Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

reAuthWhen: how to modify or bypass it ???

We are running a WiSM version 4.2 and we are facing a big issue regarding regular (each 30mn.) deconnections.

After lot of debug and trace, we have found it is due to the WiSM which is asking APs to re-authenticate (802.1x dynamic WEP) when the timer reAuthWhen(1800sec=30mn.) has expired for each PC connection!

Then the re-authentication process restart and loops a huge number of times, that can conclude to a complete authentication failure because our RADIUS ACS server becomes overloaded.

Consequently the PC stays disconnected!

This is why we would like to determine how to bypass or change this reAuthWhen timer, and to know if it is manageable by the WiSM or dependant of each PC...

Thanks a lot for expert help ;-)

4 REPLIES
Bronze

Re: reAuthWhen: how to modify or bypass it ???

Hey Herve,

The key regeneration should occur in the background between the client and ACS once the initial full 802.1x state machine takes place in a non-roaming scenario. This is how I understand the Session Timeout. Are you seeing the controller deauth active associations and not properly re-broker the full 802.1x state machine for non-roaming clients? What debug did you run to validate this? What does the output look like?

Thanks,

--Bruce Johnson

Silver

Re: reAuthWhen: how to modify or bypass it ???

We had a customer who encountered thsi problem and they were able to fix it by adjusting the re-authentication timeout value.

However, be advised that changing this value on the WCS had no effect on the wireless LAN controller and it had to be changed on the controller itself.

I thought that this had been fixed in version 4.2, but you may want to check to make sure it is actually getting changed in your WiSM.

- John

(Please remember to rate helpful posts)

Bronze

Re: reAuthWhen: how to modify or bypass it ???

Herve,

Looking at this again, it suggests a Broadcast Key Rotation issue between th AP and the controller. This would not involve the ACS per se, as I believe this is managed by the controller itself. The WLAN Session Timeout would seem to be the likely root cause.

Re: reAuthWhen: how to modify or bypass it ???

Change the session timeout to max 86400 secs = 24 hours. works with me... only with guests, we limit it to 3-5 hours.

311
Views
3
Helpful
4
Replies
CreatePlease to create content