Cisco wireless network - guest wlan seems to ask for reauthentication too often

We have three Cisco 5508 wireless controllers managing 75 lightweight access points and 4 WLANS.  We have a guest wlan that has Webpolicy and passthrough used on layer 3 as shown:
passthrough
Also, if I go to the advanced tab, timeout is not enabled as shown:
Timeout
Users have been telling me that the guest session asks them to accept the web based agreement less than an hour later and it doesn't seem to matter where they are on campus.  We have more than adequate coverage in the building with no known deadspots.  In fact, some users that have informed IT of this are people who stay pretty static.

Is there another place to specify where the guest wireless times out and requires another acceptance of the web based use agreement?
LVL 1
Steve BantzIT ManagerAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Cheever000Connect With a Mentor Commented:
All of the above, but I think you are looking for the sleeping clients timer.  See attached link and search the word sleeping if it isn't on that section for the WLC this is specific to the Web authentication re-authentication.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_010111.html
0
 
WinsoupCommented:
Under the "Controller" tab, there is a "User Idle Timeout" which is set to 300 seconds by default so if they're not active for more than 5 minutes it will time out on them.
0
 
Steve BantzIT ManagerAuthor Commented:
I checked that and we have 86400 seconds in that field.

We just discovered a common denominator after researching it more.  It started happening about 3 months ago and only affects iPhones and iPads.  Every device we checked has ios 10 on it, which came out a few months ago.  I am thinking there is a quirk with ios10 and it doesn't like something about our wifi here.  I have read that forgetting the network and rejoining seems to fix it and someone else said disabling WMM on the wlan, but I hate to do that if I can avoid it.
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
Craig BeckCommented:
If you're roaming between APs connected to different WLCs you'll have to reauth on the WLC you just connected to. They won't share auth session info.  This is probably what's happening.
0
 
WinsoupCommented:
You may be on to something...It could just be an iPhone/iPad thing. When they go to sleep it disables the radios on them.

I'm going to test with my controller and iPhone to see if we get the same results. That should help our troubleshooting process.
0
 
WinsoupCommented:
So what I found while doing this is that if I have credentials entered for another WiFi network and then connect to Guest Wireless it will disconnect me from guest wifi after the phone goes to sleep. But once I forget all other networks and then connect to guest wireless it kept me connected and also automatically connected when I came in this morning.
Very strange but seems like more of an issue with Apple than your WLC configuration.
0
 
Steve BantzIT ManagerAuthor Commented:
I would agree that it is definitely tied to Apple ios10.  I did disable WMM on the guest wireless WLAN  and so far so good on that, i.e. the iPhones are staying on the network.  I am going to try your suggestion at some point as well.  I am going to leave WMM disabled today before I do that so I am not testing two things at once.  I have about 6 people testing this out in our facility.  I will update the thread later and thanks for the test you performed.
0
 
masnrockCommented:
One of the iOS updates did start causing havoc on wireless networks everywhere with weird things like that or not even being able to connect. I had the misfortunate of dealing with it on a Meru wireless network, where I somehow doubt that a patch has even occurred yet.

In addition to obviously some workaround settings, some issues funny enough were resolved by simply rebooting the Apples devices.

Anyway, here's another article involving common problems (not all settings are necessarily ones on your controller):
https://supportforums.cisco.com/document/12068941/common-apple-ios-and-cisco-wireless-related-issues
0
 
Steve BantzIT ManagerAuthor Commented:
Seems disabling WMM didn't really do anything.  I am now looking at the sleeping clients timer as noted earlier in the thread.  Our 5508's do not have this setting so I am suspecting it may be part of a newer software revision.  I'm on 7.4.140.0 right now so I will be downloading the latest version to see if this becomes an available setting.  Will update the thread.
1
 
Steve BantzIT ManagerAuthor Commented:
Cisco informed me that sleeping clients are supported in version 8.x so I will be upgrading to that this evening on my controllers.  I will report back.
1
 
Steve BantzIT ManagerAuthor Commented:
So far so good.  I upgraded all 3 controllers to 8.0.140.0, let the lightweight waps update and enabled sleeping clients for 720 minutes on the guest wireless network.  I have noticed that there are a handful of sleeping clients right now out of the 170 associated clients online right now.  I have several employees on guest with their iphones right now to see if this makes a difference.  I haven't had any reports today so I hope this is what does it.
0
 
Steve BantzIT ManagerAuthor Commented:
Just an update.  Updating to 8.0.140.0 and enabling sleeping clients was indeed the solution to the problem.  iPhones are no longer asking to authenticate on guest wifi several times a day.  Thanks for all of the input.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.