** Please rate helpful posts ***

MPribadi · ‎12-13-2023

Hello @Scott Fella, this is solved my problem. Even though the device seems connected to wireless:

But traffic is not passing through:

the device also removed from Client monitoring page. From show wireless client mac detail, i cannot see the mac after the timer reach 0.

xxx-vWLC#show wireless client mac 9ab9.e33d.5375 detail | in Time
Session Timeout : 600 sec (Remaining time: 17 sec)
Session Warning Time : Timer not running
Mobility Complete Timestamp : 12/13/2023 17:52:43 CET
Client Join Time:
Join Time Of Client : 12/13/2023 17:52:43 CET
Client Entry Create Time : 652 seconds
Absolute-Timer : 600
Absolute-Timer : 600
Reassociation Timeout : 20
Client Scan Report Time : Timer not running
xxx-vWLC#show wireless client mac 9ab9.e33d.5375 detail | in time
Idle state timeout : N/A
Session Timeout : 600 sec (Remaining time: 14 sec)
Session timeout : 600
xxx-vWLC#show wireless client mac 9ab9.e33d.5375 detail | in Time

xxx-vWLC#
xxx-vWLC#show wireless client mac 9ab9.e33d.5375 detail | in time

xxx-vWLC#

Many thanks!

MP

Scott Fella · ‎12-13-2023

Apple devices will sleep when the screen is inactive, that is what you are seeing. Once the idle timer is hit, the controller will de-auth the device. Keep in mind why you have sleep clients also, because it might be something you still need.

-Scott
*** Please rate helpful posts ***