Cisco WLC does not respect the Expiration of a user on Radius server.
matthew.carriere at gmail.com
Thu Apr 30 21:28:25 CEST 2009
Yes the Session-Timeout is the value that is set and appears to be
sent to the Cisco WLC.
The problem is it completely ignores it, if I refresh and try to re-
authenticate it fails, but I still have access.
If I log out and then try it fails and I can't access the wireless.
It appears that my problem is terminating the session while it is
On 30-Apr-09, at 12:09 PM, Chris Moules wrote:
> I guess you are meaning that the WiFi session on the device is not
> I am not an expert in this area (I have not used the Expiration checks
> myself) but I guess that the Cisco will not care about this value. I
> assume that it is not even returned to it (Freeradius internal check
> value, not a return value?).
> You will probably want to look into the Session-Timout (and maybe
> Idle-Timeout) settings.
> If you are using sql you can probably calculate a dynamic
> Session-Timeout length based on (MySQL lingo) NOW() and the Expiration
> value. After this time the session (on the cisco) will end and the
> may try to re-login. The Expiration time will have passed and so it
> Matthew Carriere wrote:
>> Hi everyone,
>> I have a CISCO WLC that is configured to use a FreeRadius server as
>> authentication point.
>> Everything is working except the Expiration.
>> I set an Expiration value programatically from a Ruby script by
>> a record into the radcheck table:
>> UserName | Matthew
>> Attribute | Expiration
>> op | :=
>> Value | April 29 2009 02:14:48
>> Here's the scenario,
>> before the expiration date the user authenticates to the Radius
>> and then is able to use the Wireless (Cisco WLC). However, when the
>> expiration time passes, the user can no longer authenticate to the
>> radius server (which is correct), but they are still connected to the
>> Does anyone have some experience with this scenario to offer some
>> suggestions to help troubleshoot?
>> Matthew Carriere
>> List info/subscribe/unsubscribe? See
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
More information about the Freeradius-Devel