cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
778
Views
0
Helpful
5
Replies

Root AP Deauthenticating WGB-Clients after 6 minutes of inactivity

smamedov
Level 1
Level 1

Hi , i have 2 1260 Access points one is in root mode , one is wgb mode. Authentication is EAPFAST. There are 5 devices connected via WGB bridge to the rest of the network.

- If clients are sending some data , then WGB AP announces this client mac via IAPP to root AP and rest of the network sees them correctly

- If clients are "passive" , then after WBG AP announces them to root AP , they timeout after 6 minutes on root AP and obviously they are not pingable from the rest of the network. The only way to restore connectivity is to ping that device from WGB AP, then WGB AP announces via IAPP to root AP , then and only then they become visible from the rest of the network.

My question is related to this 6 minute timeout on root AP . Is it normal behaviour ?

5 Replies 5

Richard Atkin
Level 4
Level 4

It is normal behaviour yes. It's been a while since I played with IOS Bridges / WBGs, but I think there's a fix for this in later software releases where you can extend that timeout value to a much longer period, and so your Clients can go for longer periods without passing traffic before they get flushed.

HTH,

Richard

Do you remember what version of IOS and what timer is responsible for that? Cause i have 12.4.25d.JA1 and played with almost each and every timer available.

Sent from Cisco Technical Support iPhone App

Try this;

configure terminal

bridge bridge-group-number aging-time seconds

where bridge-group-number is a value between 1 and 255, and seconds is a value between 10 and 1,000,000 seconds. Cisco recommends configuring the seconds parameter to a value greater than the wired client's idle period.

You also need to check that your WIRED network has a similar configuration and that it doesn't forget where these MAC Addresses are.

smamedov
Level 1
Level 1

I tried this timer, but it didn't help. I think this timer is related to bridge mac table expiration, and that's not the one which expires in 6 minutes

Sent from Cisco Technical Support iPhone App

You need to configure a static arp in the L3:

arp type

If you do a show dot11 association on bot the WGB and the root, you don't see an arp entry on the root AP side correct? If so, the fix is usually configuring a static arp entry since your fix right now is to ping the ip from the WGB. Give it a try and hopefully it works. A code upgrade might help too if your running an older code version.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: