DescriptionWhy do I get prompted to re-authenticate to the Captive Portal after only a few minutes of inactivity on my iPhone/iPad?
ScopeKB ARTICLE TYPE: Troubleshooting
RELATED PRODUCTS: Controller
RELATED SOFTWARE VERSIONS: Fixed in 4.0-166, 5.1-81 and greater
KEYWORDS: 31680, Captive Portal, Walled-Garden, Sleep, Authenticate, L3 User' Session, Timeout, Deauth
SolutionIncrease the L3 User Session Timeout to a higher value (value is in minutes - Valid range 1-255). Go to the controller's SSL Server-Update page on the GUI = Configuration--->Captive Portal--->Select the SSL Server entry to display the page.
This is due to a bug (31680) in earlier versions of System Director before 4.0-166. The fix for this is in 4.0-166 and 5.1.81
(L3 User Session Timeout). The setting is located on the SSL
Server-Update page on the GUI: Configuration--->Captive
Portal--->Select the SSL Server entry to display the page.
In
general, the controller by default will keep the user's session up for
33 minutes of inactivity as long as the station is still connected to
the same SSID on the wireless network. If the user disconnects and
connects back to same SSID on the same controller within 60 seconds, no
re-authentication is required.
When the iPhone/iPad goes to sleep,
it shuts down its wireless card (aka airport). It disconnects from the
wireless network and occasionally enables the wireless radio if the
device is configured with push notifications or if configured to check
for emails at set intervals, etc.
Old Behavior prior to SD5.1:
If
the iPad goes to sleep/disconnect from the wireless network, and the
user connects back to the same SSID on the same Meru controller within a
minute or so, no re-authentication is required. However, if the user
does not connect within a minute they will be prompted for
authentication to the Captive Portal. This is because the controller
clears its authentication cache after a certain period of time from when
the client sends a de-auth packet because the station is no longer on
that network. During this time you should see an "SMM-Clear" message on
the station log.
New Feature to Change the old Behavior:
The
L3 User Session Timeout field is used for specific clients like the iOS
devices that have issues in which they de-authenticate upon entering
sleep mode. This field specifies that the controller will retain these
clients in memory for the specified number of minutes before the client
is dropped from the captive portal authentication state.
In-other-words,
when Macintosh clients go to sleep they send a de-auth packet that
causes the controller to clear the captive portal authentication state.
This results in the clients to be forced to re-authenticate frequently
when they come out of power save state. The L3 User Session Timeout
field has been added so that the authentication state of a client is
preserved until the L3 auth Session timeout value is exceeded. As a
result, the client is not forced to go through captive portal
authentication again if the client returns to the network within the
specified time period. Valid range 1 to 255 minutes.
