reAuthWhen: how to modify or bypass it ???

Unanswered Question
Jan 9th, 2008
User Badges:

We are running a WiSM version 4.2 and we are facing a big issue regarding regular (each 30mn.) deconnections.

After lot of debug and trace, we have found it is due to the WiSM which is asking APs to re-authenticate (802.1x dynamic WEP) when the timer reAuthWhen(1800sec=30mn.) has expired for each PC connection!

Then the re-authentication process restart and loops a huge number of times, that can conclude to a complete authentication failure because our RADIUS ACS server becomes overloaded.

Consequently the PC stays disconnected!

This is why we would like to determine how to bypass or change this reAuthWhen timer, and to know if it is manageable by the WiSM or dependant of each PC...

Thanks a lot for expert help ;-)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)

Hey Herve,

The key regeneration should occur in the background between the client and ACS once the initial full 802.1x state machine takes place in a non-roaming scenario. This is how I understand the Session Timeout. Are you seeing the controller deauth active associations and not properly re-broker the full 802.1x state machine for non-roaming clients? What debug did you run to validate this? What does the output look like?


--Bruce Johnson

We had a customer who encountered thsi problem and they were able to fix it by adjusting the re-authentication timeout value.

However, be advised that changing this value on the WCS had no effect on the wireless LAN controller and it had to be changed on the controller itself.

I thought that this had been fixed in version 4.2, but you may want to check to make sure it is actually getting changed in your WiSM.

- John

(Please remember to rate helpful posts)

pirateoftheairwaves Mon, 02/18/2008 - 22:06
User Badges:

Change the session timeout to max 86400 secs = 24 hours. works with me... only with guests, we limit it to 3-5 hours.


This Discussion



Trending Topics - Security & Network