I have configured my 5508 with L3 authen and sleeping client, i have attached the Screenshot. But, i can't get the sleeping client to work. When i tested with iphone and ipad, they kept on losing connection due to timed out (the session time out). How should I configure my WLC for sleeping client?
The user idle timeout works as an "early cleaning feature" before the session time-out has been expired. The sleeping client feature will prohibit this "cleaning" from happening and put the clients in the sleeping client database instead. However, the session time-out is always leading when the client is still connected. Based on your screenshots you have to make the session timeout higher to get the result you are aiming for.
Please rate useful posts... :-)
The configuration is correct, it works perfectly on 8.0.121 version of code. Which version are you running and are you sure that the client is no longer connected and that the user idle timer kicks in instead of the session timeout? You don't have an foreign/anchor construction?
I disconnected the client after successful login for many times, after sometime the record in clients gone (user idle timedout) but i didn't see any record in sleeping client cache. We have only 1 WLC so of course no foreign/anchor.
Any update from your side? I did found out that my Apple iPhone with iOS 9.2 is not being moved to the sleeping client DB when it is powered by charger. Probably the phone is less energy efficient in that mode and due to that more active.
The TAC engineer said that, our AP which is 1131 still run an IOS version of 12. And in order to support Sleeping Client, AP need to run at least IOS version 15.3 (T). I cannot upgrade because of RAM Requirement, that's why it's happening. Gotta change the authen mode to 802.1x.
I am trying to configure the sleeping client only now since we have an increase in clients using ipad on our guest network. Kindly correct me if I am wrong, if I enable Sleeping client and set it to 1440mins, and disable session timeout and client idle time out, it should not ask ipad users to re-authenticate in web-auth, right?
If you don't configure the session timeout on the SSID it will be disabled in your case because it is a "open network". However you cannot disable the user idle timeout due to the default value which needs to be between 15 and 100000 seconds. Keep in mind that the controller has a maximum value regarding how many client sessions it can keep in its memory, once this value has been reached no new clients will be able to associate (for example the 5508 controller can have up to 7000 sessions).
From user perspective the best thing that you can achieve (without a external authentication service) is that the user has to re-authenticate once every day. This can be done by configuring a session timeout of 10 hours and a idle timeout of 4 hours for example. But if the device decides to leave the WiFi network for its 3/4G connection it will send a de-authentication and the session will be removed anyway.
For the best user experience you should consider a guest setup with the use of a external authentication service like ISE. This way the WLC has not longer to act like as the "authentication database" but only the "connected client database" and you can use more "regular" timeouts again.
Please rate useful posts... :-)
Try configuring sleeping client with CLI mode : http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010111.html#task_05D38A9C9C7E468181768BE8A08FC523