cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3344
Views
5
Helpful
5
Replies

Cisco 4402 Enable session timeout option

Pavel Zhivaykin
Level 1
Level 1

Hi All,

Cisco 4402 (in WLAN settings -> Advanced) has "Enable session timeout" option.

In datasheet:

Session Timeout - Set the maximum time for a client session before requiring reauthorization. Default = 1800 seconds.

 

What does "reauthorization" mean?

Does it mean that a client will lost all his connections in "reauthorization" time?

Or Is "reauthorization" clear for a client? a client sense/notice something?

1 Accepted Solution

Accepted Solutions

mohanak
Cisco Employee
Cisco Employee

make sure that the session timeout is greater than the client idle timeout, otherwise the sleeping client entry would not be created.

After entering the appropriate login credentials for web-auth, the client get authenticated and moves to RUN state.

Now if the client configured is idle for 300 seconds (default idle timeout value) or disconnects from the WLAN it is connected to, then the client will move to sleeping clients.

Once the client is moved to the Sleeping Clients, the timeout session starts and the remaining time before the client entry is deleted/cleared is displayed.

If the client wakes up or joins back to the same WLAN, it doesn't require re-authentication.

the number of sleeping clients that are remembered has increased to 25000 from the previous 9000. A larger number of sleeping clients are remembered even after waking up, on the wireless network with high-scale Cisco WLCs. This eliminates the need for user intervention to re-enter credentials for a greater number of clients.

View solution in original post

5 Replies 5

Saurav Lodh
Level 7
Level 7

by session timeout, the client entry will be deleted ( same result in forced deletion - driver reset, client shut down ) from the WLC, while client itself not actively closing the connection. After the counter value matches the timeout, client entry is deleted and client has to go from authentication to get re authorized for the connection.

Hi Saurav,

Thank you for your reply.

Now I have understanding about timeouts mechanism.

You mean timeout for idle connections.

But session timeout (in WLAN settings) is only for rekeying PMK. Client doesn't reconnect - connection state is staying in Associated state and a client doesn't lose any connections to services.

Please, correct me if I don't right.

 

Also I want to suggest next articles for other:

http://wireless-richard.blogspot.ru/2012/11/idle-timeout-and-session-timeout-on-wlc.html

https://supportforums.cisco.com/discussion/11216441/wlc-webauth-devices-timeout-and-have-reauth

 

Abhishek Abhishek
Cisco Employee
Cisco Employee

Using the controller GUI or CLI, you can configure a session timeout for wireless clients on a WLAN. The session timeout is the maximum time for a client session to remain active before requiring reauthorization.

mohanak
Cisco Employee
Cisco Employee

make sure that the session timeout is greater than the client idle timeout, otherwise the sleeping client entry would not be created.

After entering the appropriate login credentials for web-auth, the client get authenticated and moves to RUN state.

Now if the client configured is idle for 300 seconds (default idle timeout value) or disconnects from the WLAN it is connected to, then the client will move to sleeping clients.

Once the client is moved to the Sleeping Clients, the timeout session starts and the remaining time before the client entry is deleted/cleared is displayed.

If the client wakes up or joins back to the same WLAN, it doesn't require re-authentication.

the number of sleeping clients that are remembered has increased to 25000 from the previous 9000. A larger number of sleeping clients are remembered even after waking up, on the wireless network with high-scale Cisco WLCs. This eliminates the need for user intervention to re-enter credentials for a greater number of clients.

Abhishek Abhishek
Cisco Employee
Cisco Employee

Using the CLI to Configure a Session Timeout

To configure a session timeout for wireless clients on a WLAN using the controller CLI, follow these steps:


Step 1 Configure a session timeout for wireless clients on a WLAN by entering this command:

config wlan session-timeout wlan_id timeout

The default value is 1800 seconds for the following Layer 2 security types: 802.1X, Static WEP+802.1X, WPA+WPA2 with 802.1X, CCKM, or 802.1X+CCKM authentication key management and 0 seconds for all other Layer 2 security types. A value of 0 is equivalent to no timeout.

Step 2 Save your changes by entering this command:

save config

Step 3 See the current session timeout value for a WLAN by entering this command:

show wlan wlan_id

Information similar to the following appears:

WLAN Identifier.................................. 9

Profile Name..................................... test12

Network Name (SSID)........................... test12 
... 
Number of Active Clients......................... 0

Exclusionlist Timeout............................ 60 seconds

Session Timeout............................... 1800 seconds 
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: