Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PEAP ignores Session-Timeout


I use freeRADIUS to authenticate WLAN Clients. Traffic is encrypted with WPA and clients are authenticated with LEAP or PEAP.

The AP 1220 with IOS 12.3(8)JA2 works well and the configuration is the same for PEAP and LEAP.

The value "Session-Timeout" is simply ignored, wenn a client is authenticated with PEAP. Using LEAP instead, Session-Timeout takes affect and the client is reauthenticated e.g. every 20s.

- What have I done wrong?

- Is rekeying neccessary for WPA/PEAP clients?

Kind regards



Re: PEAP ignores Session-Timeout

Rekeying is not mandatory for WPA/PEAP clients

New Member

Re: PEAP ignores Session-Timeout

I think I will see the same problem.

I configured session timeout 3600 sek. with WPA2 and PEAP using Microsoft IAS as radius.

The rekeying is not mandatory with WPA2 because of the "good" encryption algorithm. But if I configure it I want to rekey. By the way microsoft defaults a session timeout of 8 hours so a rekey should occur.

When I remember 802.1x, so the authenticator (WLAN-Controller) should initiate the reauthentication. I don't see any rekeying on my radiusserver so I think the controller does not work well.

Has anyone some clarifications ?

Should a rekey occur because of session-timeout ?

Can I watch this on my radius server ?