05-27-2015 12:51 AM - edited 07-05-2021 03:18 AM
Hi All,
Cisco 4402 (in WLAN settings -> Advanced) has "Enable session timeout" option.
In datasheet:
Session Timeout - Set the maximum time for a client session before requiring reauthorization. Default = 1800 seconds.
What does "reauthorization" mean?
Does it mean that a client will lost all his connections in "reauthorization" time?
Or Is "reauthorization" clear for a client? a client sense/notice something?
Solved! Go to Solution.
05-28-2015 03:23 AM
make sure that the session timeout is greater than the client idle timeout, otherwise the sleeping client entry would not be created.
After entering the appropriate login credentials for web-auth, the client get authenticated and moves to RUN state.
Now if the client configured is idle for 300 seconds (default idle timeout value) or disconnects from the WLAN it is connected to, then the client will move to sleeping clients.
Once the client is moved to the Sleeping Clients, the timeout session starts and the remaining time before the client entry is deleted/cleared is displayed.
If the client wakes up or joins back to the same WLAN, it doesn't require re-authentication.
the number of sleeping clients that are remembered has increased to 25000 from the previous 9000. A larger number of sleeping clients are remembered even after waking up, on the wireless network with high-scale Cisco WLCs. This eliminates the need for user intervention to re-enter credentials for a greater number of clients.
05-27-2015 05:23 AM
by session timeout, the client entry will be deleted ( same result in forced deletion - driver reset, client shut down ) from the WLC, while client itself not actively closing the connection. After the counter value matches the timeout, client entry is deleted and client has to go from authentication to get re authorized for the connection.
05-27-2015 08:30 AM
Hi Saurav,
Thank you for your reply.
Now I have understanding about timeouts mechanism.
You mean timeout for idle connections.
But session timeout (in WLAN settings) is only for rekeying PMK. Client doesn't reconnect - connection state is staying in Associated state and a client doesn't lose any connections to services.
Please, correct me if I don't right.
Also I want to suggest next articles for other:
http://wireless-richard.blogspot.ru/2012/11/idle-timeout-and-session-timeout-on-wlc.html
https://supportforums.cisco.com/discussion/11216441/wlc-webauth-devices-timeout-and-have-reauth
05-27-2015 08:16 PM
Using the controller GUI or CLI, you can configure a session timeout for wireless clients on a WLAN. The session timeout is the maximum time for a client session to remain active before requiring reauthorization.
05-28-2015 03:23 AM
make sure that the session timeout is greater than the client idle timeout, otherwise the sleeping client entry would not be created.
After entering the appropriate login credentials for web-auth, the client get authenticated and moves to RUN state.
Now if the client configured is idle for 300 seconds (default idle timeout value) or disconnects from the WLAN it is connected to, then the client will move to sleeping clients.
Once the client is moved to the Sleeping Clients, the timeout session starts and the remaining time before the client entry is deleted/cleared is displayed.
If the client wakes up or joins back to the same WLAN, it doesn't require re-authentication.
the number of sleeping clients that are remembered has increased to 25000 from the previous 9000. A larger number of sleeping clients are remembered even after waking up, on the wireless network with high-scale Cisco WLCs. This eliminates the need for user intervention to re-enter credentials for a greater number of clients.
06-01-2015 11:16 PM
To configure a session timeout for wireless clients on a WLAN using the controller CLI, follow these steps:
Step 1 Configure a session timeout for wireless clients on a WLAN by entering this command:
config wlan session-timeout wlan_id timeout
The default value is 1800 seconds for the following Layer 2 security types: 802.1X, Static WEP+802.1X, WPA+WPA2 with 802.1X, CCKM, or 802.1X+CCKM authentication key management and 0 seconds for all other Layer 2 security types. A value of 0 is equivalent to no timeout.
Step 2 Save your changes by entering this command:
save config
Step 3 See the current session timeout value for a WLAN by entering this command:
show wlan wlan_id
Information similar to the following appears:
WLAN Identifier.................................. 9
Profile Name..................................... test12
Network Name (SSID)........................... test12 ... Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout............................... 1800 seconds
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: