How to configure Web Authentication Persistent on Cisco WLC?

--> Recently after implementing the Wireless Network and Web Authentication via LDAP Server on a Cisco Wireless LAN controller – 2504 I had an issue where after approximately every half an hour wireless user would disconnect and they would have to go through the Web Authentication again.

--> I want to keep the user session persistent similar in the hotels so once users disconnected from their phones or laptops when they reconnect I don't want them to go through the web authentication again.

--> In order to keep the user session persistent, we need to change EAP Key timeout in Cisco WLC.

--> The Solution is to increase the broadcast key time interval in Cisco WLC.

--> Cisco WLC tries to send this key 3 times and after the 3rd time it gives up and considers the client not active anymore and sends a de-authentication packet, next Cisco WLC removes the client completely from the database.



--> Hence that's why when the wireless client comes back online, they have to go through the Web Authentication Page again because the key they have is old and is not valid anymore.

--> Broadcast key time can only be changed using CLI, as this option is not available on GUI.

--> The following command is used to configure Broadcast Key time in WLC.

config advanced eap bcast-key-interval seconds

--> Once the command is applied on WLC, it applies to all WLAN's configured in WLC.

--> The maximum time for the Broadcast key is 24 hours.

Md.Kareemoddin

CCIE # 54759





0 Comments