Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1048
Views
0
Helpful
7
Replies

Internet Speed issues with CISCO WLC 2504 only in External web-authentication

aturak
Level 1
Level 1

‎02-06-2017 08:29 PM - edited ‎07-05-2021 06:31 AM

Hi Team,

We are facing Internet speed issue in our lab with CISCO WLC 2504.

Setup: Switch>>Cisco WLC>>AP

When using external web-authentication, clients are experiencing slow internet connection with De-authentication within 20-30 minutes.

We are Using WPA+ web passthrough security, if we remove Layer3 and only keep layer2 then everythings works fine.

Any Help??

Thanks,

Abhishek Turak

Labels:
0 Helpful
7 Replies 7

Prateek Saxena
Cisco Employee
Cisco Employee

‎02-08-2017 07:29 AM

For the de-auhentication go to SSID->Advanced and check if Session Timeout value is configured. By default it is 1800 sec that will be 30 min.

For slow internet make check on what radio the client is connecting to and on which data rate. Also check the RSSI and SNR values. you can use "show client detail <mac_addr>" to check he statistics.

0 Helpful

aturak
Level 1
Level 1
In response to Prateek Saxena

‎02-08-2017 11:50 PM

Hi,

Thanks for your reply.

The issue with slow-internet speed is only observed with External web-authentication in layer3, with internal WPA-WEP layer2  everything works fine.

Thanks,

Abhishek

0 Helpful

aturak
Level 1
Level 1
In response to aturak

‎02-08-2017 11:51 PM

One more thing, we are using Layer2+layer3 Authentication, can it cause this issue?

WPA+Webpassthrough.

Thanks,

Abhishek

0 Helpful

Prateek Saxena
Cisco Employee
Cisco Employee
In response to aturak

‎02-09-2017 04:48 AM

No it should not. Are you using ISE and any overrides?

0 Helpful

aturak
Level 1
Level 1
In response to Prateek Saxena

‎02-09-2017 07:42 PM

I am Using DHCP override at WLan

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to aturak

‎02-09-2017 06:47 AM

Just to add also... here is a good matrix on supported layer 2/3:

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/106082-wlc-compatibility-matrix.html#matrix

To be honest, I would not implement layer 2 when using webauth at all.  Using psk for guest just causes more issues with clients trying to access the guest network and many people do not understand how to set a psk properly or at all.

As far as throughout, disable your session timer and use slapping client or else increase your idle timer. The idle timer has to be lower than the session timer for it to work. With newer code versions, use sleeping client and leave idle timer at default. 

It also seems that you have isolated the issue.  If you break it up, things work well. Now you would need to isolate it more and test multiple clients and see if it's a client issue or not.

-Scott 

*** Please rate helpful posts *** 

-Scott
*** Please rate helpful posts ***
0 Helpful

aturak
Level 1
Level 1
In response to Scott Fella

‎02-10-2017 08:41 PM

Hi Scott,

We did testing yesterday and found that the issue is only seen with other Vlan, with management Vlan and layer3 security only client are able to get the External authentication server portal page and with smooth browsing.

But with the Other Vlan, DNS is not resolving the domain of our external web-authentication server. Here is the Flow

1. DNS server 8.8.8.8

2. Clients are trying to connect to SSID and getting IP address from DHCP.

3. When trying to browse, they are getting URL of our external web-authentication server for authentication.

4. But portal page is not getting served and client are getting errors as" No internet connection".

What can be the reason with this Vlan??

Thanks,

Abhishek Turak

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card