A User Idle Timeout for the Wireless Clients!

Are you referring to clients authenticated using a splash page?

 

Wireless/Splash Pages/Splash Frequency

Clients authenticate with PSK!

If they are using WPA and PSK what is the point of having an idle timeout?  They will simply immediately re-associate since they are using an authenticated connection.

Hi Philip!

 

Sorry for the delay. Im talking about Apple IPhones! When they not longer active in the Wireless, they go automaticaly in sleep mode (maybe they deactivate the wireless?!). After reactivation of the Phone they have to login again with their credentials. Is there a posibility to configure an Idletimeout?

Alas this is a much complained about iOS security feature.  We can't change it, as Apple designed it to work that way.

Bro, I am facing the same issue with you.

Can I know the the version ID of the bug fix or the Meraki case ID for information? Many thanks!

I have talked with Meraki today, find out that this issue is caused by DCD enabled.

If you don't want the user to re-authentication again, you can find a function named "Enable data-carrier detect?" under the access control page. Disable it and will be fine!

*** Quote from Meraki ***
If data-carrier detect is enabled, sessions will be revoked and accounted for whenever a client disassociates from a network. To allow clients to reassociate to the network without re-authorization, do not enable data-carrier detect. See also RFC 2866 §5.10.
*******************************

Where is this DCD disable feature? on the phone, on the Meraki dashboard, etc?

 

thanks

DCD feature is under the Meraki Dashboad > Wireless > Access control.

 

For my environment, association requirements are open and splash page is using "Sign-on with my RADIUS".

 

L2 & L3 settingDCD feature

If DCD feature disable and client wireless signal didn't appear near Meraki AP, how long client need to re-authentication when client appear again ?

It should depends on what method that you choose for the authentication and the session expires or not.

 

If the session does not expires, there is no re-authentication requirement.

 

So, the client endpoint re-associate to the SSID within 2-3 sec.

 

Otherwise, the authentication method will affect the association time because of the network latency problem etc.

 

In my environment, I have choose Meraki Cloud for authentication.

 

First time, it takes around 12 sec and re-associate takes 2-3 sec (session does not expires).

But if session timeout (for example client leave and come back after 2 hours ), even disable DCD feature and also need to re-authentication ? or authentication method timeout > 2 hours and client didn't re-authentication again ?

 

My requirement is that authentication from RADIUS server and hope didn't re-authentication again in 1 day, even client leave and come back again.

In your case, you should configure the session timeout value in RADIUS no less than 24hrs.

Disable DCD will only made Meraki that not revoke the client in Meraki end.

 

With DCD enable + client session does not expire:

Endpoint re-associate after power saving mode > Meraki no client record due to DCD enabled > Contact with RADIUS for authentication > RADIUS finds endpoint does not expires in its DB and return successful page (client do NOT needs to key in username and password etc.) > Meraki contains endpoint records again.

 

As you see, there is no meaningful:

1. Contact RADIUS will extend the association time but no authentication requirement.

2. The successful page prompts out every time after power saving mode, bad user experience.

 

DCD cannot control RADIUS side, RADIUS gets own timer for each client session.

 

*** From DCD settings ***

If data-carrier detect is enabled, sessions will be revoked and accounted for whenever a client disassociates from a network. To allow clients to reassociate to the network without re-authorization, do not enable data-carrier detect. See also RFC 2866 §5.10.

***

Hi Arus,

 

Noted with very thanks.