01-16-2012 08:56 AM - edited 07-03-2021 09:23 PM
Hi All
I have 2 WiSM blades with all 4 controllers running version 7.0.98.0 code. Each controller is responsible for a floor of a building.
If I connect to the first floor I get the correct IP address on a test laptop.
I then disconnect the laptop wireless and move to a different floor and enable the wireless adaptor again.
When the wireless connects it has kept the IP address from the 1st floor controller.
Even if I disconnect the client wireless and monitor the controller that it was connected to the controller still shows the client in the client list. The only way it will disappear is if I remove the client from the controller page.
Whilst this doesn't cause an operational issue it isn't right. The client appears to stick to a controller and will not be disassociated even if the client wireless adaptor is disabled. The logs don't even show the client being de-authenticated.
Anybody seen this before?
Regards
Roger
Solved! Go to Solution.
01-16-2012 09:06 AM
this is working as designed.
The client will retain the IP address that it got even if you disconnect until the entry has been removed from the MSCB. Either by you removing it manually or the user idle timeout expires, default of 5 minutes.
Steve
Sent from Cisco Technical Support iPhone App
01-16-2012 09:00 AM
If you reset your wireless and you don't actually connect to a 1st floor ap even though you are on the 2nd floor, you should get an ip from the wlc that controls the 2nd floor. Verify that you connect to the correct AP
Thanks,
Scott Fella
Sent from my iPhone
01-16-2012 09:06 AM
If you wanted to have client be placed on a different subnet per floor, why not use AP Groups. How you have it setup, there will be mobility roaming between the different wlcs. If you use AP Groups, then you can manage the ap primary, secondary and or tertiary WLC.s With AP Groups, you can specify AP's on floor 1 will have these ssid's and be mapped to these interfaces, AP's on floor 2 will have these ssid's and be mapped to these interfaces. Makes it easy.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml
http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch2_Arch.html#wp1028169
01-16-2012 01:27 PM
Guys
Connecting to the wrong AP is not the issue and neither is AP Groups. I am using AP Groups successfully already.
Stephen has hit the nail on the head with the user idle timeout value being at a default value of 5 minutes. Is there a command to change the default user idle timeout value? I can't find it anywhere.
Thanks for the comment about the code version - I'll look at 7.0.220.0 although I was going to use 7.0.116.0
Regards
Roger
01-16-2012 09:06 AM
this is working as designed.
The client will retain the IP address that it got even if you disconnect until the entry has been removed from the MSCB. Either by you removing it manually or the user idle timeout expires, default of 5 minutes.
Steve
Sent from Cisco Technical Support iPhone App
01-16-2012 01:26 PM
To add to what Steve is saying:
Most wireless clients don't send a disassociate or deauth, and even if they did, I believe the WLC is programmed to ignore it (in case of spoofed attack). If your client shuts down, he will remain on the WLC for the Idle Timeout period (default 5 minutes).
If at any point in time within this 5 minutes the client comes up on any other WLC that is mobility-aware of the original WLC, there will be a mobility handoff and your client will work with its original IP. This is completely expected behavior and in most ideas consider a feature (real feature, not bug "feature").
If you dont want roaming between floors, then break mobility between the floors... But I think that would be worse practice.
01-16-2012 09:22 AM
Roger -- Unrelated to your issue but 7.0.98.0 is pretty buggy ... You might want to look at testing 7.0.220.0 code.
Here is a video on AP groups to better understand the concept.
http://www.my80211.com/cisco-wlc-labs/2009/3/22/cisco-ap-group-nugget.html
01-16-2012 01:30 PM
Guys
Connecting to the wrong AP is not the issue and neither is AP Groups. I am using AP Groups successfully already.
Stephen has hit the nail on the head with the user idle timeout value being at a default value of 5 minutes. Is there a command to change the default user idle timeout value? I can't find it anywhere.
Thanks for the comment about the code version - I'll look at 7.0.220.0 although I was going to use 7.0.116.0
Regards
Roger
01-16-2012 01:34 PM
You would have to change the idle timeout then you can't change a user timeout.
Sent from Cisco Technical Support iPhone App
01-16-2012 02:11 PM
Can this be changed from the CLI or the GUI? I can't see a CLI command.
Regards
Roger
01-16-2012 02:17 PM
On the GUI it's under the controller tab. I don't know the CLI command off hand.
Thanks,
Scott Fella
Sent from my iPhone
01-16-2012 03:17 PM
config network usertimeout
Thanks,
Scott Fella
Sent from my iPhone
01-16-2012 04:20 PM
Normally this gets tuned the other way (longer duration timeout). I dont know of many folks tuning it down. You may want to monitor your logs and clients.
01-16-2012 03:37 PM
be careful how much you lower the idle timeout. You may cause unnecessary authentications if you put it too low.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide