Re: WCS 4402 session timeout

pcanters · ‎04-30-2007

I was wondering if anyone knows the answer to this.

I am using a 4402 and on my guest WLAN there is a session timeout value. I am not using the web authentication.

After 10 mins of inactivity, I want to drop the session or re-authenticate the client. This appears to be happening behind the scenes. Is there anywhere that I can tell that the re-auth is happening ??

Either on the client or on the 4402 ?

I need some sort of way to prove that this is actually happening and not just smoke and mirrors.

Does anyone know where I can find this.

Thanks in Advance for the help !

Rob Huffman · ‎04-30-2007

Hi Pieter,

On the WLC

The session timeout parameter in the WLAN > Edit page can be used to accomplish this. By default the session timeout parameter is configured for 1800 seconds before a reauthentication happens.

Change this value to 600 seconds in order to make the client reauthenticate after ten minutes.

WLANs > Edit

This page allows you to edit the configurable parameters for a WLAN. The WLAN ID and WLAN SSID are displayed at the top of the page.

Session Timeout

Set the maximum time for a client session before requiring reauthorization. Default = 1800 seconds.

From this doc;

http://www.cisco.com/en/US/products/ps6366/products_user_guide_chapter09186a00805a6b28.html#wp1040213

Hope this helps!

Rob

pcanters · ‎04-30-2007

Rob,

Thanks for your response.

One last follow up question

Is there any way that I can verify that this re-authentication is actually happening on either the WLC or on the client itself ?

The setting seems to indicate that this re-authentication is supposed to happen but I need to corroborate in some way that this is truly occuring.

Pieter

Rob Huffman · ‎05-01-2007

Hi Pieter,

That is an excellent question! If you know the Client mac you could probably use this;

(Cisco Controller) >show client detail 00:40:96:a9:fa:a0

Client MAC Address............................... 00:40:96:a9:fa:a0

Client Username................................. N/A

AP MAC Address................................... 00:0b:85:23:cc:50

Client State..................................... Associated

Wireless LAN Id.................................. 1

BSSID............................................ 00:0b:85:23:cc:50

Channel.......................................... 36

IP Address....................................... Unknown

Association Id................................... 1

Authentication Algorithm......................... Open System

Reason Code...................................... 0

Status Code...................................... 0

Session Timeout.................................. 1800

Re-Authentication Timeout........................ 1800

Remaining Re-Authentication Time................. 1790

QoS Level........................................ Silver

Diff Serv Code Point (DSCP)...................... disabled

802.1P Priority Tag.............................. disabled

Mobility State................................... Export Foreign

Mobility Anchor IP Address....................... 40.1.3.10

Mobility Move Count.............................. 0

Security Policy Completed........................ Yes

Policy Manager State............................. RUN

Policy Manager Rule Created...................... No

Policy Type...................................... N/A

Encryption Cipher................................ None

EAP Type......................................... Unknown

Interface........................................ guest-vlan

VLAN............................................. 60

From this doc;

http://www.cisco.com/en/US/products/ps6366/prod_technical_reference09186a0080706f5f.html#wp1111008

Hope this helps!

Rob

pcanters · ‎05-02-2007

Thanks Rob !!

The whole thing is vague but this ought to work.