Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
946
Views
0
Helpful
5
Replies

Problems with re authentications in a wireless with WLC working with web authentication and a radius server

Luis Perez
Level 1
Level 1

‎12-17-2012 01:20 PM - edited ‎07-03-2021 11:14 PM

Hi everyone, im having problems in a wireless network, the SSID has security layer 2 WPA, layer 3 web authentication (internal default page), and external RADIUS.

When a client makes a roaming from one AP to another one or when he has a idle time, he needs to re authenticate in the web login page. Somebody knows a solution to avoid this behavior?. Or somebody has a troubleshooting way to determine why the clients have this problems??

Labels:
0 Helpful
5 Replies 5

George Stefanick
VIP Alumni
VIP Alumni

‎12-17-2012 01:26 PM

Luis there are a few things going on ..

The session time out or the user idel timeout if traggered will ALWAYS prompt you to do a webauth. Should should consider extending these timers as needed.

As for roaming. Do you have more than 1 WLC and if so are the APs on different controllers. if so, check the mobility groups.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Luis Perez
Level 1
Level 1
In response to George Stefanick

‎12-17-2012 01:47 PM

Hi George, i have disabled the session timeout in the SSID and i have changed the idle timeout to the maximum value 100000, but hte problem is in time space less than the valu configured.

For roaming i have two controllers and the mobility group is configured, the problem that i have is in also between APs registered in the same controller, the clients moves to another closer AP and he needs re authentication

0 Helpful

George Stefanick
VIP Alumni
VIP Alumni
In response to Luis Perez

‎12-17-2012 01:55 PM

if you disabled the session timeout we can cross that off the list. As for the idle timeout, this largely comes into play with ipads and such.

you are saying, even when romaing from an ap to another ap on the same controller you are getting the page ?

does the client have any loss of wireless connectivity between the roams?

are all devices doing it ?

Does it happen every time?

Can you reproduce it ?

Has it ever worked ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Luis Perez
Level 1
Level 1
In response to George Stefanick

‎12-17-2012 02:18 PM

Yes George i have the problem with re authentication in the web login page even the two APs are in the same controller, some clients have loss of connection between roams but not all, the problems are in some devices and the period of time when the problem happen is not a constant. I´ve tried to reproduce the problem in my laptop sometimes but never have done, my customer have had this problem for a long long time, but i think is a problem of the design whit the quantity and location of aps, is posible this thing??? how i can demostrate my customer that the problem is the design and the actual location of the APs

0 Helpful

George Stefanick
VIP Alumni
VIP Alumni
In response to Luis Perez

‎12-17-2012 02:29 PM

A few things I can share that might help .. Your actually feet on the ground will be importnat to see this issue for yourself.

I know when a client or if the AP sends a DEAUTH frame the client will need to reestablish its connection and it will 100% of the time require a new web auth. If a client loses connection while roaming and a DEAUTH is sent on either side you will get the page. If youre client isnt romaing cleanly this can be a problem.

Another problem is your using EAP. Are you using CCK or a device that supports OKC. What does your radius server say when a client roams ?

You could also simply your config and then reapply your security and see where it breaks. By this I mean. For testing, create a SSID turn off security and leave layer 3 web auth on. Roam and see what happens. If it works, then start to apply the security and see where it breaks.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card