Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1288
Views
5
Helpful
1
Replies

Web Authentication Behavior and Timeouts

Andy Ruiz Inami
Level 1
Level 1

‎10-29-2021 03:36 PM - edited ‎10-29-2021 04:24 PM

Greetings!

 

I have some doubts about the behavior of a scenario with Web Authentication and Timeouts configured. In this company there is an SSID with Web Authentication and it has the following timers configured:

 

Session Timeout.................................. 28800 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 720 minutes
Sleep Client Auto Auth Feature................... Enabled

.

.

Web Authentication Timeout.................... 300

.

.

PMF........................................... Disabled

PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60

.

.

802.11v BSS Transition Disassoc Timer............ 200
802.11v BSS Transition OpRoam Disassoc Timer..... 40

.

.

11ax Target Wake Time............................ Enabled

.

.


1. Is it normal behavior for a user to disconnect from the SSID and after a few minutes reconnect and be asked for credentials?

2. If the above is expected, however, I have noticed that I can disconnect from that SSID and when I reconnect it has not asked me for credentials, how long do I have to wait for that to happen?

3. I also noticed the session timeout is independent of whether the user is currently using the network or not? that is, I'm working using the Internet but after 8 hours it logs me out of the session and I have to enter my credentials again. I assume I have to increase the session timeout.

4. What are the best practices for configuring wlan timers? Are there other timers, apart from what I mentioned above, in play?

 

Thanks

0 Helpful
1 Reply 1

Arshad Safrulla
VIP Alumni
VIP Alumni

‎10-29-2021 10:03 PM

1. No. 

2. You have idle timeout and sleeping client disabled. So only until session timeout.

3 & 4. You can set the session timeout as per your business requirements. There is no industry standard. You also need to understand how these timers work. 

 

Session Timeout - This will make sure that the Wireless client is deauthenticated after the set timer even it is actively transmitting and receiving data.

Idle Timeout - This is there to make sure that the wireless client is deauthenitcated after client is idle for certain time, where the time is defined in the WLC.

Web Authentication Timeout - If the user has not completed the web auth he will be prompted a new login page after the defined timer.

Sleeping client - Once the user complete the web auth how long controller has to remember the client. Sleeping client doesnt work for CWA.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card