Moment the Stop packet is received, the client is logged out.
What we noticed from the debug, on every roam event, there is an Acct-Start with new Session-ID for the new AP and an immediate stop packet for the old access point with Old Session-ID. Once an accounting stop is received, client is logged out and have to re-login to be able to browse. It later rely on accounting packets received from ZD to permit users to continue to browse internet. LightSpeed does client health check-ups initially and provided internet access to the users.
Customer was using Cloud Path for client onboarding and LightSpeed Server for Accounting. Troubleshooting Steps History:Ĭlients were reporting an issue of getting logged out on their content filter/firewall when they are roaming between AP’s. Using this, Accounting Server should be able to differentiate the two unique Acct-Session-ID’s 596B2BDE-1CCD7 and 596B2BDE-1CD0F and should only Stop the session for 596B2BDE-1CCD7 which is no longer active. The attribute used by the Content Filter/Accounting-Server should be unique as "t=Acct-Session-ID" and not like "t=Framed-IP-Address"(which is common in both packets). LightSpeed Content Filter Firewall used for Accounting, Root CauseThe problem was isolated to the attribute being used to monitor client as it roams from one AP to another. QuestionWhy users are prompted to re-login to the LightSpeed content filter while roaming from an AP to another Customer EnvironmentZD/APs running 9.12ĬloudPath Server used for Client Onboarding and Authentication,
LIGHTSPEED LOG OUT HOW TO
SummaryThis article explains why the clients would have to re-login to the LightSpeed content filter while roaming between AP's and how to resolve this issue.
0 kommentar(er)
