User Idle Timeout

frenz
Here to help

User Idle Timeout

Hi All!

 

Is it possible to configure a "User Idle Timeout"?

 

Have not found anything on the Dashboard.

 

BR

Wireless, what else?
17 Replies 17
PhilipDAth
Kind of a big deal
Kind of a big deal

And idle timeout for what, and what would this timeout achieve?

frenz
Here to help

A User Idle Timeout for the Wireless Clients!

Wireless, what else?
PhilipDAth
Kind of a big deal
Kind of a big deal

Are you referring to clients authenticated using a splash page?

 

Wireless/Splash Pages/Splash Frequency

Screenshot from 2017-12-19 22-18-41.png

frenz
Here to help

Clients authenticate with PSK!

Wireless, what else?
PhilipDAth
Kind of a big deal
Kind of a big deal

If they are using WPA and PSK what is the point of having an idle timeout?  They will simply immediately re-associate since they are using an authenticated connection.

frenz
Here to help

Hi Philip!

 

Sorry for the delay. Im talking about Apple IPhones! When they not longer active in the Wireless, they go automaticaly in sleep mode (maybe they deactivate the wireless?!). After reactivation of the Phone they have to login again with their credentials. Is there a posibility to configure an Idletimeout?

Wireless, what else?
PhilipDAth
Kind of a big deal
Kind of a big deal

Alas this is a much complained about iOS security feature.  We can't change it, as Apple designed it to work that way.

Trakmasters
New here

I had the same issue with a few nest thermostats on the mr34. I called meraki and relayed the problem, they push a fix to my AP  and I never had a problem again. I had the same issue, but not on my IOS devices. And we use enterprise for our iOS devices. There is nowhere in the dashboard to change this. 

Arus
Comes here often

Bro, I am facing the same issue with you.

Can I know the the version ID of the bug fix or the Meraki case ID for information? Many thanks!
Arus
Comes here often

I have talked with Meraki today, find out that this issue is caused by DCD enabled.

If you don't want the user to re-authentication again, you can find a function named "Enable data-carrier detect?" under the access control page. Disable it and will be fine!

*** Quote from Meraki ***
If data-carrier detect is enabled, sessions will be revoked and accounted for whenever a client disassociates from a network. To allow clients to reassociate to the network without re-authorization, do not enable data-carrier detect. See also RFC 2866 §5.10.
*******************************
cmazur
New here

Where is this DCD disable feature? on the phone, on the Meraki dashboard, etc?

 

thanks

Arus
Comes here often

DCD feature is under the Meraki Dashboad > Wireless > Access control.

 

For my environment, association requirements are open and splash page is using "Sign-on with my RADIUS".

 

L2 & L3 settingL2 & L3 settingDCD featureDCD feature

winer406
Comes here often

If DCD feature disable and client wireless signal didn't appear near Meraki AP, how long client need to re-authentication when client appear again ?

Arus
Comes here often

It should depends on what method that you choose for the authentication and the session expires or not.

 

If the session does not expires, there is no re-authentication requirement.

 

So, the client endpoint re-associate to the SSID within 2-3 sec.

 

Otherwise, the authentication method will affect the association time because of the network latency problem etc.

 

In my environment, I have choose Meraki Cloud for authentication.

 

First time, it takes around 12 sec and re-associate takes 2-3 sec (session does not expires).

winer406
Comes here often

But if session timeout (for example client leave and come back after 2 hours ), even disable DCD feature and also need to re-authentication ? or authentication method timeout > 2 hours and client didn't re-authentication again ?

 

My requirement is that authentication from RADIUS server and hope didn't re-authentication again in 1 day, even client leave and come back again.

Arus
Comes here often

In your case, you should configure the session timeout value in RADIUS no less than 24hrs.

Disable DCD will only made Meraki that not revoke the client in Meraki end.

 

With DCD enable + client session does not expire:

Endpoint re-associate after power saving mode > Meraki no client record due to DCD enabled > Contact with RADIUS for authentication > RADIUS finds endpoint does not expires in its DB and return successful page (client do NOT needs to key in username and password etc.) > Meraki contains endpoint records again.

 

As you see, there is no meaningful:

1. Contact RADIUS will extend the association time but no authentication requirement.

2. The successful page prompts out every time after power saving mode, bad user experience.

 

DCD cannot control RADIUS side, RADIUS gets own timer for each client session.

 

*** From DCD settings ***

If data-carrier detect is enabled, sessions will be revoked and accounted for whenever a client disassociates from a network. To allow clients to reassociate to the network without re-authorization, do not enable data-carrier detect. See also RFC 2866 §5.10.

***

winer406
Comes here often

Hi Arus,

 

Noted with very thanks.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels