cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
651
Views
0
Helpful
4
Replies

Wireless client re-authenticates occasionally

steelhalcon
Level 1
Level 1

I have 3 WLC 4402 controller connected to an ACS Server and Cisco 1252G AP. Previuosly the wireless networks works fine but for two weeks now most of the clients experiencing reauthentication frequently, Some experience it every 5 mins even if they are browsing or idle and not moving. I've check the session time out settings in the wlc and it was configured for 30 mins as default. I have around 900 student clients connecting every day. I've tried removing the web authentication security policy and it works ok but when I apply it again, the same problem occurs. Kindly advise me what to do to solve the problem.

4 Replies 4

Amjad Abdullah
VIP Alumni
VIP Alumni

What do you mean by "reauthentication"? The users are getting redirected to the web-auth page?
Note that the user idle-timeout on the WLC is 5 minutes (300 seconds) by default. If a user is idle for 5 minutes s/he is going to be disconnected and his/her sessoin times out.

User idle timeout is configurable in GUI from under Controller tab -> General.

or form CLI:

config network usertimeout

Hope this helps,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Yes, wireless clients were prompted again with the web authentication page sometimes every 5 mins even when they are browsing. I tried to increase the idle time settings in the controller to 10 mins. Im now checking the clients feedback or if the same problem occur. thank you for replying.

increae "arp idle timeout" from same page.

This will probably mitigate your issue.

If not, please proceed wiht the below:

enable debug client on the controller for one of the clients and wait for the problem to happen.

- CLI (ssh/telnet) to the WLC.

- stop session timeout (session timeout 0).

- log the session to a file.

- Make sure one of the problematic clients is already connected and authenticated to web-auth.

- enable debug client (debug client )

- wait until the problem experience the disconnection.

then, attach the file of the debugs to give it a look.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Scott Fella
Hall of Fame
Hall of Fame

You really should increase the session timeout and the idle timer to a higher value. I would set the session timer around 4-8 hours or more and the idle timer to 2 hours.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Review Cisco Networking for a $25 gift card