WLCS 4402 Client Session Timeout

I am having an issue with my 4402. In the WLAN I have created there is a setting called Session Timeout. This by default is set to 1800 secs. This forces the clients to reauthenticate on the wireless every 30 minutes. I want to change this to 28000 secs. I have tried through both the Web and CLI. It seems to accept the change with no errors however will not take the change. I have even done this at CLI, saved the config and reset the system. Still at 1800. How do we get this changed?

Hi Jim,
Have a look at this thread, just a guess here but I don't think that this setting is the one causing the 30 minute timeout. My understanding was that this setting is actually in minutes (could be wrong),
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Security%20and%20Network%20Management&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddbab5d/0#selected_message
Hope this helps!
Rob

Similar Messages

DHCP and WLC 4402 clients

Hi
Our scenario is that we are building a test rig-up prior to WLC deployment. We have a 4402 WLC with LAP1242s, Windows clients. The WLC is running v4.2.99 firmware.
Our problem is that the wireless clients are not collecting DHCP addresses.
The configuration is:
Base network address is 172.31.4.0 / 255.255.252.0.
WLC on 172.31.7.220 / .221.
DHCP server on 172.31.4.12
G/W on 172.31.4.1.
We are simulating the gateway with an ADSL router (not connected so no external traffic but at the moment that is the least of our troubles), and the DHCP server with a Cisco 805 router with only the Ethernet interface in use (the 805 permits us to configure a different D/G to the DHCP server).
We have a catalyst 2950 switch in the circuit which has no VLANs nor access-lists configured.
The wireless clients can associate to the LWAPs but do not collect an IP address.
Wired clients can collect DHCP addresses and ping the DHCP, GW and controller.
Can anyone help me understand what is going on here please and how to get the DHCP working?
We did use this configuration - exactly these boxes in fact - to configure a different WLC last week (different subnets though) and we were successful - but not now.
Thanks in advance

I see.
We are not using option 43 at all. The DHCP server is unchanged - the APs are using network broadcast to find the controller. As I posted above, the APs are contacting the controller without a problem, the clients are associating with the APs without a problem, only the clients weren't getting an IP adress.
The problem appeared to go away totally after I re-configured it with v4.1.185. It's in and working now so I won't be spending any more time on it.
While it would be interesting to try things out, these controllers are too expensive to have one lying around for long ;-)

WLC 4402 - clients connection to AP problem

Hi, have a problem with clients connection to AP. On WLC can see status Probing, sometimes associated but no IP received. It was working for a month but stopped for some reason. Am slightly not sure on the steps how it all works ? First authentication takes the place and then IP assignment by DHCP, correct ? Could you please help in pinpointing the problem ? Radius reachable from WLC, AP's have IP's assigned by DHCP server from another subnet

Hi,
You can turn off the client exclusion and aironetIE under the wireless lan setting.
You can also set to allow longer time out:
config advanced eap eapol-key-timeout 5
config advanced eap eapol-key-retries 4
Below is the Reason code Meaning
0 Reserved
1 Unspecified reason
2 Previous authentication no longer valid
3 Deauthenticated because sending STA is leaving (or has left) IBSS or ESS
4 Disassociated due to inactivity
5 Disassociated because AP is unable to handle all currently associated STAs
6 Class 2 frame received from nonauthenticated STA
7 Class 3 frame received from nonassociated STA
8 Disassociated because sending STA is leaving (or has left) BSS
9 STA requesting (re)association is not authenticated with responding STA
10 Disassociated because the information in the Power Capability element is unacceptable
11 Disassociated because the information in the Supported Channels element is unacceptable
12 Reserved
13 Invalid information element, i.e., an information element defined in this standard for
which the content does not meet the specifications in Clause 7
14 Message integrity code (MIC) failure
15 4-Way Handshake timeout
16 Group Key Handshake timeout
17 Information element in 4-Way Handshake different from (Re)Association Request/Probe
Response/Beacon frame
18 Invalid group cipher
19 Invalid pairwise cipher
20 Invalid AKMP
21 Unsupported RSN information element version
22 Invalid RSN information element capabilities
23 IEEE 802.1X authentication failed
24 Cipher suite rejected because of the security policy
25-31 Reserved
32 Disassociated for unspecified, QoS-related reason
33 Disassociated because QoS AP lacks sufficient bandwidth for this QoS STA
34 Disassociated because excessive number of frames need to be acknowledged, but are not
acknowledged due to AP transmissions and/or poor channel conditions
35 Disassociated because STA is transmitting outside the limits of its TXOPs
36 Requested from peer STA as the STA is leaving the BSS (or resetting)
37 Requested from peer STA as it does not want to use the mechanism
38 Requested from peer STA as the STA received frames using the mechanism for which a
setup is required
39 Requested from peer STA due to timeout
45 Peer STA does not support the requested cipher suite
46-65535 Reserved

Idle/session timeout vs sleeping client

Hello,
We will soon upgrade to WLC from 7.4.110 to 7.6.120 and find out a new feature : spleeping client.
I was wondering the purpose of the sleeping client vs idle timeout/session timeout.
In our case we have an idle client set to 14400 seconds (4H) and session timeout set to 28880 (8H) for web-auth SSID. Thus, even if a laptop is sleeping for 3H it will still be authenticated as the idle timeout has not been reached.
Based on those facts, what will be the purpose of the sleeping client feature as it must be set higher than the session timeout ?
Thanks for your support :-).

make sure that the session timeout is greater than the client idle timeout, otherwise the sleeping client entry would not be created.
After entering the appropriate login credentials for web-auth, the client get authenticated and moves to RUN state.
Now if the client configured is idle for 300 seconds (default idle timeout value) or disconnects from the WLAN it is connected to, then the client will move to sleeping clients.
Once the client is moved to the Sleeping Clients, the timeout session starts and the remaining time before the client entry is deleted/cleared is displayed.
If the client wakes up or joins back to the same WLAN, it doesn't require re-authentication.
the number of sleeping clients that are remembered has increased to 25000 from the previous 9000. A larger number of sleeping clients are remembered even after waking up, on the wireless network with high-scale Cisco WLCs. This eliminates the need for user intervention to re-enter credentials for a greater number of clients.

Idle Timeout & Session Timeout in Wireless LAN Controller

Hello Team;
               I am confused with these two values and their working.
1. Idle Timeout :
    Case 1 : When the client move out of the wireless covergae area or shutdoiwn his laptop, controller will wait for the idle timeout to expire and then the AP sends the disassocciation frames to the client, and if the AP is not getting any acknowledgement , the client entry is deleted from the WLC
   Case 2 : In this case the clients manually disconnect from the SSID. Thatmeans the client is initiating the disassociation request to AP and the controller. In this case since the client is sending the disconnect notification does the controller should wait for the idle timeout to expire or once it receives the disassociation message from the client, it will immediately remove the entry from the controller regardless of the idle timeout value.
Please confirm
2. Session Timeout :
         Could you please let me know the difference between these two values. One differenec i know is that idle timeout is globally and the session timeout is specific to the SSID. Other than this is there any functionality difference between these two?
Thanks & Regards
Sreejith R

Session timeout is a value that forces a re-auth when the timer expires. This value starts copying down when the client is authenticated. Idle timer is also a hard timer and it removes the client from the WLC after this timer expires. So if a user powers down his or he laptop or a device goes to sleep and doesn't respond to the AP, this timer starts counting down. When the value expires, then the next time that client associates, he or she will have to perform a full authentication. This is however if you not using open encryption and nothing else.
You will be able to see the values decrement inf when you look at the client status on the WLC. In the monitor tab and clients.
Sent from Cisco Technical Support iPhone App

Virtual WLC, dropping clients.

Hello.
I have some clients who are getting dropped på an AP. I have used the debug client command, can anyone tell what to change on the WLC to make the erros stop.
The vWLC is running the newest version, and AP's are 1602i.
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e Processing WPA IE type 221, length 22 for mobile 68:b5:99:45:44:8e
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e 0.0.0.0 8021X_REQD (3) DHCP required on AP 68:86:a7:ca:bd:40 vapId 5 apVapId 5for this client
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e Not Using WMM Compliance code qosCap 00
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 68:86:a7:ca:bd:40 vapId 5 apVapId 5 flex-acl-name:
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e apfMsAssoStateInc
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e apfPemAddUser2 (apf_policy.c:276) Changing state for mobile 68:b5:99:45:44:8e on AP 68:86:a7:ca:bd:40 from Idle to Associated
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e apfPemAddUser2:session timeout forstation 68:b5:99:45:44:8e - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e Sending Assoc Response to station on BSSID 68:86:a7:ca:bd:44 (status 0) ApVapId 5 Slot 0
*apfMsConnTask_6: Oct 07 16:01:16.954: 68:b5:99:45:44:8e apfProcessAssocReq (apf_80211.c:7399) Changing state for mobile 68:b5:99:45:44:8e on AP 68:86:a7:ca:bd:40 from Associated to Associated
*apfMsConnTask_6: Oct 07 16:01:16.961: 68:b5:99:45:44:8e Updating AID for REAP AP Client 68:86:a7:ca:bd:40 - AID ===> 3
*dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e Creating a PKC PMKID Cache entry for station 68:b5:99:45:44:8e (RSN 0)
*dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e Setting active key cache index 8 ---> 8
*dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e Setting active key cache index 8 ---> 0
*dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e Initiating WPA PSK to mobile 68:b5:99:45:44:8e
*dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e dot1x - moving mobile 68:b5:99:45:44:8e into Force Auth state
*dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e Starting key exchange to mobile 68:b5:99:45:44:8e, data packets will be dropped
*dot1xMsgTask: Oct 07 16:01:16.963: 68:b5:99:45:44:8e Sending EAPOL-Key Message to mobile 68:b5:99:45:44:8e
                                                                                                              state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.972: 68:b5:99:45:44:8e Received EAPOL-Key from mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.972: 68:b5:99:45:44:8e Received EAPOL-key in PTK_START state (message 2) from mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.972: 68:b5:99:45:44:8e Stopping retransmission timer for mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.972: 68:b5:99:45:44:8e Sending EAPOL-Key Message to mobile 68:b5:99:45:44:8e
                                                                                                                    state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e Received EAPOL-Key from mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e Stopping retransmission timer for mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP 68:86:a7:ca:bd:40 vapId 5 apVapId 5for this client
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 68:86:a7:ca:bd:40 vapId 5 apVapId 5 flex-acl-name:
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.981: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5952, Adding TMP rule
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 68:86:a7:ca:bd:40, slot 0, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 1, Local Bridging intf id = 6
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.982: 68:b5:99:45:44:8e Key exchange done, data packets from mobile 68:b5:99:45:44:8e should be forwarded shortly
*Dot1x_NW_MsgTask_6: Oct 07 16:01:16.982: 68:b5:99:45:44:8e Sending EAPOL-Key Message to mobile 68:b5:99:45:44:8e
                                                                                                                    state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*apfReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5576, Adding TMP rule
*apfReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 68:86:a7:ca:bd:40, slot 0, interface = 1, QOS = 0
IPv4 ACL ID = 255,
*apfReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 1, Local Bridging intf id = 6
*apfReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Oct 07 16:01:16.982: 68:b5:99:45:44:8e 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*spamApTask1: Oct 07 16:01:16.990: 68:b5:99:45:44:8e Sent EAPOL-Key M5 for mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:17.001: 68:b5:99:45:44:8e Received EAPOL-Key from mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:17.001: 68:b5:99:45:44:8e Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:17.001: 68:b5:99:45:44:8e Stopping retransmission timer for mobile 68:b5:99:45:44:8e
*DHCP Socket Task: Oct 07 16:01:28.373: 68:b5:99:45:44:8e DHCP received op BOOTREPLY (2) (len 333,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Oct 07 16:01:28.373: 68:b5:99:45:44:8e DHCP setting server from OFFER (server 10.21.1.254, yiaddr 10.21.1.96)
*DHCP Socket Task: Oct 07 16:01:28.376: 68:b5:99:45:44:8e DHCP received op BOOTREPLY (2) (len 333,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Oct 07 16:01:28.376: 68:b5:99:45:44:8e apfMsRunStateInc
*DHCP Socket Task: Oct 07 16:01:28.376: 68:b5:99:45:44:8e 10.21.1.96 DHCP_REQD (7) Change state to RUN (20) last state DHCP_REQD (7)
*DHCP Socket Task: Oct 07 16:01:28.376: 68:b5:99:45:44:8e Assigning Address 10.21.1.96 to mobile
*DHCP Socket Task: Oct 07 16:01:28.376: 68:b5:99:45:44:8e DHCP success event for client. Clearing dhcp failure count for interface data.
*DHCP Socket Task: Oct 07 16:01:28.376: 68:b5:99:45:44:8e DHCP success event for client. Clearing dhcp failure count for interface data.
*pemReceiveTask: Oct 07 16:01:28.376: 68:b5:99:45:44:8e 10.21.1.96 Removed NPU entry.
*Dot1x_NW_MsgTask_6: Oct 07 16:01:34.017: 68:b5:99:45:44:8e Received EAPOL-Key from mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:34.017: 68:b5:99:45:44:8e Received EAPOL-key to initiate new key exchange from mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:34.017: 68:b5:99:45:44:8e Initializing EAPOL-Key Request replay counter to 00 00 00 00 00 00 00 a0 for client 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:34.017: 68:b5:99:45:44:8e Starting key exchange to mobile 68:b5:99:45:44:8e, data packets will be dropped
*Dot1x_NW_MsgTask_6: Oct 07 16:01:34.017: 68:b5:99:45:44:8e Sending EAPOL-Key Message to mobile 68:b5:99:45:44:8e
                                                                                                                    state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.03
*Dot1x_NW_MsgTask_6: Oct 07 16:01:34.017: 68:b5:99:45:44:8e Received EAPOL-key MIC err message from mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:34.018: 68:b5:99:45:44:8e Received EAPOL-Key from mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:34.018: 68:b5:99:45:44:8e Received EAPOL-key to initiate new key exchange from mobile 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 16:01:34.018: 68:b5:99:45:44:8e Starting key exchange to mobile 68:b5:99:45:44:8e, data packets will be dropped
*Dot1x_NW_MsgTask_6: Oct 07 16:01:34.018: 68:b5:99:45:44:8e Sending EAPOL-Key Message to mobile 68:b5:99:45:44:8e
                                                                                                                    state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.03
*Dot1x_NW_MsgTask_6: Oct 07 16:01:34.018: 68:b5:99:45:44:8e Received EAPOL-key MIC err message from mobile 68:b5:99:45:44:8e
*dot1xMsgTask: Oct 07 16:01:34.997: 68:b5:99:45:44:8e Failure sending WPA EAPOL-Key due to invalid state 2 to mobile 68:b5:99:45:44:8e
*dot1xMsgTask: Oct 07 16:01:34.997: 68:b5:99:45:44:8e Unable to send WPA key to mobile 68:b5:99:45:44:8e
*dot1xMsgTask: Oct 07 16:01:34.997: 68:b5:99:45:44:8e Unable to update broadcast key to mobile 68:B5:99:45:44:8E
*osapiBsnTimer: Oct 07 16:01:35.201: 68:b5:99:45:44:8e 802.1x 'timeoutEvt' Timer expired for station 68:b5:99:45:44:8e and for message = M2
*dot1xMsgTask: Oct 07 16:01:35.201: 68:b5:99:45:44:8e Retransmit 1 of EAPOL-Key M1 (length 99) for mobile 68:b5:99:45:44:8e
*osapiBsnTimer: Oct 07 16:01:36.221: 68:b5:99:45:44:8e 802.1x 'timeoutEvt' Timer expired for station 68:b5:99:45:44:8e and for message = M2
*dot1xMsgTask: Oct 07 16:01:36.221: 68:b5:99:45:44:8e Retransmit 2 of EAPOL-Key M1 (length 99) for mobile 68:b5:99:45:44:8e
*osapiBsnTimer: Oct 07 16:01:37.241: 68:b5:99:45:44:8e 802.1x 'timeoutEvt' Timer expired for station 68:b5:99:45:44:8e and for message = M2
*dot1xMsgTask: Oct 07 16:01:37.241: 68:b5:99:45:44:8e Retransmit failure for EAPOL-Key M1 to mobile 68:b5:99:45:44:8e, retransmit count 3, mscb deauth count 0
*dot1xMsgTask: Oct 07 16:01:37.241: 68:b5:99:45:44:8e Resetting MSCB PMK Cache Entry 0 for station 68:b5:99:45:44:8e
*dot1xMsgTask: Oct 07 16:01:37.241: 68:b5:99:45:44:8e Setting active key cache index 0 ---> 8
*dot1xMsgTask: Oct 07 16:01:37.241: 68:b5:99:45:44:8e Sent Deauthenticate to mobile on BSSID 68:86:a7:ca:bd:40 slot 0(caller 1x_ptsm.c:546)
*dot1xMsgTask: Oct 07 16:01:37.241: 68:b5:99:45:44:8e Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
(Cisco Controller) >*osapiBsnTimer: Oct 07 16:01:47.442: 68:b5:99:45:44:8e apfMsExpireCallback (apf_ms.c:615) Expiring Mobile!
*apfReceiveTask: Oct 07 16:01:47.442: 68:b5:99:45:44:8e apfMsExpireMobileStation (apf_ms.c:5827) Changing state for mobile 68:b5:99:45:44:8e on AP 68:86:a7:ca:bd:40 from Associated to Disassociated

