Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2059
Views
0
Helpful
6
Replies

What is the default web-auth required timeout period?

Go to solution
hokokshun
Level 1
Level 1

‎10-24-2011 11:57 PM - edited ‎07-03-2021 08:59 PM

Hi,

As according to the cisco config example. (http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml),

it says:

If clients are in Webauth_Reqd state, no matter if they are active or idle, the clients will get de-authenticated after a

web-auth required timeout period (for example, 300 seconds and this time is non-user configurable). All traffic from the client (allowed via Pre-Auth ACL) will be disrupted. If the client associates again, it will move back to the Webauth_Reqd state. If clients are in Webauth_Reqd state, no matter if they are active or idle, the clients will get de-authenticated after a web-auth required timeout period (for example, 300 seconds and this time is non-user configurable). All traffic from the client (allowed via Pre-Auth ACL) will be disrupted. If the client associates again, it will move back to the Webauth_Reqd state.

What is the default web-auth required timeout period stated in the example?

Many thanks.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
pcroak
Cisco Employee
Cisco Employee

‎10-25-2011 03:07 PM

Hello,

Wireless clients that do not complete the web-authentication process will be deauthenticated after a 5 minute period. This timer cannot be configured.

The clients will likely associate right away again, but this behavior will continue until web-authentication is passed.

-Pat

View solution in original post

0 Helpful

Go to solution
Salil Prabhu
Cisco Employee
Cisco Employee

‎10-25-2011 05:24 PM

Hi,

Yes it is 300 seconds and non-configurable to prevent DOS by depleting IP address on Guest wlan/vlan. There is an enhancement request filed esp. for your situation with Pre-auth ACL.

CSCtj32812    DHCP Option to mitigate the problem of guest client rejoining network

Thanks.Salil

CSCtj32812    DHCP Option to mitigate the problem of guest client rejoining network CSCtj32812    DHCP Option to mitigate the problem of guest client rejoining network

View solution in original post

0 Helpful
6 Replies 6

Go to solution
pcroak
Cisco Employee
Cisco Employee

‎10-25-2011 03:07 PM

Hello,

Wireless clients that do not complete the web-authentication process will be deauthenticated after a 5 minute period. This timer cannot be configured.

The clients will likely associate right away again, but this behavior will continue until web-authentication is passed.

-Pat

0 Helpful

Go to solution
Salil Prabhu
Cisco Employee
Cisco Employee

‎10-25-2011 05:24 PM

Hi,

Yes it is 300 seconds and non-configurable to prevent DOS by depleting IP address on Guest wlan/vlan. There is an enhancement request filed esp. for your situation with Pre-auth ACL.

CSCtj32812    DHCP Option to mitigate the problem of guest client rejoining network

Thanks.Salil

CSCtj32812    DHCP Option to mitigate the problem of guest client rejoining network CSCtj32812    DHCP Option to mitigate the problem of guest client rejoining network
0 Helpful

Go to solution
hokokshun
Level 1
Level 1
In response to Salil Prabhu

‎10-25-2011 08:39 PM

Thanks guys for explaining to me. it has been a great help.

Salil, may i ask what is CSCtj32812 which is in your reply? And what do you mean by DHCP Option to lessen the problem?

0 Helpful

Go to solution
Salil Prabhu
Cisco Employee
Cisco Employee
In response to hokokshun

‎10-25-2011 08:51 PM

Hi,

CSCtj32812, is an enhancement bug filed on the WLC to mitigate the problem you are facing.

You can look more details by going over the following link.

Bugtoolkit : http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

The idea what they are trying to use is move the client to RUN state upon utilizing DHCP options send by DHCP server..

Thanks..Salil

http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugsBugbugtoolkit
0 Helpful

Go to solution
hokokshun
Level 1
Level 1
In response to Salil Prabhu

‎10-25-2011 08:57 PM

Thanks Salil...

0 Helpful

Go to solution
Salil Prabhu
Cisco Employee
Cisco Employee
In response to hokokshun

‎10-26-2011 08:08 AM

Thanks . Between if you think this question helped answer you query can you mark this questions as answered so others can benefit when they search.Ofcourse, this also gives credit to folks who responded.

Thanks..Salil

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card