Cisco Wireless :: AIR-CT5508-K9 - AP01 Connection Bounce Due To WLAN Session Timeout
Jul 30, 2012
When a client connecting to a specific AP (example AP01), after every 1800 sec uptime it will reconnect and join other unit AP (example AP02)Both AP physically installed distance is around 6 meters from each other. I conduct the testing where i get myself sitting in middle between these two APs.
01. If i disable settsion timeout this feature, or setting the seconds become higher value, what's the performance and security impact? Is it recomend to change the default 1800 seconds session timeout?
02. Is there anyway i can tweak on WLC controller to prevent the client after session timeout then associate with another AP. This will lead major performance impact as the client woudl possibility connect to the weak signal AP and effect on the performance.
These are the details for reference:Client detail
- Dell DW1520 wireless-N WLAN card, with firmware version 5.100.235.12
- CCX version 4 supported
- Layer 2 security is WPA2 personal with PSK.
- wireless radio an
Controller detail:
model is AIR-CT5508-K9
software version is 7.2.110.0
View 4 Replies
ADVERTISEMENT
Jun 11, 2012
Q: a client has a network with 60 AP's controlled by a AIR-CT5508-50-K9 (+ L-LIC-CT5508-25A) with a redundant power supply. Can he get full redundancy by purchasing a second controller? If he purchases one, can he bring it into the network? What about the extra license for 25 extra AP's installed on the first controller?
View 4 Replies
View Related
Jan 28, 2013
Whether we can configure HA between AIR-CT5508-100-K9 and AIR-CT5508-25-K9. Or we should require this AIR-CT5508-HA-K9 ?
View 6 Replies
View Related
Jun 4, 2012
I have inherited the support of an ASA5520 running 8.0(3)12 code and I believe I have a pretty simple question here that I haven't been able to figure out on my own. I have a few users that connect to the box via IPSEC VPN client connections. They want to be able to leave up a RDP based connection, for monitoring purposes, for a most of the day, but thier RDP connection keeps getting discounnted after a few hours. The VPN connection never gets disconnected, just the RDP session running through it. I have another box running 8.0(4) code and they can leave up the RDP sessions as long as they like without getting disconnected from the server(s). I have compared the configs of both boxes and don't see any glsring differences in regards to the configuration that would cuase the RDP sessions to either to stay up or be disconnected after an inactivity type scenario.
What to look for in regards to identifying the timer that is disconnecting the RDP session after a period of time.
View 2 Replies
View Related
Jun 20, 2011
We are trying to configure our 2106 wireless lan controller to expire wireless users sessions so the user is not remembered indefinitely. We are using freeradius to validate the users login information and passing back a "session-timeout" avpair but the WLC seems to be ignoring this value.
How to configure the session expiration time of wireless users on a 2106?
View 2 Replies
View Related
Jan 19, 2012
We're having trouble trying to deploy 802.1x authentication on a brand new site.
Our primary and secondary ACS are located in Paris and the new site located in Toulouse, France. Both sites are connected through the WAN. Everytime a computer/user connects to this new site in Toulouse, ACS 5.2 sends a "5411 EAP session timeout" error message.
View 9 Replies
View Related
Mar 1, 2013
I have a DIR-825 with 2.60VT firmware (rented from Videotron).
Even though the manual says the stateful firewall should have a timeout on connections of 240 seconds or 7800 seconds, all of my connections start at a mere 120 seconds. I'm having trouble with IMAP IDLE pushing e-mails because the connections timeout so quickly (before any stay alive can be sent). A connection to the e-mail server gets opened on 143 (Videotron) or 993 (encrypted - google, e.g.), and I see the connection on the Internet Sessions page, the timeout starts at 120. When it hits 0, the connection is no longer displayed (it is not renewed), and the IMAP IDLE ****s out because the server can't find the client (i.e. the connection has been closed). But it's not just on those ports or servers. ALL of my TCP sessions begin at a mere 120 seconds! Even for a home router, isn't this way too low?
confirm that their DIR-825, on the Internet Sessions page, shows initial timeout values of greater than 120 for a TCP connection? I would love to see a picture of that screen showing higher values. Does it start at 240? Do you ever see a connection start at a timeout of 7800?
I see no way of changing the timeout value. Is it possible to force connections on certain ports to begin at a higher timeout value?
View 5 Replies
View Related
Sep 1, 2011
Per PCI & company policy all VPN users have a 12 hour session limit. They will disconnected after 12 hours regardless of use. Is there any way to send a message prior to the 12 hour limit to warn the users that they will be disconnected in x minutes? I'm running SSL VPN on a ASA 5520 ver 8.4(1)
View 1 Replies
View Related
Oct 11, 2011
Is there any way to change a setting which causes a user logged in to the web browser interface (or connected via ssh) to have to re-authenticate. Im getting annoyed by being disconnected from the AP and having to re-authenticate.
View 1 Replies
View Related
Nov 3, 2011
What the command to prevent a telnet session to the 4400 controller from timing out is?
View 1 Replies
View Related
Aug 27, 2012
For guest clients , we have configured guest vlan and applied external web authenication on WLC 5508 , the session timeout value is 2700secons . When a client open a browser to internet page , wlc will redirect to URL and get the login page . After completed the login , he can go to internet page .
We find the iPhone and ipad clients will get the login page again ahfter ~ 5 mins , it is mismatch with session timeout value 2700 sec (45 mins) .
View 5 Replies
View Related
Aug 15, 2011
Our company has installed ACS Version: 5.1.0.44.6 Internal Build ID: B.2347 with patches: 5-1-0-44-5, 5-1-0-44-6. The security policy of our company includes a password change every 3 months. Our programmers had written a script that allows us to do it. When testing revealed that the script does not work. This is due to the fact that it is not possible to enter the mode "acs-config". In determining the reasons it was found that to enter this mode there is a limit on sessions (6 sessions). When the number of connections becomes larger than 6 then the script does not work. The documentation says that the update is not active sessions is set with terminal session-timeout. In this case, the terminal session-timeout 30. But after 30 minutes of the session will remain active. It interferes with our script.
View 1 Replies
View Related
May 6, 2013
what would be causing my management HTTPS session to a SF200-24 to suddenly timeout? I receive "The session has been timed out. You may log in again" few mins after logging into to switch.Sometime it happens within 45seconds, other times after 3mins, timouts are not consistent. And, i was not idle when it timed-out. My HTTPs idle time-out is set for 10mins.
I had a continuous PING going to managment IP, and it did not drop any pings when session timed-out.Interface stats are also clean. I tried IE, FireFox, Chrome and all are timming out.
I've changed the HTTP default idle-time out from 1 to 10 and my HTTPs stopped timing out. Management Access Authentication is cleary set for HTTPs, and the Idle-timeout for HTTPs was set for 10mins since install. Yet, adjusting the HTTP idle-timeout cleared the issue.
View 1 Replies
View Related
Jan 25, 2012
I have an SG300-20 here for testing (firmware: 1.1.2.0, boot version: 1.0.0.4, language version: 1.1.1.6 English). Everything seems to work on it, except, that if I choose Radius authentication by mac address only, then the switch does not honor the Idle-Timeout and Session-Timeout attributes from the Radius server (freeradius).
The setup is the following: I have a no name access point plugged in to switch port gi1. The port gi1 is set up for Radius authentication by mac address only. The access point itself is authenticated, no problem with that. If I connect through the access point by (say) a mobile phone, it is authenticated, no problem. The radius server does send the Idle-Timeout and Session-Timeout attributes, I checked it by running "freeradius -X", both are set to 30 seconds. Then I turn off the wireless card in my mobile phone and check the dot1x users by "show dot1x users". My mobile phone's mac address remains there for 5-10 minutes, so the Idle-Timeout and Session-Timeout does not work.
Another way I could resolv this problem is by explicitely asking the switch to reauthenticate the user. Unfortunately there is no CLI command to do just that, I can do however a reauthentication on a port using "dot1x re-authenticate gi1" (for example). But it does not work as it is expected: the switch uses the stored mac-address to reauthenticate the user, so nothing changes on the port (unless something changes in the radius server). I think it should work like the following: remove the authenticated user from the port, and whenever that mac address makes some network traffic, then reauthenticate as if it were a completely new connection. BTW: it would work for me also if I could just remove an authenticated user from a port, but I did not find a command to do that.
As a last resort I can simply shutdown the port, bring it up again ("shutdown" and "no shutdown" in the interface config), then all users are removed from the port and they all mush reauthenticate. But it causes a network outage for a couple of seconds for all users on that port, on a busy access point it is quite disturbing, and it is not an elegant way to do this.
So my actual question is: is there a way to remove an authenticated user either automatically (Idle-Timeout and Session-Timeout) or manually from this switch?