Hello!
Thanks for all you help. It worked for me setting the SSID to WPA2-AES.
I also got a nice answer from Cisco TAC:
I went through the data you kindly provided and can see that the printer has connected to wireless, the debugs you attached to the case shows that the AP is in RUN state:
*DHCP Socket Task: Oct 07 15:16:05.090: 68:b5:99:45:44:8e 10.21.1.96 DHCP_REQD (7) Change state to RUN (20) last state DHCP_REQD (7)
But, after a short while, the printer started replying with invalid EAPOL messages, the debug you attached to the case showing the following g message:
*Dot1x_NW_MsgTask_6: Oct 07 15:16:12.993: 68:b5:99:45:44:8e Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 68:b5:99:45:44:8e
Looking to the msglog on controller, we can see the following message:
*spamApTask1: Oct 07 19:02:37.430: #LOG-3-Q_IND: 1x_eapkey.c:618 TKIP MIC errors reported in EAPOL key msg from client 68:b5:99:45:44:8e
*Dot1x_NW_MsgTask_6: Oct 07 19:02:37.415: #DOT1X-3-WPA_KEY_MIC_ERR: 1x_eapkey.c:618 TKIP MIC errors reported in EAPOL key msg from client 68:b5:99:45:44:8e
*dot1xMsgTask: Oct 07 19:01:18.360: #DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1404 Unable to send EAPOL-key msg - invalid WPA state (2) - client 68:b5:99:45:44:8e
*spamApTask1: Oct 07 19:01:17.439: #LWAPP-3-MIC_COUNTER: spam_lrad.c:33547 The system has received MIC countermeasure, WLAN 5, slot 0 AP Lunderskov-Salg client 68:b5:99:45:44:8e
Looks like the printer is replying with invalid EAPOL message since it’s not compatible with TKIP encryption method, I can see on TTW-Printer SSID that WPA/TKIP is enabled on this SSID.
The Action Plan:
I would suggest to change the encryption method to WPA2/AES instead of WPA/TKIP, then test again, if you still have the same issue, please provide the new ‘debug client ’ output.
Let me know if you have any questions or comments,

Repeated wlc 5508 client web authentication

I'm trying to troubleshoot a situation where many of our guest wireless users are repeatedly being prompted to reauthenticate via the web interface. the session timeout is set to 4 hours, however, many times a client is presented with a web authentication screen right in the middle of browsing at random times.
I do have several system log entries, but cannot find the specific entries in the Error code reference for the WLC. For example, I don't find anything on %AAA-3-VALIDATE_GUEST_SESSION_FAILED: file_db.c:4022 Guest user session validation failed for guest1. Index provided is out of range..
I'm running a WLC 5508 with 7.0.98.0 and have read through all of the release notes, error code references, etc., and don't see anything regarding this issue.
The WCS screenshot shows a good example of how often this occurs! Is the client actually re-associating with the AP (which in turn would require a web reauth)? Not sure if I'm barking up the wrong tree - focusing on web auth when I may actually need to be focusing on AP association...
I do have a TAC case opened up, but was wondering if anyone has experienced this before?
Sorry for the rambling...

Rene,
I did several things and at least one of them seemed to resolve the issue:
These notes are directly from my TAC case and I will try to provide a little more information [in brackets].
1.       Upgrade WLC to 7.0.98.218 [self explanatory]
2.       Upgrade WCS to 7.0.172.0 [current version, as of this note]
3.       Increase DHCP scope time on ASA from default (30 minutes) to 4
days [DHCP running external from the WLC]
4.       Remove TKIP from the WLAN - only allow AES [had both configured but tech advised to only use AES]
5.       Increased session timeout from 14400 seconds to 64800 seconds
(4 hours to 18 hours) [don't think this helped resolve the issue, but it certainly was more convenient for our longer-term guests]
I think that the TKIP and/or DHCP setting was integral as part of the resolution. I upgraded the WLC because the version that I was running didn't have the web-auth debug option, so I'm not sure that that actually contributed to the resolution.
Good Luck,
Rob.

Enable Session Timeout - Guest web-auth

Hi All,
Just a quick one. If this timer expires when using web-auth on a guest wlan in the following way
PC --Ap -- WLC (campus) -- Anchor WLC (DMZ) --- www
Does the web session break and the user will be redirected to the web authentication page?
Many thx indeed,
Ken

Hi there.
http://www.cisco.com/en/US/docs/wireless/controller/5.0/configuration/guide/c5users.html#wp1048408
Thanks for the doc above. It has the info in there. Many many thx for your help.
Ken
The smaller of this value or the session timeout for the guest WLAN, which is the WLAN on which the guest account is created, takes precedence. For example, if a WLAN session timeout is due to expire in 30 minutes but the guest account lifetime has 10 minutes remaining, the account is deleted in 10 minutes upon guest account expiry. Similarly, if the WLAN session timeout expires before the guest account lifetime, the client experiences a recurring session timeout that requires reauthentication.

WLC 4402 - APs last reboot reason power loss

st1\:*{behavior:url(#ieooui) }
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Hi,
we have a Wireless LAN Controller WLC 4402, Software Version 4.1.192.22M (Mesh).
At the moment there are 6 Access Points in one house, one of them is the root AP. The others are only connected via electrical socket.
AP’s are: AIR-LAP1131AG-E-K9 / Boot Version 12.3.8.0 / IOS Version 12.4(3g)JMC1
I think the configuration worked fine over a period of 2 years.
Now the problem is that the number of access points connected to the controller is changing nearly every minute. At times there is only one AP connected to the controller. So it is impossible for the clients to build up a steady connection. They have to log in via the guest user web interface at short intervals or they can’t see the wireless lan.
First we thought it would be a problem of one or two “defect” access points. But we replaced 4 of the 6 access points and the problem is still there.
An example, yesterday:
13:17 o’clock – 2 AP’s
13:19 o’clock – 4 AP’s
13:21 o’clock – 5 AP’s
13:23 o’clock – 4 AP’s
13:25 o’clock – 5 AP’s
13:25 o’clock – 4 AP’s
13:26 o’clock – 5 AP’s
13:26 o’clock – 6 AP’s
13:28 o’clock – 4 AP’s
13:28 o’clock – 2 AP’s
Eye-catching is the following message of the log, which appears often: “52       Mon May 16 13:21:56 2011        AP 'AP001d.e557.6fd8', MAC: 00:1d:70:01:bc:20 disassociated previously due to AP Reset. Last reboot reason: power loss
Also eye-catching is the AP up time. The Root AP is up for over 80 days. But all the other access points show an up time of a few minutes until some hours…but not more.
Does anybody know what the problem could be?? I read some similar threads but no solution.
In the following an abstract of the log:
21        Mon May 16 13:25:43 2011        AP 'AP0021.d847.ffca', MAC: 00:23:5e:49:9d:e0 disassociated previously due to AP Reset. Last reboot reason: power loss
22        Mon May 16 13:25:30 2011        AP Disassociated. Base Radio MAC:00:1d:70:01:b5:a0
23        Mon May 16 13:25:30 2011        AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:1d:70:01:b5:a0 Cause=Heartbeat Timeout
24        Mon May 16 13:25:30 2011        AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1d:70:01:b5:a0 Cause=Heartbeat Timeout
25        Mon May 16 13:25:05 2011        Mesh child node '00:23:5e:49:9d:ef' has changed its parent to mesh node '00:1f:ca:cc:b7:40' from mesh node '00:1d:70:01:bc:20'.
26        Mon May 16 13:24:10 2011        AP Disassociated. Base Radio MAC:00:23:5e:49:9d:e0
27        Mon May 16 13:24:10 2011        AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:23:5e:49:9d:e0 Cause=New Discovery
28        Mon May 16 13:24:10 2011        AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:23:5e:49:9d:e0 Cause=New Discovery
29        Mon May 16 13:23:59 2011        AP's Interface:0(802.11b) Operation State Up: Base Radio MAC:00:1d:71:e1:b2:20 Cause=Admin Configured
30        Mon May 16 13:23:59 2011        AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1d:71:e1:b2:20 Cause=Admin Configured
31        Mon May 16 13:23:59 2011        AP's Interface:1(802.11a) Operation State Up: Base Radio MAC:00:1d:71:e1:b2:20 Cause=Admin Configured
32        Mon May 16 13:23:59 2011        AP's Interface:0(802.11b) Operation State Up: Base Radio MAC:00:1d:71:e1:b2:20 Cause=Admin Configured
33        Mon May 16 13:23:58 2011        AP 'AP001d.45d8.4ea6', MAC: 00:1d:71:e1:b2:20 disassociated previously due to AP Reset. Last reboot reason: power loss
34        Mon May 16 13:23:31 2011        AP's Interface:0(802.11b) Operation State Up: Base Radio MAC:00:1d:70:01:b5:a0 Cause=Admin Configured
35        Mon May 16 13:23:31 2011        AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1d:70:01:b5:a0 Cause=Admin Configured
36        Mon May 16 13:23:31 2011        AP's Interface:1(802.11a) Operation State Up: Base Radio MAC:00:1d:70:01:b5:a0 Cause=Admin Configured
37        Mon May 16 13:23:31 2011        AP's Interface:0(802.11b) Operation State Up: Base Radio MAC:00:1d:70:01:b5:a0 Cause=Admin Configured
38        Mon May 16 13:23:30 2011        AP 'AP001d.e557.6f0c', MAC: 00:1d:70:01:b5:a0 disassociated previously due to AP Reset. Last reboot reason: power loss
39        Mon May 16 13:23:13 2011        Client Association: Client MAC:00:1d:71:e1:b2:2f Base Radio MAC :00:1d:70:01:bc:20 Slot: 1 User Name:c1130-001D45D84EA6
40        Mon May 16 13:23:13 2011        Mesh child node '00:1d:71:e1:b2:2f' has changed its parent to mesh node '00:1d:70:01:bc:20' from mesh node '00:1f:ca:cc:b7:40'.
41        Mon May 16 13:23:04 2011        Mesh child node '00:1d:70:01:b5:af' has changed its parent to mesh node '00:23:5e:49:9d:e0' from mesh node '00:1f:ca:cc:b7:40'.
42        Mon May 16 13:22:57 2011        AP 'AP0021.d847.ffca', MAC: 00:23:5e:49:9d:e0 disassociated previously due to AP Reset. Last reboot reason: power loss
43        Mon May 16 13:22:39 2011        AP Disassociated. Base Radio MAC:00:23:5e:49:9d:e0
44        Mon May 16 13:22:39 2011        AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:23:5e:49:9d:e0 Cause=New Discovery
45        Mon May 16 13:22:39 2011        AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:23:5e:49:9d:e0 Cause=New Discovery
46        Mon May 16 13:22:39 2011        AP 'AP0021.d847.ffca', MAC: 00:23:5e:49:9d:e0 disassociated previously due to AP Reset. Last reboot reason: power loss
47        Mon May 16 13:22:17 2011        Mesh child node '00:23:5e:49:9d:ef' has changed its parent to mesh node '00:1d:70:01:bc:20' from mesh node '00:1f:ca:cc:b7:40'.
48        Mon May 16 13:21:57 2011        AP's Interface:0(802.11b) Operation State Up: Base Radio MAC:00:1d:70:01:bc:20 Cause=Admin Configured
49        Mon May 16 13:21:57 2011        AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1d:70:01:bc:20 Cause=Admin Configured
50        Mon May 16 13:21:57 2011        AP's Interface:1(802.11a) Operation State Up: Base Radio MAC:00:1d:70:01:bc:20 Cause=Admin Configured
51        Mon May 16 13:21:57 2011        AP's Interface:0(802.11b) Operation State Up: Base Radio MAC:00:1d:70:01:bc:20 Cause=Admin Configured
52        Mon May 16 13:21:56 2011        AP 'AP001d.e557.6fd8', MAC: 00:1d:70:01:bc:20 disassociated previously due to AP Reset. Last reboot reason: power loss
53        Mon May 16 13:21:39 2011        Client Association: Client MAC:00:23:5e:49:9d:ef Base Radio MAC :00:1f:ca:cc:b7:40 Slot: 1 User Name:c1130-0021D847FFCA
54        Mon May 16 13:21:32 2011        Client Association: Client MAC:00:23:5e:49:9d:ef Base Radio MAC :00:1f:ca:cc:b7:40 Slot: 1 User Name:c1130-0021D847FFCA
55        Mon May 16 13:21:12 2011        Mesh child node '00:1d:71:e1:b2:2f' has changed its parent to mesh node '00:1f:ca:cc:b7:40' from mesh node '00:1d:70:01:b5:a0'.
56        Mon May 16 13:21:05 2011        Client Association: Client MAC:00:1d:70:01:bc:2f Base Radio MAC :00:1f:ca:cc:b7:40 Slot: 1 User Name:c1130-001DE5576FD8
57        Mon May 16 13:20:32 2011        Mesh child node '00:23:5e:49:9d:ef' has changed its parent to mesh node '00:1f:ca:cc:b7:40' from mesh node '00:1d:70:01:bc:20'.
58        Mon May 16 13:20:11 2011        Mesh child node '00:1d:70:01:bc:2f' is no longer associated with mesh node '00:1f:ca:cc:b7:40'.
59        Mon May 16 13:20:06 2011        Mesh child node '00:1d:70:01:b5:af' has changed its parent to mesh node '00:1f:ca:cc:b7:40' from mesh node '00:1d:70:01:bc:20'.
60        Mon May 16 13:19:57 2011        AP Disassociated. Base Radio MAC:00:1d:70:01:b5:a0
61        Mon May 16 13:19:57 2011        AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:1d:70:01:b5:a0 Cause=Heartbeat Timeout
62        Mon May 16 13:19:57 2011        AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1d:70:01:b5:a0 Cause=Heartbeat Timeout
63        Mon May 16 13:19:49 2011        AP Disassociated. Base Radio MAC:00:1d:70:01:bc:20
64        Mon May 16 13:19:49 2011        AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:1d:70:01:bc:20 Cause=Heartbeat Timeout
65        Mon May 16 13:19:49 2011        AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1d:70:01:bc:20 Cause=Heartbeat Timeout
66        Mon May 16 13:19:39 2011        AP Disassociated. Base Radio MAC:00:23:5e:49:9d:e0
67        Mon May 16 13:19:39 2011        AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:23:5e:49:9d:e0 Cause=Heartbeat Timeout
68        Mon May 16 13:19:39 2011        AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:23:5e:49:9d:e0 Cause=Heartbeat Timeout
69        Mon May 16 13:19:36 2011        AP Disassociated. Base Radio MAC:00:1d:71:e1:b2:20
70        Mon May 16 13:19:36 2011        AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:00:1d:71:e1:b2:20 Cause=Heartbeat Timeout
71        Mon May 16 13:19:36 2011        AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:00:1d:71:e1:b2:20 Cause=Heartbeat Timeout
Greetings Lydia

