5760 Session Timeout: To Infinity and beyond!

5760, UA, Unified Access, WLC Leave a comment

If you’re familiar with the advanced tab while configuring a WLAN  on a Cisco (Airespace) WLC, you’ve probably seen the Session Timeout checkbox and corresponding timer value.

This timer is used to setup how long a wireless user can remain connected before reauthentication is required.
While deploying a 5760 to match an existing 4400 controller, I attempted to disable the session timeout, but to no avail.  Let’s look at my simple WLAN I have configured:

Boise3850-IDF#show run wlan
wlan JakeTestWlan 1 JakeTestWlan
 client vlan 12
 security dot1x authentication-list Cisco
 shutdown

No sign of the session timeout in here right?  WRONG!  Let’s check the show wlan: 

Boise3850-IDF#show wlan all

Number of WLANs: 1

WLAN Profile Name     : JakeTestWlan
================================================
Identifier                                     : 1
Network Name (SSID)                            : JakeTestWlan
Status                                         : Disabled
Broadcast SSID                                 : Enabled
Maximum number of Associated Clients           : 0
AAA Policy Override                            : Disabled
Network Admission Control
  NAC-State                                    : Disabled
Number of Active Clients                       : 0
Exclusionlist Timeout                          : 60
Session Timeout                                : 1800 seconds
...


Well crap.  1800 seconds.  Let’s configure a session timeout of 0.  Piece of cake right?  


Boise3850-IDF(config-wlan)#session-timeout ?
    The duration of session in seconds


Hmm, serious?  Ok, time for the no session-timeout.  Just use the “no session-timeout” command. easy stuff. Oh wait?  No change?  really? 




But! But, my other WLAN does it! 


WLAN Profile Name     : JakeTestPSK
================================================
Identifier                                     : 2
Network Name (SSID)                            : JakeTestPSK
Status                                         : Disabled
Broadcast SSID                                 : Enabled
Maximum number of Associated Clients           : 0
AAA Policy Override                            : Disabled
Network Admission Control
  NAC-State                                    : Disabled
Number of Active Clients                       : 0
Exclusionlist Timeout                          : 60
Session Timeout                                : Infinity


Ah, so a quick glance at the 5760 config guide says the following about the session timeout:


The range and default values vary according to the security configuration.  If WLAN security is configured for dot1x, the range is 300 to 86400 and the default is 1800 seconds. For all other WLAN security configurations, the range is 1 to 65535 and the default value is 0.  A value of 0 indicates no session timeout.


I’m not sure if there is a place in the Airespace controller to configure this, maybe it’s a Dot1X timer, but I didn’t find it in the trusty “EAP Timers on Wireless Lan Controllers” doc


		
	


	




	


		
		
			

		
Leave a Reply 





	
	






	

		
Fill in your details below or click an icon to log in:

		
	


	

		

			

				Gravatar
			


				

				
				

					
					

				

				

					
					

				

			

			
		

	


	

		

			

				WordPress.com Logo
			


				

				
				
				
						

			
			You are commenting using your WordPress.com account.			Log Out / 
				Change )
			
			
		

					

	
		

	


	

		

			

				Twitter picture
			


				

				
				
				
						

			
			You are commenting using your Twitter account.			Log Out / 
				Change )
			
			
		

					

	
		

	


	

		

			

				Facebook photo
			


				

				
				
				
						

			
			You are commenting using your Facebook account.			Log Out / 
				Change )
			
			
		

					

	
		

	



	

		
Cancel

		
Connecting to %s