Solved: logout user session

alkabeer80 · ‎12-05-2012

Hi,

I have Cisco Controller 5508 and NAC Guest, users login through web authentication after successful login, popup screen displayed for logout, most of the users close this webpage and they are not able to logout.

Is there anyway i can logout user from session from controller,

thanks

Amjad Abdullah · ‎12-09-2012

I don't think TAC case will help opening a PER request.

You better to contact your account manager or account team in order to file a PER (Product Enhancement Request).

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

View solution in original post

Saravanan Lakshmanan · ‎12-09-2012

issue: closing webauth logout popup window doesn't terminate the webauth session for that user.

Admin expecting to have the webauth session to terminate as soon as they close logout popup. So that the same user can logon using the same credentials on different pc/device. currently using one session per user. Until 7.3.x.x WLC does nothing when logout popup is closed. By adming, it is hard to chase the MAC address of that user to manually remove the client.

[it is possible to achieve what you're trying, if WLC has the ability to list the client(s) using the username, again if multiple clients are shown how does we pin point the specific one. in this case with one user per session then yes something like this may work - WLC>show client detail ]

Bottomline: Have seen most hotspot vendor software logsout the user as soon as the logout popup closed, only way to get the logout popup back is by login again, it is a geniune ask.

I've created an internal enchancement for this issue. Please open a TAC case(also, see is any config options on wlc/wcs address this) to get the bug info by providing this link. And involve your AM to drive the same.

View solution in original post

Scott Fella · ‎12-05-2012

From the WLC you can click on the monitor tab then clients and the on the client hover the mouse over the blue triangle on the right and choose remove. That will remove the client from the WLC.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎12-05-2012

You can also set the idle timeout. This will timeout the client after X seconds which is the value you set when the client is idle which also can force them to log back on. So if you set it for 1 hour, they can still connect to the network if they left for a little bit but after the allocated time, they will have to log back in.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

alkabeer80 · ‎12-05-2012

Hi Scott,

I check WLC, it shows MAC address of client, how i can see user name loged in.

thanksssssssss

Saravanan Lakshmanan · ‎12-06-2012

I have Cisco Controller 5508 and NAC Guest, users login through web authentication after successful login, popup screen displayed for logout, most of the users close this webpage and they are not able to logout?

//What you're seeing is expected, closing the sebauth logout popup windows doesn't terminate the webauth session for that user. Does it logout the user when they hit logout.

//While creating local user you can specify time limit for each users. the user will be deleted once the timer got expired.

//briefly explain what you're trying to do.

alkabeer80 · ‎12-08-2012

Hi,

I am trying to manual logout user ( either using GUI or CLI) , after the employee close the logout page, he directly report to IT that he cannot login to other device using his wireless credentials (since it is only one user session allowed), so IT people should clear the session for him in order to allow him to login again.

if the user does not close the logout page, he can logout sucussfully.

thanks

Saravanan Lakshmanan · ‎12-08-2012

Check the first post from Scott to remove the client from GUI manually.

to remove client from cli, WLC>config client deauth

Use below feature to avoid removing the client manually.

Multiple sessions possible for single user. this way same user need not to logout to login from different pc/device.

Security>> AAA User Login Policies>> Max Concurrent Logins for a User name>> value between 0 & 8 is allowed. 0 = unlimited.

Saravanan Lakshmanan · ‎12-08-2012

You could ask the end user not to close the logout popup window. once closed, Logout popup won't show until the user disconnect and reconnect to the webauth ssid. Are you expecting to logout as soon as the user closes the logout page??

alkabeer80 · ‎12-08-2012

hi, I cant force each user not to close the logout page ( mainly non IT people and Managment), the case is page is closed.

As and IT guy i need to logout this session, so that he can use it in another device.

Can i logout these users ??? How (using GUI and CLI)

I am expecting to logout user as he closes the page.

thanks

Saravanan Lakshmanan · ‎12-08-2012

As and IT guy i need to logout this session, so that he can use it in another device.

//increase the 'Max Concurrent Logins for a User name', this way the same user can login to multiple devices.

Can i logout these users ??? How (using GUI and CLI)

//see my previous post for steps.

I am expecting to logout user as he closes the page.

//this doesn't happen. you need to open TAC case to request enhancement.

alkabeer80 · ‎12-09-2012

Hi Saravanan,

Thanks for all your help, I thought cisco has some functionality to logout wireless users manually, there are some scenarios that i need to control (logout) user from wlc (not using MAC address), i think i will open case with cisco and check what are the possiblities.

thankssssssssssssssssssssssssssssssssssssss :):)

Amjad Abdullah · ‎12-09-2012

I don't think TAC case will help opening a PER request.

You better to contact your account manager or account team in order to file a PER (Product Enhancement Request).

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Saravanan Lakshmanan · ‎12-09-2012

you're right, TAC doesn't drive enhancement requests however it can file enhacement requests, cisco AM will follow up to get this fixed on upcoming release is my understanding.

Saravanan Lakshmanan · ‎12-09-2012

issue: closing webauth logout popup window doesn't terminate the webauth session for that user.

Admin expecting to have the webauth session to terminate as soon as they close logout popup. So that the same user can logon using the same credentials on different pc/device. currently using one session per user. Until 7.3.x.x WLC does nothing when logout popup is closed. By adming, it is hard to chase the MAC address of that user to manually remove the client.

[it is possible to achieve what you're trying, if WLC has the ability to list the client(s) using the username, again if multiple clients are shown how does we pin point the specific one. in this case with one user per session then yes something like this may work - WLC>show client detail ]

Bottomline: Have seen most hotspot vendor software logsout the user as soon as the logout popup closed, only way to get the logout popup back is by login again, it is a geniune ask.

I've created an internal enchancement for this issue. Please open a TAC case(also, see is any config options on wlc/wcs address this) to get the bug info by providing this link. And involve your AM to drive the same.