show advanced eap : Cisco 7925G

Answered Question
Jun 2nd, 2009
User Badges:

Hi Guys,


The 7925 deployment guide shows that you should set the :


EAP-Request Timeout (seconds)................... 20



www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf



It says the default is 2 secs, but mine on version 4.2.176.0 is 10 seconds.


Should I change this?


Also, it says to use 802.1x+CCKM, but I am using just CCKM.


Again, any issues with this?


Also, does anyone know what the phone skinny timeout would be, if the phone goes out of range? We get a lot of issues with people getting in the lift, and then the phone goes to the "registering" phase with CUCM and takes approx 30 seconds to get back online ? aghhhrrr :(


Many thx indeed for the help,


Kind regards,

Ken

Correct Answer by migilles about 8 years 1 month ago

The default used to be 2 seconds, but is 30 seconds in the latest WLC versions.

This is primarily for when using EAP-FAST as it must download a PAC from the RADIUS server and 2 seconds is not long enough. The default setting on the Cisco ACS is 20 seconds.


Using just CCKM is just mandating that the client must support CCKM to associate. CCKM only is fine.

A SCCP Keepalive packet is sent every 30 seconds and the timeout is after 3 attempts, so 90 seconds.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
kfarrington Wed, 06/03/2009 - 06:05
User Badges:

Also, one more snippet I have found out.


On the Cisco ACS


"AP EAP request timeout"


Is this the equivilent of the


"EAP-Request Timeout (seconds)................... 20

"


on the WLC? and should they be equal?


Many thx to all,

Ken

Correct Answer
migilles Thu, 06/04/2009 - 17:24
User Badges:
  • Cisco Employee,

The default used to be 2 seconds, but is 30 seconds in the latest WLC versions.

This is primarily for when using EAP-FAST as it must download a PAC from the RADIUS server and 2 seconds is not long enough. The default setting on the Cisco ACS is 20 seconds.


Using just CCKM is just mandating that the client must support CCKM to associate. CCKM only is fine.

A SCCP Keepalive packet is sent every 30 seconds and the timeout is after 3 attempts, so 90 seconds.

Actions

This Discussion