cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
641
Views
0
Helpful
5
Replies
Luis Perez
Beginner

Problems with re authentications in a wireless with WLC working with web authentication and a radius server

Hi everyone, im having problems in a wireless network, the SSID has security layer 2 WPA, layer 3 web authentication (internal default page), and external RADIUS.

When a client makes a roaming from one AP to another one or when he has a idle time, he needs to re authenticate in the web login page. Somebody knows a solution to avoid this behavior?. Or somebody has a troubleshooting way to determine why the clients have this problems??

5 REPLIES 5

Luis there are a few things going on ..

The session time out or the user idel timeout if traggered will ALWAYS prompt you to do a webauth. Should should consider extending these timers as needed.

As for roaming. Do you have more than 1 WLC and if so are the APs on different controllers. if so, check the mobility groups.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Hi George, i have disabled the session timeout in the SSID and i have changed the idle timeout to the maximum value 100000, but hte problem is in time space less than the valu configured.

For roaming i have two controllers and the mobility group is configured, the problem that i have is in also between APs registered in the same controller, the clients moves to another closer AP and he needs re authentication

if you disabled the session timeout we can cross that off the list. As for the idle timeout, this largely comes into play with ipads and such.

you are saying, even when romaing from an ap to another ap on the same controller you are getting the page ?

does the client have any loss of wireless connectivity between the roams?

are all devices doing it ?

Does it happen every time?

Can you reproduce it ?

Has it ever worked ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Yes George i have the problem with re authentication in the web login page even the two APs are in the same controller, some clients have loss of connection between roams but not all, the problems are in some devices and the period of time when the problem happen is not a constant. I´ve tried to reproduce the problem in my laptop sometimes but never have done, my customer have had this problem for a long long time, but i think is a problem of the design whit the quantity and location of aps, is posible this thing??? how i can demostrate my customer that the problem is the design and the actual location of the APs

A few things I can share that might help .. Your actually feet on the ground will be importnat to see this issue for yourself.

I know when a client or if the AP sends a DEAUTH frame the client will need to reestablish its connection and it will 100% of the time require a new web auth. If a client loses connection while roaming and a DEAUTH is sent on either side you will get the page. If youre client isnt romaing cleanly this can be a problem.

Another problem is your using EAP. Are you using CCK or a device that supports OKC. What does your radius server say when a client roams ?

You could also simply your config and then reapply your security and see where it breaks. By this I mean. For testing, create a SSID turn off security and leave layer 3 web auth on. Roam and see what happens. If it works, then start to apply the security and see where it breaks.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Content for Community-Ad