Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
5
Helpful
2
Replies

guestnet -no authentication requested after a user reboots

Go to solution
ppellettiere
Level 1
Level 1

‎06-02-2011 10:25 AM - edited ‎07-03-2021 08:16 PM

On our guest wireless, at times when a user shuts down their laptop

and powers back up they are not asked to re-authenticate.

The only security is a login and password then the user is tunneled

to our 440 in our DMZ then out the internet pipe.

My question is if the user shuts the laptop off then starts it back up

shouldn't they be prompted for the user login and password?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
weterry
Level 4
Level 4

‎06-02-2011 11:18 AM

I assume you are talking about webauth.

You don't want your user to re-webauth every time they roam, right?

So when your client shuts down its laptop, unless it told the AP it was disassociating, then the WLC still think he is a connected client.

When they reboot and connect again, as far as we're concerned the client just "roamed" somewhere else.....

The bottom line is that the Idle Timeout is what cleans up an entry that is no longer associated. By default this is 5 minutes (TYPO earlier), so if you reboot in less than 5 minutes, you'll get connected and stay authenticated.   At which point, the total session timeout is the next authentication period..

So long story short, if you want a reboot to cause clients to fully authenticate again with webauth, you're going to either find a way to tell the client to disassociate properly... or you're going to have to drop your idle timeout to a number that will expire while a client is rebooting....

Make sense?

View solution in original post

2 Replies 2

Go to solution
weterry
Level 4
Level 4

‎06-02-2011 11:18 AM

I assume you are talking about webauth.

You don't want your user to re-webauth every time they roam, right?

So when your client shuts down its laptop, unless it told the AP it was disassociating, then the WLC still think he is a connected client.

When they reboot and connect again, as far as we're concerned the client just "roamed" somewhere else.....

The bottom line is that the Idle Timeout is what cleans up an entry that is no longer associated. By default this is 5 minutes (TYPO earlier), so if you reboot in less than 5 minutes, you'll get connected and stay authenticated.   At which point, the total session timeout is the next authentication period..

So long story short, if you want a reboot to cause clients to fully authenticate again with webauth, you're going to either find a way to tell the client to disassociate properly... or you're going to have to drop your idle timeout to a number that will expire while a client is rebooting....

Make sense?

Go to solution
ppellettiere
Level 1
Level 1
In response to weterry

‎06-02-2011 11:27 AM

Thank You. That makes perfect sense.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card