Session Timeout and User Idle Timeout

Session Timeout:

Force the client to re-authenticate when the timer expires.

*osapiBsnTimer: Sep 07 16:26:52.365: yy:yy:yy:yy:yy:yy apfMsExpireCallback (apf_ms.c:645) Expiring Mobile!
*apfReceiveTask: Sep 07 16:26:52.365: yy:yy:yy:yy:yy:yy apfMsExpireMobileStation (apf_ms.c:7846) Changing state for mobile yy:yy:yy:yy:yy:yy on AP xx:xx:xx:xx:xx:xx from Associated to Disassociated
*apfReceiveTask: Sep 07 16:26:52.365: yy:yy:yy:yy:yy:yy Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds
*osapiBsnTimer: Sep 07 16:27:02.365: yy:yy:yy:yy:yy:yy apfMsExpireCallback (apf_ms.c:645) Expiring Mobile!
*apfReceiveTask: Sep 07 16:27:02.365: yy:yy:yy:yy:yy:yy Succesfully freed AID 1, slot 0 on AP xx:xx:xx:xx:xx:xx, #client on this slot 0
*apfReceiveTask: Sep 07 16:27:02.365: yy:yy:yy:yy:yy:yy apfSendDisAssocMsgDebug (apf_80211.c:3735) Changing state for mobile yy:yy:yy:yy:yy:yy on AP xx:xx:xx:xx:xx:xx from Disassociated to Disassociated
*apfReceiveTask: Sep 07 16:27:02.365: yy:yy:yy:yy:yy:yy Sent Disassociate to mobile on AP xx:xx:xx:xx:xx:xx-0 on BSSID zz:zz:zz:zz:zz:zz(reason 1, caller apf_ms.c:7930)
*apfReceiveTask: Sep 07 16:27:02.365: yy:yy:yy:yy:yy:yy Setting active key cache index 8 —> 8
*apfReceiveTask: Sep 07 16:27:02.365: yy:yy:yy:yy:yy:yy Deleting the PMK cache when de-authenticating the client.
*apfReceiveTask: Sep 07 16:27:02.366: yy:yy:yy:yy:yy:yy Global PMK Cache deletion failed.
*apfReceiveTask: Sep 07 16:27:02.366: yy:yy:yy:yy:yy:yy Sent Deauthenticate to mobile on BSSID zz:zz:zz:zz:zz:zz slot 0(caller apf_ms.c:7938)
*apfReceiveTask: Sep 07 16:27:02.366: yy:yy:yy:yy:yy:yy apfMsAssoStateDec
*apfReceiveTask: Sep 07 16:27:02.366: yy:yy:yy:yy:yy:yy apfMsOpenStateDec
*apfReceiveTask: Sep 07 16:27:02.366: yy:yy:yy:yy:yy:yy apfMsExpireMobileStation (apf_ms.c:7996) Changing state for mobile yy:yy:yy:yy:yy:yy on AP xx:xx:xx:xx:xx:xx from Disassociated to Idle

User Idle Timeout:

Remove the client after it has been inactive for more than the threshold time. We can also set the traffic threshold. If the traffic threshold is not reached within the specified time, the client will be deleted.

*spamApTask2: Sep 07 16:43:09.457: yy:yy:yy:yy:yy:yy Received DELETE mobile, reasonCode MN_IDLE_TIMEOUT, deleteReason 4 from AP xx:xx:xx:xx:xx:xx, slot 0 …cleaning up mscb
*spamApTask2: Sep 07 16:43:09.457: yy:yy:yy:yy:yy:yy Succesfully freed AID 1, slot 0 on AP xx:xx:xx:xx:xx:xx, #client on this slot 0
*spamApTask2: Sep 07 16:43:09.457: yy:yy:yy:yy:yy:yy apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 4, reasonCode 4
*spamApTask2: Sep 07 16:43:09.457: yy:yy:yy:yy:yy:yy Scheduling deletion of Mobile Station: (callerId: 30) in 1 seconds
*osapiBsnTimer: Sep 07 16:43:10.369: yy:yy:yy:yy:yy:yy apfMsExpireCallback (apf_ms.c:645) Expiring Mobile!
*apfReceiveTask: Sep 07 16:43:10.369: yy:yy:yy:yy:yy:yy apfSendDisAssocMsgDebug (apf_80211.c:3735) Changing state for mobile yy:yy:yy:yy:yy:yy on AP xx:xx:xx:xx:xx:xx from Associated to Disassociated
*apfReceiveTask: Sep 07 16:43:10.369: yy:yy:yy:yy:yy:yy Sent Disassociate to mobile on AP xx:xx:xx:xx:xx:xx-0 on BSSID zz:zz:zz:zz:zz:zz(reason 4, caller apf_ms.c:7819)
*apfReceiveTask: Sep 07 16:43:10.369: yy:yy:yy:yy:yy:yy Client already in disassociated state, not sending disassociation
*apfReceiveTask: Sep 07 16:43:10.369: yy:yy:yy:yy:yy:yy Setting active key cache index 8 —> 8
*apfReceiveTask: Sep 07 16:43:10.369: yy:yy:yy:yy:yy:yy Deleting the PMK cache when de-authenticating the client.
*apfReceiveTask: Sep 07 16:43:10.369: yy:yy:yy:yy:yy:yy Global PMK Cache deletion failed.
*apfReceiveTask: Sep 07 16:43:10.370: yy:yy:yy:yy:yy:yy Sent Deauthenticate to mobile on BSSID zz:zz:zz:zz:zz:zz slot 0(caller apf_ms.c:7938)
*apfReceiveTask: Sep 07 16:43:10.370: yy:yy:yy:yy:yy:yy apfMsAssoStateDec
*apfReceiveTask: Sep 07 16:43:10.370: yy:yy:yy:yy:yy:yy apfMsOpenStateDec
*apfReceiveTask: Sep 07 16:43:10.370: yy:yy:yy:yy:yy:yy apfMsExpireMobileStation (apf_ms.c:7996) Changing state for mobile yy:yy:yy:yy:yy:yy on AP xx:xx:xx:xx:xx:xx from Disassociated to Idle

Interestingly, User Idle Timeout is timed by the AP and resets the timer every time RX/TX is received. When the timer expires, the WLC will be notified.

To view the User Idle Timeout timer, we can use the “show controllers dot11Radio 0/1 client” command. In the following example, we can see that Age is 79. We can see the changes of Age by executing the command multiple times.

AP1700#show controllers dot11Radio 0 client
—Clients 0 AID VLAN Status:S/I/B/A Age TxQ-R(A) Mode Enc Key Rate Mask Tx Rx BVI Split-ACL Client-ACL WebAuth-ACL L2-ACL
aaaa.aaaa.aaaa 1 2 30 40144 000 0FE 79 0-0 (0) 32B0 000 0-0 1EFFFFFF00000000000 010D 10C – – – – –
RxPkts KBytes Dup Dec Mic Txc TxPkts KBytes Retry RSSI SNR Fail BAfail
aaaa.aaaa.aaaa 182 16 9 0 0 0 36 3 93 50 40 0 0

References

Cisco Wireless Controller Configuration Guide, Release 8.3