st1\:*{behavior:url(#ieooui) }
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Hey,
last week I tried to upgrade the controller step-by-step.
Under the software 4.1.192.35M the problem was still there… access points were often disassociated from the controller.
There were problems with Software 4.2.207.54M too. The access points couldn’t reach the download-status. The log of the access point said that it could not open the tar-file.
So I went back to 4.1.192.35M. Of course the controller lost some of its configuration. I configured it new with the same settings as before.
After it the wireless connection seemed to be a little bit more robust. I asked the users to test the connection at the weekend and this is the answer:
“so we tested the WLAN during the weekend. The situation definitely improved with respect to before. Authetication is much faster and the connection (when active) is sensibly faster.
However the connection is still very unstable and it is necessary every five-ten minutes to reconnect (especially for intense network traffic like when watching a streaming content or using VOIP applications. Actually switching off and on again the WLAN card (Airport) often a new authentication is not required. However, without doing so the connection would not resume alone to a working state.
So what to say? Better than before (thanks) but far from being fixed. From last September to January we did not experience any problem, so it must be something that chronologically happened at the beginning of the year, it is not a systemic problem.
But there were no changes or anything else at the beginning of the year.
Do you mean it makes sense to resume upgrading? I’m a little bit afraid of more problems like under 4.2.207.54M
Greetings Lydia

Wlc 4402 sesion logoff

hello. how do i avoid that ask me to WLC authentication from time to time? i want autenticate once and that sesion doesn`t expire until i court (or logoff.
i looked at options and configuration of the wlan is like:
Sesion Timeout................0
Re-Authentication Timeout.....0
Remaining Re-Authentication...Timer is not running
But every now and then it disconnetes me anyway.
Is it necessary to change the settings in the network this option:
User idle timeout......300 seconds??
Thank you.

Session timeout should do the trick. Generally reauthentication is meant for clients. In this case save the configurartion and try rebooting the controller by unplugging the power and then reboot it.

Session Timeout directly taking to login page

Hi,
In our application when session time out happens, it is directly taking to login page, instead of showing the time out error message . We have a CustomExceptionHandler defined in our application. When I debugged, I identified that the following error message
<StateManagerImpl><restoreView> Could not find saved view state for token -ppfn0o4n8 (*ADF_FACES-30107)*
comes when user clicks login the second time.
We want to know how to get the error message first before it goes to the login page? Any configuration we are missing?
Here is our applications web.xml
<?xml version = '1.0' encoding = 'UTF-8'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<description>Empty web.xml file for Web Application</description>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>jndiContext</param-name>
<param-value>inv</param-value>
</context-param>
<context-param>
<param-name>UserEnvironmentName</param-name>
<param-value>UserEnvironment</param-value>
</context-param>
<context-param>
<param-name>CacheConfigureFile</param-name>
<param-value>inv-cache.xml</param-value>
</context-param>
<context-param>
<param-name>SecurityRepositoryClass</param-name>
<param-value>oracle.communications.inventory.api.framework.security.impl.SecurityRepositoryImpl</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>oracle.adfinternal.view.rich.libraryPartitioning.ENABLED</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>ilog.views.faces.CONTROLLER_PATH</param-name>
<param-value>/_contr</param-value>
</context-param>
<context-param>
<param-name>ilog.views.faces.CONTENT_LENGTH_ENABLED</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>APPLICATION_NAME</param-name>
<param-value>Unified Inventory Management</param-value>
</context-param>
<context-param>
<param-name>COPYRIGHT_FROM_YEAR</param-name>
<param-value>2007</param-value>
</context-param>
<context-param>
<param-name>COPYRIGHT_TO_YEAR</param-name>
<param-value>2011</param-value>
</context-param>
<context-param>

<param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_MEMORY</param-name>

<param-value>512000</param-value>
</context-param>
<context-param>

<param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_DISK_SPACE</param-name>

<param-value>104857600</param-value>
</context-param>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>oracle.communications.inventory.api.framework.listener.ContextListener</listener-class>
</listener>
<listener>
<listener-class>oracle.communications.inventory.ui.framework.IlogContextListener</listener-class>
</listener>

<listener>
<listener-class>
oracle.communications.inventory.cartridge.deploy.CartridgeInstallerServletContextListener
</listener-class>
</listener>
<persistence-context-ref>
<persistence-context-ref-name>persistence/EntityManager</persistence-context-ref-name>
<persistence-unit-name>default</persistence-unit-name>
</persistence-context-ref>
<listener>
<listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
</listener>
<servlet>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.GraphServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGAUGESERVLET</servlet-name>
<servlet-class>oracle.adfinternal.view.faces.bi.renderkit.gauge.GaugeServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>MapProxyServlet</servlet-name>
<servlet-class>oracle.adfinternal.view.faces.bi.renderkit.geoMap.servlet.MapProxyServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>GatewayServlet</servlet-name>
<servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.FlashBridgeServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>media</servlet-name>
<servlet-class>oracle.communications.inventory.ui.media.servlet.MediaServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<url-pattern>/servlet/GraphServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGAUGESERVLET</servlet-name>
<url-pattern>/servlet/GaugeServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MapProxyServlet</servlet-name>
<url-pattern>/mapproxy/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/bi/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>GatewayServlet</servlet-name>
<url-pattern>/flashbridge/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>media</servlet-name>
<url-pattern>/media_image</url-pattern>
</servlet-mapping>
<resource-ref>
<res-ref-name>wm/ruleWorkManager</res-ref-name>
<res-type>commonj.work.WorkManager</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Unshareable</res-sharing-scope>
</resource-ref>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remove.anonymous.role</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>addAllRoles</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>jaas.mode</param-name>
<param-value>doasprivileged</param-value>
</init-param>
</filter>
<filter>
<filter-name>ADFLibraryFilter</filter-name>
<filter-class>oracle.adf.library.webapp.LibraryFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>ADFLibraryFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adflibResources</servlet-name>
<servlet-class>oracle.adf.library.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/InventoryUIShell</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>Controller</servlet-name>
<servlet-class>ilog.views.faces.IlvFacesController</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adflibResources</servlet-name>
<url-pattern>/adflib/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Controller</servlet-name>
<url-pattern>/_contr/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsff</url-pattern>
<is-xml>true</is-xml>
</jsp-property-group>
</jsp-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>allPages</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Unsecured resources</web-resource-name>
<url-pattern>/images/</url-pattern>
<url-pattern>*.png</url-pattern>
<url-pattern>*.gif</url-pattern>
<url-pattern>*.jpg</url-pattern>
<url-pattern>*.jpeg</url-pattern>
<url-pattern>*.bmp</url-pattern>
<url-pattern>*.css</url-pattern>
<url-pattern>*.js</url-pattern>
<url-pattern>/css/*</url-pattern>
<url-pattern>/afr/blank.html</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/faces/login.jspx</form-login-page>
<form-error-page>/faces/error.jspx</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
<welcome-file-list>
<welcome-file>/faces/InventoryUIShell</welcome-file>
</welcome-file-list>
</web-app>

hi
this can be done using a simple "Servlet Filters" which will check whether the user session is valid or not. so for every connect to the server the filter runs and redirects to the login page if the session has expired. here you can configure your filter to be activated for every URL or a patterns of urls.
u need servlet2.3 supported server for this.
hope this helps
shrini
I have an business j2ee application run on oc4j. When the session timeout declared on the web.xml expire, i want to redirect automaticaly the user to my login.jsp to force him to reconnect. I try j_security_chek, but i want to restart the business application at the top and not to the page which are request. Somebody know who i can do this mechanism. I try too special tag in jsp, this run very good but i have to repeate this call on every page. I look for an other simply mechanism to that
Thanks

"Session Timeout" on WebMail Today on a Win7 NetBook!!^$*^%^*#(*

I'm generally a low-maintenance Verizon home phone and dsl client but this is a major PITA. Wondering if it's my OS or browsers or the crappy new netmail site is just not working today.
Get the "Session Timeout" on everything associated with mail. Can access my home phone and dsl account profiles but zip on netmail on the "new" or even "classic" views. Get the pop-up to log back in and I do so, but NADA. Cleared cookies and history frlom both Firefox and IE8 and restarted. Disabled Norton 360. Nothing works.
I don't access netmail often, but I am on a biz trip this week. It's not the server. I can send/receive on this account on both an iPhone and the work Blackberry and just did test msgs on both a few minutes ago. But I need the netbook to send a couple of large word and excel files.
So for my 1st post I am thinking about raising the **bleep** flag on Verizon since 2 calls and a chat runaround got me nowhere today. They are basically indifferent or uninformed.
So are there any issues with Win7 (mine is still the starter version on the netbook) or is the site just down today? Or am I an idiot missing something that's very obvious ? Which is entirely possible.
Trout

I have been having the same problem. Never happened until a few months ago, and now happens all the time - once it times out once, that's it for the rest of the day, every subsequent login is immediately logged out again.
Can anyone explain to me the purpose of having "the community" ask each other how to solve this problem, when clearly it is a Verizon website issue?

Session timeout Hyperion Planning 4.0.1

Hello, <BR><BR>on our clients the planning-session times out after 3 minutes. I have set the session timeout setting for Apache Tomcat 4.1 in the File web.xml to the number 60, but the session already times out after 3 minutes. Can you help me?<BR><BR>Best regards, <BR>Rainer

This could be a setting on the network/intranet/internet at the client.<BR><BR>Had a similar problem at one of our clients and it was down to a 3 minute timeout on any request over the intranet.<BR><BR>Worth a check with the IT department on it.<BR><BR>Hope this helps.<BR><BR>Andy King<BR>www.analitica.co.uk

Session Timeout in weblogic 6.1 SP3-- Urgent

Hi
We are currently using weblogic 6.1 SP3 and iPlanet for our application. The session timeout in web.xml is set to 100 mins but the session doesn't timeout, i.e., we can still access the application without being locked out. How can I fix this??
What is happening is that a new session is being created automatically after the sesion timeout. our application doesn't validate the user.. the authentication is done by some PKI tokens. can that be the reason for this behavior??? If so, how can we fix it??

