Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
867
Views
0
Helpful
6
Replies

LDAP users getting disconnected from the wireless

sobin peter
Level 1
Level 1

‎02-03-2018 06:41 AM - edited ‎07-05-2021 08:12 AM

Hi I have cisco WLC 8540 integrated with LDAP for the user authentication. The authentication is success but the AD users gets disconnecting sometimes and need to login again with the credentials. 

Can someone suggest the troubleshoot to keep the user connected until the password change.

Sobin.

Labels:
0 Helpful
6 Replies 6

Flavio Miranda
VIP
VIP

‎02-03-2018 07:13 AM

Hi

 Take a look here. Look for the LDAP section:

 

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112064-wlc-commands.html#ldap

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

Ric Beeching
Level 7
Level 7

‎02-03-2018 06:52 PM

You can increase the session timeouts significantly which will leave the users connected. At the moment I imagine they have to re-auth every 1800 seconds/30 minutes and that is causing headaches? Alternatively, switch to AD auth to see if that improves performance?

 

Ric

 

-----------------------------
Please rate helpful / correct posts
0 Helpful

sobin peter
Level 1
Level 1
In response to Ric Beeching

‎02-04-2018 12:33 AM

Thanks Ric..

I have disabled the session time out but still the issue is there. 

Is it mandatory to enable the session time out or can it be disable therein the session will not expire?

0 Helpful

Ric Beeching
Level 7
Level 7
In response to sobin peter

‎02-04-2018 01:57 AM

If you disable session timeout it will go to 24 hours (86400 seconds) but still require a re-auth at that point. You will also want to increase your idle timeout if you wish for clients to try and avoid constant re-auth. The max for this is 100000 seconds so as long as it is more than the session timeout you're probably safe!

 

A few downsides to this approach:

 

The WLC database could fill up to its maximum (generally unlikely but depends on deployment)

You will have inaccurate information on connected clients (depends how much you care)

 

Ric

 

 

-----------------------------
Please rate helpful / correct posts
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎02-03-2018 07:15 PM

If you are trying to do a one time auth until the password changes, that is impossible. You can delay the session from timming out by increasing that but everyday they will need to connect back. Like Ric mentioned, you are better off using radius authentication so that users don’t have to enter any info. 

-Scott
*** Please rate helpful posts ***
0 Helpful

sobin peter
Level 1
Level 1
In response to Scott Fella

‎02-04-2018 12:34 AM

Hi Scott

 

I have changed the session delay to 28800. Can it be possible to increase more that value.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card