Webauth Sleeping Client

The Webauth Sleeping Client feature allows successfully authenticated devices to stay logged in for a configured period without re-authentication.

This module describes how to add a parameter map to configure the time until which the access switch remembers the sleeping client.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Restrictions for Webauth Sleeping Client

  • The MAC address of the device and the username or password is mapped. Once an entry is added to sleeping-client cache, all users of the device get the same policies that are stored in the cache. To use different policies, a user can force normal authentication by logging out. To log out, use http[s]://<Virtual IP/Virtual Host>/logout.html.

  • Mobility is not supported. If a device sleeps, wakes up, and gets associated with a different foreign controller, the device undergoes normal authentication on the foreign controller.

Information About Webauth Sleeping Client

Sleeping client cache

The Webauth Sleeping Client feature enables users to login once and not be disturbed with login forms for a configurable period. The details of the devices (sleeping clients) that need to be remembered are stored in the sleeping client cache.

Once a user authenticates successfully for the first time, an entry is added to the sleeping client cache and the sleeping client timer starts. If the authenticated device goes to sleep and wakes up, the service manager uses the web authentication method to check if there is an entry in the sleeping client cache for the mapped MAC address. If the entry is found, the authentication is run in the background using the stored credentials. If the authentication is successful, the sleeping client cache is updated and a logout access control list (ACL) is added. The logout ACL helps the client force normal authentication by logging out. In case the authentication fails with the stored credentials, the entry is deleted from the sleeping client cache.

If the service manager does not find any entry in the sleeping client cache for the mapped MAC address, normal authentication is performed. After successful authentication, an entry is added to the sleeping client cache and the sleeping client timer starts.

How to Configure Webauth Sleeping Client

Configuring Sleeping Client Timer

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    parameter-map type webauth {parameter-map-name | global}

    4.    sleeping-client [timeout time]

    5.    end

    6.    clear ip admission sleeping client {* | mac-address}

    7.    exit


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example: 
    Device> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.

     
    Step 2 configure terminal


    Example: 
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 parameter-map type webauth {parameter-map-name | global}


    Example: 
    Device(config)# parameter-map type webauth global
     

    Creates a parameter map and enters parameter-map webauth configuration mode.

     
    Step 4 sleeping-client [timeout time]


    Example: 
    Device(config-params-parameter-map)# sleeping-client timeout 60
     

    Configures the sleeping client timeout in minutes. Available range for the time argument is from 60 to 35791.

    Note   

    If you do not use the timeout keyword, the sleeping client is configured with the default timeout value of 720 minutes.

     
    Step 5 end


    Example: 
    Device(config-params-parameter-map)# end
     

    Exits parameter-map webauth configuration mode and returns to privileged EXEC mode.

     
    Step 6 clear ip admission sleeping client {* | mac-address}


    Example: 
    Device# clear ip admission sleeping client *
     

    Deletes all or specific MAC entries from the sleeping client cache.

     
    Step 7 exit


    Example: 
    Device# exit
     

    Exits privileged EXEC mode and returns to user EXEC mode.

     

    Verifying Sleeping Client Entries

    SUMMARY STEPS

      1.    enable

      2.    show ip admission sleeping-client

      3.    show ip admission cache


    DETAILED STEPS
      Step 1   enable

      Enables privileged EXEC mode.

      • Enter your password if prompted.



      Example: 
      Device> enable
      Step 2   show ip admission sleeping-client

      Displays the sleeping client database.



      Example: 
      Device# show ip admission sleeping-client

Sleeping-Client Cache
Total number of sleeping-client entries: 1
Client-mac Time-Remaining(min)
00e1.e1e1.0001 59
      Step 3   show ip admission cache

      Displays the sleeping client and normal client details. The sleeping client entries are prefixed with ^.



      Example: 
      Device# show ip admission cache

^Client MAC 00e1.e1e1.0001 Client IP 2001:DB8::1 IPv6 ::, State AUTHZ, Method Webauth

      Configuration Examples for Webauth Sleeping Client

      Example: Configuring Sleeping Client Timer

      Device> enable
Device# configure terminal
Device(config)# parameter-map type webauth global 
Device(config-params-parameter-map)# sleeping-client timeout 60
Device(config-params-parameter-map)# end
Device# clear ip admission sleeping client *
Device# exit

      Additional References for Webauth Sleeping Client

      Related Documents

      Related Topic

      Document Title

      Cisco IOS commands

      Cisco IOS Master Command List, All Releases

      Security commands

      Web authentication process

      "Managing Web Authentication" chapter in Cisco Wireless LAN Controller Configuration Guide

      Technical Assistance

      Description

      Link

      The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

      To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

      Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

      http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

      Feature Information for Webauth Sleeping Client

      The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

      Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

      Table 1 Feature Information for Webauth Sleeping Client

      Feature Name

      Releases

      Feature Information

      Webauth Sleeping Client

      Cisco IOS XE 3.7E

      The Webauth Sleeping Client feature allows successfully authenticated devices to stay logged in for a configured period without re-authentication.

      The following commands were introduced or modified: clear ip admission sleeping-client, show ip admission sleeping-client, show ip admission cache and sleeping client timeout.