What is the heap size ? How many useres are hitting the system ? What is the approx size of the session? Turn on -verbose:gc and monitor the GC activity. Are the sessions really inactive ?
Make the timeout 30 secs and the InvalidationIntervalSecs to 20 secs and see if it makes a difference.
If you still have the same results attach the pofiler trace here. A test case would be good too.
Rakesh Aggarwal wrote:
We are running a J2EE servlet in Weblogic 6.1 SP3 on Windows NT. The test client to this servlet opens a new Http session on every request.
The server containing the servlet does not seem to be releasing memory associated with the session. The server eventually runs out of memory due to this. We verified this with a profiler tool. It shows Strings allocated with ServletRequestImpl.getSession() (weblogic.servlet.internal.session.RSID.getID()) not freed. We have set the session invalidation timeout to 1 min using:
1) session-timeout=1 in web.xml,
2) TimeoutSecs=60, InvalidationIntervalSecs=60 in weblogic.xml for the web-app containing the servlet.
We have also tried setting session.setMaxInactiveInterval(60secs) for the servlet. The latter setting does seem to work as verified from a UI client. We are wondering whether weblogic server is not cleaning up the session even after invalidating it.
We are not saving any reference to the Http session in our servlet. So we would think that the weblogic server should cleanp the inactive session after 1 min according to the above setting.
Any help regarding this will be sincerely appreciated. Thanks.
-Rakesh--
Rajesh Mirchandani
Developer Relations Engineer
BEA Support

ISE 1.1 - switch ignores "Session-Timeout"

hi all,
I'm playing around with ISE guest service and have some difficulty with Time Profiles.
After guest logs in, Radius attributes are sent to the switch (3750G) one of them is Session-Timeout which should be similar to 1h (DefaultOneHour)
According to ISE logs and switch debugs, ISE did it well and this attribute was sent but it seems that the switch simply ignores it.
May 24 07:03:11.658: %SEC-6-IPACCESSLOGP: list ACL-DEFAULT denied udp 10.1.100.194(1029) -> 10.1.100.2(389), 1 packet19:46:57: RADIUS: COA received from id 36 10.1.100.6:64700, CoA Request, len 18319:46:57: RADIUS/DECODE: parse unknown cisco vsa "reauthenticate-type" - IGNORE19:46:57: RADIUS/ENCODE(00000000):Orig. component type = Invalid19:46:57: RADIUS(00000000): sending19:46:57: RADIUS(00000000): Send CoA Ack Response to 10.1.100.6:64700 id 36, len 3819:46:57: RADIUS: authenticator 0B 30 6E 9B DF 97 0D A0 - D9 8B A5 5A 11 39 3E 4119:46:57: RADIUS: Message-Authenticato[80] 18 19:46:57: RADIUS:   11 42 82 E2 52 68 DF 28 CD 43 AE 88 0C 5D 91 10            [ BRh(C]]19:46:57: RADIUS/ENCODE(00000026):Orig. component type = Dot1X19:46:57: RADIUS(00000026): Config NAS IP: 0.0.0.019:46:57: RADIUS(00000026): Config NAS IPv6: ::19:46:57: RADIUS/ENCODE(00000026): acct_session_id: 2719:46:57: RADIUS(00000026): sending19:46:57: RADIUS/ENCODE: Best Local IP-Address 10.1.100.1 for Radius-Server 10.1.100.619:46:57: RADIUS(00000026): Send Access-Request to 10.1.100.6:1812 id 1645/25, len 26719:46:57: RADIUS: authenticator 6D 92 DC 77 87 47 DA 8E - 7D 6B DD DD 18 BE DC 3319:46:57: RADIUS: User-Name           [1]   14 "0016d329042f"19:46:57: RADIUS: User-Password       [2]   18 *19:46:57: RADIUS: Service-Type        [6]   6   Call Check                [10]19:46:57: RADIUS: Vendor, Cisco       [26] 31 19:46:57: RADIUS:   Cisco AVpair       [1]   25 "service-type=Call Check"19:46:57: RADIUS: Framed-IP-Address   [8]   6   10.1.100.194 19:46:57: RADIUS: Framed-MTU          [12] 6   1500 19:46:57: RADIUS: Called-Station-Id   [30] 19 "00-24-F9-2D-83-87"19:46:57: RADIUS: Calling-Station-Id [31] 19 "00-16-D3-29-04-2F"19:46:57: RADIUS: Message-Authenticato[80] 18 19:46:57: RADIUS:   AD EB 99 4A F2 B9 4E BB 2E B3 E2 04 BE 5B 0C 72             [ JN.[r]19:46:57: RADIUS: EAP-Key-Name        [102] 2   *19:46:57: RADIUS: Vendor, Cisco       [26] 49 19:46:57: RADIUS:   Cisco AVpair       [1]   43 "audit-session-id=0A01280100000016043E0D23"19:46:57: RADIUS: NAS-Port-Type       [61] 6   Ethernet                  [15]19:46:57: RADIUS: NAS-Port            [5]   6   50107 19:46:57: RADIUS: NAS-Port-Id         [87] 22 "GigabitEthernet1/0/7"19:46:57: RADIUS: Called-Station-Id   [30] 19 "00-24-F9-2D-83-87"19:46:57: RADIUS: NAS-IP-Address      [4]   6   10.1.100.1 19:46:57: RADIUS(00000026): Sending a IPv4 Radius Packet19:46:57: RADIUS(00000026): Started 5 sec timeout19:46:57: RADIUS: Received from id 1645/25 10.1.100.6:1812, Access-Accept, len 27219:46:57: RADIUS: authenticator F1 5F 57 72 FD 80 95 20 - 46 47 B5 CE DF 63 6E 1A19:46:57: RADIUS: User-Name           [1]   19 "[email protected]"19:46:57: RADIUS: State               [24] 40 19:46:57: RADIUS:   52 65 61 75 74 68 53 65 73 73 69 6F 6E 3A 30 41 [ReauthSession:0A]19:46:57: RADIUS:   30 31 32 38 30 31 30 30 30 30 30 30 31 36 30 34 [0128010000001604]19:46:57: RADIUS:   33 45 30 44 32 33            [ 3E0D23]19:46:57: RADIUS: Class               [25] 49 19:46:57: RADIUS:   43 41 43 53 3A 30 41 30 31 32 38 30 31 30 30 30 [CACS:0A012801000]19:46:57: RADIUS:   30 30 30 31 36 30 34 33 45 30 44 32 33 3A 69 73 [00016043E0D23:is]19:46:57: RADIUS:   65 2F 31 32 34 30 33 36 37 39 31 2F 32 39 37   [ e/124036791/297]19:46:57: RADIUS: Session-Timeout     [27] 6   2940 19:46:57: RADIUS: Termination-Action [29] 6   0 19:46:57: RADIUS: Message-Authenticato[80] 18 19:46:57: RADIUS:   26 46 2C B6 75 95 AF 37 E6 3B B1 CB F2 70 E0 8D           [ &F,u7;p]19:46:57: RADIUS: Vendor, Cisco       [26] 72 19:46:57: RADIUS:   Cisco AVpair       [1]   66 "ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-Contractors-ACL-4fbcd736"19:46:57: RADIUS: Vendor, Cisco       [26] 42 19:46:57: RADIUS:   Cisco AVpair       [1]   36 "profile-name=Microsoft-Workstation"19:46:57: RADIUS(00000026): Received from id 1645/2519:46:57: RADIUS/DECODE: parse unknown cisco vsa "profile-name" - IGNOREMay 24 07:03:19.132: %MAB-5-SUCCESS: Authentication successful for client (0016.d329.042f) on Interface Gi1/0/7 AuditSessionID 0A01280100000016043E0D23May 24 07:03:19.132: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client (0016.d329.042f) on Interface Gi1/0/7 AuditSessionID 0A01280100000016043E0D23May 24 07:03:19.140: %EPM-6-POLICY_REQ: IP 10.1.100.194| MAC 0016.d329.042f| AuditSessionID 0A01280100000016043E0D23| AUTHTYPE DOT1X| EVENT APPLYMay 24 07:03:19.165: %EPM-6-AAA: POLICY xACSACLx-IP-Contractors-ACL-4fbcd736| EVENT DOWNLOAD-REQUEST19:46:57: RADIUS/ENCODE(00000000):Orig. component type = Invalid19:46:57: RADIUS(00000000): Config NAS IP: 0.0.0.019:46:57: RADIUS(00000000): sending19:46:57: RADIUS/ENCODE: Best Local IP-Address 10.1.100.1 for Radius-Server 10.1.100.619:46:57: RADIUS(00000000): Send Access-Request to 10.1.100.6:1812 id 1645/26, len 14419:46:57: RADIUS: authenticator 1A 52 18 C5 25 A7 5C DC - 29 C9 5C 7C C5 B3 FC 5819:46:57: RADIUS: NAS-IP-Address      [4]   6   10.1.100.1 19:46:57: RADIUS: User-Name           [1]   38 "#ACSACL#-IP-Contractors-ACL-4fbcd736"19:46:57: RADIUS: Vendor, Cisco       [26] 32 19:46:57: RADIUS:   Cisco AVpair       [1]   26 "aaa:service=ip_admission"19:46:57: RADIUS: Vendor, Cisco       [26] 30 19:46:57: RADIUS:   Cisco AVpair       [1]   24 "aaa:event=acl-download"19:46:57: RADIUS: Message-Authenticato[80] 18 19:46:57: RADIUS:   2B 6B 13 37 0D 25 11 E9 6A 56 35 D8 91 9F EF F0           [ +k7?jV5]19:46:57: RADIUS(00000000): Sending a IPv4 Radius Packet19:46:57: RADIUS(00000000): Started 5 sec timeoutMay 24 07:03:19.191: %SEC-6-IPACCESSLOGP: list ACL-DEFAULT denied tcp 10.1.100.194(2125) -> 10.1.100.6(8443), 1 packet19:46:57: RADIUS: Received from id 1645/26 10.1.100.6:1812, Access-Accept, len 35919:46:57: RADIUS: authenticator 31 B0 73 93 CA 0E 5C 7C - 11 29 AA 57 6C A1 53 D819:46:57: RADIUS: User-Name           [1]   38 "#ACSACL#-IP-Contractors-ACL-4fbcd736"19:46:57: RADIUS: State               [24] 40 19:46:57: RADIUS:   52 65 61 75 74 68 53 65 73 73 69 6F 6E 3A 30 61 [ReauthSession:0a]19:46:57: RADIUS:   30 31 36 34 30 36 30 30 30 30 30 30 35 44 34 46 [0164060000005D4F]19:46:57: RADIUS:   42 44 44 44 33 37            [ BDDD37]19:46:57: RADIUS: Class               [25] 49 19:46:57: RADIUS:   43 41 43 53 3A 30 61 30 31 36 34 30 36 30 30 30 [CACS:0a016406000]19:46:57: RADIUS:   30 30 30 35 44 34 46 42 44 44 44 33 37 3A 69 73 [0005D4FBDDD37:is]19:46:57: RADIUS:   65 2F 31 32 34 30 33 36 37 39 31 2F 32 39 38   [ e/124036791/298]19:46:57: RADIUS: Termination-Action [29] 6   1 19:46:57: RADIUS: Message-Authenticato[80] 18 19:46:57: RADIUS:   80 EF 5B 80 76 F1 C9 37 0B 25 34 37 10 57 CC 44          [ [v7?47WD]19:46:57: RADIUS: Vendor, Cisco       [26] 47 19:46:57: RADIUS:   Cisco AVpair       [1]   41 "ip:inacl#1=permit udp any any eq domain"19:46:57: RADIUS: Vendor, Cisco SW3750-1# [26] 48 19:46:57: RADIUS:   Cisco AVpair       [1]   42 "ip:inacl#2=permit ip any host 10.1.100.6"19:46:57: RADIUS: Vendor, Cisco       [26] 57 19:46:57: RADIUS:   Cisco AVpair       [1]   51 "ip:inacl#3=deny ip any 10.0.0.0 0.255.255.255 log"19:46:57: RADIUS: Vendor, Cisco       [26] 36 19:46:57: RADIUS:   Cisco AVpair       [1]   30 "ip:inacl#4=permit ip any any"19:46:57: RADIUS(00000000): Received from id 1645/26May 24 07:03:19.216: %EPM-6-AAA: POLICY xACSACLx-IP-Contractors-ACSW3750-1#SW3750-1#SW3750-1#L-4fbcd736| EVENT DOWNLOAD-SUCCESSMay 24 07:03:19.216: %EPM-6-POLICY_APP_SUCCESS: IP 10.1.100.194| MAC 0016.d329.042f| AuditSessionID 0A01280100000016043E0D23| AUTHTYPE DOT1X| POLICY_TYPE Named ACL| POLICY_NAME xACSACLx-IP-Contractors-ACL-4fbcd736| RESULT SUCCESSMay 24 07:03:20.147: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0016.d329.042f) on Interface Gi1/0/7 AuditSessionID 0A01280100000016043E0D2319:46:58: RADIUS/ENCODE(00000026):Orig. component type = Dot1X19:46:58: RADIUS(00000026SW3750-1#SW3750-1#SW3750-1#SW3750-1#): Config NAS IP: 0.0.0.019:46:58: RADIUS(00000026): Config NAS IPv6: ::19:46:58: RADIUS/ENCODE: Best Local IP-Address 10.1.100.1 for Radius-Server 10.1.100.619:46:58: RADIUS(00000026): Sending a IPv4 Radius Packet19:46:58: RADIUS(00000026): Started 5 sec timeout19:46:58: RADIUS: Received from id 1646/35 10.1.100.6:1813, Accounting-response, len 38SW3750-1#
SW3750-1#sh authe sess int g 1/0/7 Interface: GigabitEthernet1/0/7 MAC Address: 0016.d329.042f IP Address: 10.1.100.194 User-Name: [email protected] Status: Authz Success Domain: DATA Security Policy: Should Secure Security Status: Unsecure Oper host mode: multi-auth Oper control dir: both Authorized By: Authentication Server Vlan Group: N/A ACS ACL: xACSACLx-IP-Contractors-ACL-4fbcd736 Session timeout: N/A Idle timeout: N/A Common Session ID: 0A01280100000016043E0D23 Acct Session ID: 0x0000001B Handle: 0x2F000017Runnable methods list: Method   State mab      Authc Success dot1x    Not runSW3750-1#
Has anyone encountered similar thing?
I tried 12.2(58) and now Im testing
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 15.0(1)SE2, RELEASE SOFTWARE (fc3)
but in both cases it is similar.
regards
Przemek

Hi Sebastian,
thx a lot those 2 commands solved the issue, my mistake. Now I can see remaining time for the session
SW3750-1#sh auth sess int g1/0/7 Interface: GigabitEthernet1/0/7 MAC Address: 0016.d329.042f IP Address: 10.1.100.194 User-Name: [email protected] Status: Authz Success Domain: DATA Security Policy: Should Secure Security Status: Unsecure Oper host mode: multi-auth Oper control dir: both Authorized By: Authentication Server Vlan Group: N/A ACS ACL: xACSACLx-IP-Contractors-ACL-4fbcd736 Session timeout: 28800s (server), Remaining: 28780s Timeout action: Terminate Idle timeout: N/A Common Session ID: 0A012801000000221DE0F555 Acct Session ID: 0x0000002B Handle: 0x99000023Runnable methods list: Method   State mab      Authc Success dot1x    Not run
regards
Przemek

WLCS 4402 Client Session Timeout

Similar Messages

Maybe you are looking for