Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
3
Helpful
4
Replies

reAuthWhen: how to modify or bypass it ???

herve.collignon
Level 1
Level 1

‎01-09-2008 01:46 AM - edited ‎07-03-2021 03:11 PM

We are running a WiSM version 4.2 and we are facing a big issue regarding regular (each 30mn.) deconnections.

After lot of debug and trace, we have found it is due to the WiSM which is asking APs to re-authenticate (802.1x dynamic WEP) when the timer reAuthWhen(1800sec=30mn.) has expired for each PC connection!

Then the re-authentication process restart and loops a huge number of times, that can conclude to a complete authentication failure because our RADIUS ACS server becomes overloaded.

Consequently the PC stays disconnected!

This is why we would like to determine how to bypass or change this reAuthWhen timer, and to know if it is manageable by the WiSM or dependant of each PC...

Thanks a lot for expert help

Labels:
0 Helpful
4 Replies 4

wififofum
Level 4
Level 4

‎01-10-2008 03:53 AM

Hey Herve,

The key regeneration should occur in the background between the client and ACS once the initial full 802.1x state machine takes place in a non-roaming scenario. This is how I understand the Session Timeout. Are you seeing the controller deauth active associations and not properly re-broker the full 802.1x state machine for non-roaming clients? What debug did you run to validate this? What does the output look like?

Thanks,

--Bruce Johnson

0 Helpful

johnruffing
Level 4
Level 4

‎02-04-2008 08:33 AM

We had a customer who encountered thsi problem and they were able to fix it by adjusting the re-authentication timeout value.

However, be advised that changing this value on the WCS had no effect on the wireless LAN controller and it had to be changed on the controller itself.

I thought that this had been fixed in version 4.2, but you may want to check to make sure it is actually getting changed in your WiSM.

- John

(Please remember to rate helpful posts)

0 Helpful

wififofum
Level 4
Level 4

‎02-16-2008 07:49 PM

Herve,

Looking at this again, it suggests a Broadcast Key Rotation issue between th AP and the controller. This would not involve the ACS per se, as I believe this is managed by the controller itself. The WLAN Session Timeout would seem to be the likely root cause.

0 Helpful

pirateoftheairwaves
Level 1
Level 1

‎02-18-2008 10:06 PM

Change the session timeout to max 86400 secs = 24 hours. works with me... only with guests, we limit it to 3-5 hours.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card