It has been observed in many scenarios that when iOS device went to sleep mode/Locked, then connection gets disconnected and the user has to connect again.
This issue occurs because when the phone triggers to sleep mode/locked, WLC sends the de-auth to the client resulting in clearing the authentication cache for that iOS device/client. Hence, when the phone is unlocked, it needs to be re-authenticated with the CMX SSID. In this course, we get the pop-up and then get redirected to the CMX page. Here the main login page configured on CMX is bypassed if the login frequency is >0. However, we still get the success page saying, "You are now successfully connected".
The workaround to avoid the re-authentication is to enable ‘Sleeping Client’ feature in the WLANs
- Navigate to WLANs ->>Select particular WLAN->>Security ->>Layer 3
- Select Web Policy from Layer 3 Security.
- Select Radio button of Authentication
- Enable Slipping client by checking the box.
- By default, the slipping client timeout is 720 min. You can set the time from 10 Min to 43200 min.
This means that once the client becomes a sleeping client, the WLC will retain the entry for that client for the next 12 hours. If any client attempts to authenticate post the timeout, they will have to be authenticated again through CMX.
- Click on Apply.
Note: Please enable captive portal bypass which is a global parameter to avoid hitting a brick wall while authentication using the captive portal.
To do so, login to your controller CLI and run the following command:
(Cisco Controller) > config network web-auth captive-bypass enable
After running this, reboot your controller and run the following command.
(Cisco Controller) >show network summary
The output of this command will show:
Web Auth Captive-Bypass .................. Enable