I enclose the relevant part of the running config.
interface range gi1-2
dot1x host-mode multi-sessions
exit
vlan database
vlan 2-4
exit
[code]....
View 2 Replies
View Related
Oct 19, 2012
Just recently we replaced our HQ Cisco-Pix with Cisco-ASA 5510. where we have many branches connecting to our HQ through site-to-site vpn. Since putting this new ASA5510 at HQ , while we are getting a Remote-Desktop session into our branches clients, and at the time when even a single TIMEOUT occurs on the vpn-link so the remote-desktop session gets completely lost. then we have to re-connect the session.This issue happens as i said above when a single timeout occurs on the vpn link. What is the issue with the ASA5510. because with pix we didn't have this issue, remote-desktops were never getting lost / reset with single timeout
View 1 Replies
View Related
Oct 30, 2011
Some of my Lightweight Access Points lose connection every 10 minutes now, it worked without problems before.
I'm using an AIR-CT5508-K9 Controller with Version 7.0.116.0 and AP are all AIR-LAP1242AG-E-K9.
In the log I find informations about my node changing his parent and then reseting the radio interface.
I checked my configuration, but perhaps I missed something.
7Mon Oct 31 14:35:11 2011AP's Interface:0(802.11b) Operation State Up: Base Radio MAC:00:3a:99:90:55:c0 Cause=Radio interface reset. Status:NA8Mon Oct 31 14:35:11 2011AP's Interface:0(802.11b) Operation State Down: Base Radio
[Code]......
View 9 Replies
View Related
Jul 14, 2012
I've been running into an issue for the past week or so where my wireless adapter intermittently can't contact my router.When it occurs the network connection reads as having limited connectivity. I'm unable to send requests to load webpages, and videos and the like stop loading. Sometimes the network disconnects entirely. After this occurs, I can't connect again for a few minutes. My connection consistently reads as having 2-3 bars available. The issue tends to occur frequently, often every 15 minutes or so. Strangely enough, I have been able to play bf3 online for over 40 minutes without connection problems (I quit before any occurred - not sure if any would have). So far I've tried the windows troubleshooter, updating the driver to my wireless networking adapter, manually assigning my network address (tried 192.168.1.4, 192.168.1.5, etc), setting my 802.11b preamble to "Long only" and performing a system restore. I have rebooted my machine as well.
My technical specs are as follows:I'm running Windows 7 Ultimate N 64 bit edition with service pack 1. System has 8gb Ram, an i5-3570k processor and HD7850 graphics card. Motherboard is the Asrock Z77 extreme 4. My wireless network adapter is the TP-link TL-WN722N. The adapter was working fine for some time before this issue appeared.My router is an old U.S. Robotics Wireless MaxG Router. It seems to work fine with other computers in the household, although it does require fairly frequent power-cycling. Running ipconfig on the command prompt while the internet is working returns:
Quote:
Windows IP Configuration
Wireless LAN adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::293a:e9bb:ba5a:7536%14
IPv4 Address. . . . . . . . . . . : 192.168.2.5
[code]....
View 3 Replies
View Related
Dec 10, 2012
Have two WRT54G Wireless Routers.
-One WRT54G ver. 6, Firmware Version v1.028
-One WRT54G ver. 6, Firmware Version v2.x
With the WRT54G ver. 6, Firmware Version v1.028.When I ran the android app WiFi Analyzer, I get mixed results.On my Samsung Galaxy S3, I saw my signal on Channel 2, and others around me (two on Channel 6 and two on Channel 11).On my ASUS Transformer Prime TFT201 I see the same signals, but my router signal bounces continously between the baseline (-100dBm?) and about -35dBm.
Plugged in the WRT54G ver. 2, Firmware Version v2.x Channel 8.Hooked it up and got good steady signal strength. It Had 'WPA - Shared Key' but did not have the 'WPA - Personal' that was on the ver. 6. So, I had to go and screw things up. I've upgraded this to Firmware Version: v4.21.5 and guess what? I now have 'WPA - Personal'. I also have a signal is bouncing on BOTH units.
