Can anyone throw any light on this track:I see many errors in the ACS 5.1(or 5.3) :5411 EAP session timed out..Becasue I checked the "remember my username and password everytime login" in the wireless network properties, and I can succeed to login finally. but in the ACS will see many errors like ”5411 EAP session timed out“
Your WLC is basically seeing the same timeout that ACS is.
Fri Apr 13 16:09:36 2012: 58:1f:aa:8f:ea:44 Entering Backend Auth Req state (id=223) for mobile 58:1f:aa:8f:ea:44
Fri Apr 13 16:09:36 2012: 58:1f:aa:8f:ea:44 Sending EAP Request from AAA to mobile 58:1f:aa:8f:ea:44 (EAP Id 223)
Fri Apr 13 16:10:06 2012: 58:1f:aa:8f:ea:44 802.1x 'timeoutEvt' Timer expired for station 58:1f:aa:8f:ea:44
Fri Apr 13 16:10:06 2012: 58:1f:aa:8f:ea:44 Retransmit 1 of EAP-Request (length 69) for mobile 58:1f:aa:8f:ea:44
Fri Apr 13 16:10:11 2012: 58:1f:aa:8f:ea:44 Association received from mobile on AP 00:18:74:f9:d3:70
The WLC sent the EAP Request to the mobile at 16:09:36 and waited 30 seconds. It then sends the request again at 16:10:06, still no response for the client but 5 seconds later the client goes and does a new Association (starting over).
So I would start by decreasing your EAP Timers (config advanced eap eap-request-timeout ....... [syntax might be a little different]?). The Eap-Request timer is 30 seconds and you could get away with it only being a few seconds (honestly even 1 second is fine in my opiinion). NOTE: we are talking about eap-request, not eap-identity-request.....
The big question is if your client is just truely ignoring the eap-request or if it is not reaching the client...... Either way, you might see a world of difference by decreasing the timeout (so a new one gets to the client before it sits there in limbo for 30 seconds)