PEAP ignores Session-Timeout

pwellmann · ‎08-22-2006

Hello,

I use freeRADIUS to authenticate WLAN Clients. Traffic is encrypted with WPA and clients are authenticated with LEAP or PEAP.

The AP 1220 with IOS 12.3(8)JA2 works well and the configuration is the same for PEAP and LEAP.

The value "Session-Timeout" is simply ignored, wenn a client is authenticated with PEAP. Using LEAP instead, Session-Timeout takes affect and the client is reauthenticated e.g. every 20s.

- What have I done wrong?

- Is rekeying neccessary for WPA/PEAP clients?

Kind regards

Peter

sbilgi · ‎08-28-2006

Rekeying is not mandatory for WPA/PEAP clients

alois.heilmaier · ‎09-07-2006

I think I will see the same problem.

I configured session timeout 3600 sek. with WPA2 and PEAP using Microsoft IAS as radius.

The rekeying is not mandatory with WPA2 because of the "good" encryption algorithm. But if I configure it I want to rekey. By the way microsoft defaults a session timeout of 8 hours so a rekey should occur.

When I remember 802.1x, so the authenticator (WLAN-Controller) should initiate the reauthentication. I don't see any rekeying on my radiusserver so I think the controller does not work well.

Has anyone some clarifications ?

Should a rekey occur because of session-timeout ?

Can I watch this on my radius server ?