On my ASUS, I can see both routers. The ver. 2 AND the ver. 6 are bouncing between baseline and -35dBm, in unison. Apprently something in the ASUS does not like the later Firmwares.On my Samsung I can see the two signals - the ver. 2 on Channel 8 is stable as a rock and the ver. 6 on Channel 2 is also bouncing, but at a much slower rate! Running Speedtest.net a PC hardwired to the ver. 2 - I get 5.34 Mb/s Download and 0.47 Mb/s upload (yeah, my Internet sucks!) Running Speedtest.net through the ASUS/WiFi to the ver. 2 - I get 2.43 Mb/s Down and 0.65 Mb/s Up.Running Speedtest.net through the Samsung/WiFi to the ver. 2 - I get 5.07 Mb/s Down and 1.07 Mb/s Up.
View 6 Replies
View Related
Feb 29, 2012
I was able to connect to my 5ghz and 2.4ghz networks just fine. Now today I get a message that the connection timed out whenever I try and connect to the 5ghz. I have done a 30/30/30 reset, and still no joy. The one thing I haven't done yet is a 30/30/30 with a configuration from scratch. I will probably try that later. I've done the usual things like change the channel and all that, still no go. Other things I've done, change the network name, change the MTU, restart my machine. However, this is happening on other devices as well. The 2.4ghz network, solid as a rock.
View 1 Replies
View Related
Oct 6, 2011
here comes the incident description: WRVS4400N breaks established VPN session if I am trying to connect to any LAN host via HTTPS.
View 1 Replies
View Related
Nov 26, 2012
ASA 8.2(5), uauth absolute timeout is disabled and inactivity timeout is set to 48 hours:
timeout xlate 48:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:00:00 absolute uauth 48:00:00 inactivity
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
Users still get kicked out every 8 hours and they have to reauth. This is a logging message:
%ASA-5-109012: Authen Session End: user 'john', sid 839, elapsed 28801 seconds
View 1 Replies
View Related
Aug 11, 2011
Im having some Ping / MS issues lately. My ping bounce up and down from 30 to 600 in just some seconds, and its really unstable. Im using the same internet as my neightbour ( internet cable through the wall) Is there any1 who can give me some tips so I don't need to worry about my ping anymore?,I don't know much about he's internet though.
View 3 Replies
View Related
Oct 4, 2012
I am trying to get a vlan change done with CoA and MAB on a WLC 7.2 but it looks like it doese't disconnect the client, hence no new dhcp request.
Everything is working except 'port bounce'. I can see the new vlan in the controller, if i do a ifconfig /renew on the client it gets the new subnet and everything works as it should. If i remove the endpoint in ISE it swaps the vlan again on the controller, but no port bounce.
View 4 Replies
View Related
Apr 25, 2013
Is it possible to have a license loaded on an AIR-CT5508-HA-K9 in order to have it working as a stand alone controller?
View 4 Replies
View Related
Mar 11, 2012
we do have a site where we need to deploy AIR-LAP1142N-E-K9 and AIR-LAP1242G-E-K9 APs. We have two AIR-CT5508-K9 controllers with SW version 6.0.188.0.AIR-LAP1142N-E-K9s work okay, as expected, we do not have any problems with them.However AIR-LAP1242G-E-K9s do not, there is a problem with establishing CAPWAP tunnel with the controller.The AP is seen on the controller for a while, with 0 time up-time, cannot change any settings on the AP via controller, and after a while it disapears from the controller, apears again and this repeats.
The APs and controllers are connected to the LAN campus.Controllers via two 1G links configured as Etherchannel to WS-C6506-E VSS switch with s72033-ipservicesk9_wan-z.122-33.SXI1.bin on it.APs to WS-C3750G-48PS with c3750-ipbasek9-mz.122-50.SE2.bin on it. 3750 is connected to the C6505 via two 1G links configured as Etherchannel.Below I copied the log I captured on 1242 and the controller. Highlighted ones are the ones which I think might bring a clue.
I performed some troubleshooting steps.
- As we have some other controllers available over WAN, I tested the 1242 AP with 2100, 4400 and also with the same model AIR-CT5508-K9 with SW version 6.0.188.0 over WAN and this worked always okay.
- I wanted to be sure that I eliminate any kind of out of sequence packet issue, so I brought down all redundancy L2 links so that the L2 path from the AP to the controller was only through one leg links.
- I also brought the second controller down to eliminate potential issue with having two of them up.
- The AP gets its IP from DHCP configured on the C6506 switch, I am always able to ssh to AP, so the IP connectivity does not seem to be an issue.
- I have more 1242s, all behave in the same way. I also connected them to some other 3750 switches we have in the campus, always the same.
- As this seems to be maybe a kind of ssl issue, I tried to play with controller settings, like enabling Accept... options under Security/AP Policy,but this did not work.
- I also tried to reboot the controller, no improvement.
- The APs came from the factory, so in the beginning everything was factory default in them. They were always able to download the image from the controller in the very initial phase. I still do have some of them untouched, so I can perform any troubleshooting steps with the fresh one.I can reproduce this, can also send debugging logs if needed.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This Discussion has been converted into document:- [URL]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
AIR-LAP1242G-E-K9 10.0.13.28 log
*Mar 1 00:00:05.922: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:07.536: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot1 1Radio 0
*Mar 1 00:00:07.672: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 304 messages)
[code]....
View 13 Replies
View Related
Nov 28, 2011
I've two wlc model CT5508 version 7.0.116.0. They are working fine except for the RF grouping part. When I look at the RF Group members part in the configuration, I can see only one wlc (the one I'm connected to). If I connect to the second one, in the same part, I've just one controller (so the second one..). I tried to restart the algorithm but no change. Each controller is configured with Group Mode set to auto, and their respective role are auto-leader...I tried to change the RF group name on both wlcs, but it didn't fix the problem. When I look at the logs, there is one which appear quite often:
*emWeb: Nov 29 10:32:07.764: %LOG-6-Q_IND: dtl_arp.c:2581 ARP input q exceeds limit. Current val = 50 [...It occurred 38 times.!]
View 2 Replies
View Related
Oct 3, 2012
I have issue about Wireless controler , i have 2x WS-C3750G-24WS and 1x AIR-CT5508-50-K9 , i have max 50 access point license and i can't upgrading because WS-C3750G-24WS is and of life , can i use AIR-CT5508-50-K9 with 3750G to work together? , mobility and everything....
View 1 Replies
View Related
May 6, 2013
i received access point types AIR-LAP1252AG-E-K9, which i want to connect to my wlan controller AIR-CT5508-K9. Update from IOS etc. is working fine. Also all access points are recognized by the controller.We got the AIR-LAP1252AG-E-K9 with two antenna versions.
View 1 Replies
View Related
Nov 7, 2012
I’m having a problem of joining new Aps( Ari-ap1242G-E-k9 ) to the following wireless LAN controller. WLC details as follows,
Model No - AIR-CT5508-K9
Software Version - 7.0.116.0
AP Model - ARI-AP1242G-E-K9
AP console logs attached in Error.jpg file
View 5 Replies
View Related
Apr 17, 2012
What is the operating and/or peak power consumption (in kW) of a 5508 WLC with redundant power supplies?
The below power details are from the 5508 datasheet which lists 115 W as the maximum draw (0.115 kW) however this seems a bit low, is this right?
Input power: 100 to 240 VAC; 50/60 Hz; 1.05 A at 110 VAC, 115 W Maximum; 0.523 A at 220 VAC, 115 W Maximum; Test Conditions: Redundant Power Supplies, 40C, Full Traffic. Heat Dissipation: 392 BTU/hour at 110/220 VAC Maximum Cisco 5500 Series Wireless Controllers Data Sheet: [URL]
View 1 Replies
View Related
Jan 28, 2013
Basically I need to upgrade the license for Base-AP count to add 100 more AP's however my vendor has provided hardcopy of license as below:
-LIC-CT5508-UPG
-AIR-CAS-3KC-K9
-AIR-WIPS-AP-5
-L-NCS-1.0-100-ADD
My understanding is rigister LIC-CT5508-UPG/PAK number on cisco site and get .lic file however what is the use of other PAK where do i register this files with? Moreover , we do have NCS , MSE in place which is centralised devices.
View 2 Replies
View Related
Jun 2, 2013
We are facing a strange issue with GRE tunnel. We are using this tunnel from a branch office to Hub office. All other tunnels terminated on Hub router are working fine. Issue with this tunnel is that whenever WAN connection goes down Line protocol on tunnel interface some times comes up and sometimes not (therefore we have to reset the tunnel interface and it comes up). IOS used on this router : c2900-universalk9-mz.SPA.152-1.T2
View 5 Replies
View Related
Aug 9, 2012
At the moment I am trying to connect to a DHCP ISP, but the connection only last for 10-15mins and then it will automatically disconnected. Every time I reset the WAN port , service back to normal for another 10-15 mins ><
[code]...
View 2 Replies
View Related
