01-09-2008 01:46 AM - edited 07-03-2021 03:11 PM
We are running a WiSM version 4.2 and we are facing a big issue regarding regular (each 30mn.) deconnections.
After lot of debug and trace, we have found it is due to the WiSM which is asking APs to re-authenticate (802.1x dynamic WEP) when the timer reAuthWhen(1800sec=30mn.) has expired for each PC connection!
Then the re-authentication process restart and loops a huge number of times, that can conclude to a complete authentication failure because our RADIUS ACS server becomes overloaded.
Consequently the PC stays disconnected!
This is why we would like to determine how to bypass or change this reAuthWhen timer, and to know if it is manageable by the WiSM or dependant of each PC...
Thanks a lot for expert help
01-10-2008 03:53 AM
Hey Herve,
The key regeneration should occur in the background between the client and ACS once the initial full 802.1x state machine takes place in a non-roaming scenario. This is how I understand the Session Timeout. Are you seeing the controller deauth active associations and not properly re-broker the full 802.1x state machine for non-roaming clients? What debug did you run to validate this? What does the output look like?
Thanks,
--Bruce Johnson
02-04-2008 08:33 AM
We had a customer who encountered thsi problem and they were able to fix it by adjusting the re-authentication timeout value.
However, be advised that changing this value on the WCS had no effect on the wireless LAN controller and it had to be changed on the controller itself.
I thought that this had been fixed in version 4.2, but you may want to check to make sure it is actually getting changed in your WiSM.
- John
(Please remember to rate helpful posts)
02-16-2008 07:49 PM
Herve,
Looking at this again, it suggests a Broadcast Key Rotation issue between th AP and the controller. This would not involve the ACS per se, as I believe this is managed by the controller itself. The WLAN Session Timeout would seem to be the likely root cause.
02-18-2008 10:06 PM
Change the session timeout to max 86400 secs = 24 hours. works with me... only with guests, we limit it to 3-5 hours.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide