Requirement:Prior to 4.2, once a client connects to AP, the AP will keep its information for a period of time, which can be configured by using the CLI inactivity-timeout 1000. If the client has not received any messages from or transmitted to the AP within this period, the AP will clear all the information about this client, without letting the client know.
Hence a new knob "explicit-ageout-client " is introduced in 4.2 code.
Solution:•In 4.2, an additional knob is introduced such that by enabling this knob, before the AP clears out the client’s information, it will send a de-authentication message to the client.
This feature is disabled by default.
Configuration:CLI:
wlan ssid-profile test
explicit-ageout-client
end
commit apply
Verification
# show run
wlan ssid-profile test
enable
index 2
type guest
essid test
opmode opensystem
max-authentication-failures 0
vlan guest
auth-server Clearpass
set-role-pre-auth Preauth
rf-band all
captive-portal external profile Clearpass166
dtim-period 1
inactivity-timeout 1000
explicit-ageout-client <===========================
broadcast-filter arp
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
auth-survivability cache-time-out 24