cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
718
Views
5
Helpful
2
Replies

guestnet -no authentication requested after a user reboots

ppellettiere
Level 1
Level 1

On our guest wireless, at times when a user shuts down their laptop

and powers back up they are not asked to re-authenticate.

The only security is a login and password then the user is tunneled

to our 440 in our DMZ then out the internet pipe.

My question is if the user shuts the laptop off then starts it back up

shouldn't they be prompted for the user login and password?

1 Accepted Solution

Accepted Solutions

weterry
Level 4
Level 4

I assume you are talking about webauth.

You don't want your user to re-webauth every time they roam, right?

So when your client shuts down its laptop, unless it told the AP it was disassociating, then the WLC still think he is a connected client.

When they reboot and connect again, as far as we're concerned the client just "roamed" somewhere else.....

The bottom line is that the Idle Timeout is what cleans up an entry that is no longer associated. By default this is 5 minutes (TYPO earlier), so if you reboot in less than 5 minutes, you'll get connected and stay authenticated.   At which point, the total session timeout is the next authentication period..

So long story short, if you want a reboot to cause clients to fully authenticate again with webauth, you're going to either find a way to tell the client to disassociate properly... or you're going to have to drop your idle timeout to a number that will expire while a client is rebooting....

Make sense?

View solution in original post

2 Replies 2

weterry
Level 4
Level 4

I assume you are talking about webauth.

You don't want your user to re-webauth every time they roam, right?

So when your client shuts down its laptop, unless it told the AP it was disassociating, then the WLC still think he is a connected client.

When they reboot and connect again, as far as we're concerned the client just "roamed" somewhere else.....

The bottom line is that the Idle Timeout is what cleans up an entry that is no longer associated. By default this is 5 minutes (TYPO earlier), so if you reboot in less than 5 minutes, you'll get connected and stay authenticated.   At which point, the total session timeout is the next authentication period..

So long story short, if you want a reboot to cause clients to fully authenticate again with webauth, you're going to either find a way to tell the client to disassociate properly... or you're going to have to drop your idle timeout to a number that will expire while a client is rebooting....

Make sense?

Thank You. That makes perfect sense.

Review Cisco Networking for a $25 gift card