cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco announces new innovations in SD-WAN, ISRs, SD-WAN Services, and Catalyst 9000 Series switches


129
Views
5
Helpful
3
Replies
Beginner

Wireless authentication and association timeout

Greetings,

Before client association occurs, is there a timeout value for a client to be authenticated with the AP? This will be the step before the user is authenticated using EAP... 

so lets say the authentication open seq is sent by the AP and nothing is heard back, how long will it take for the AP to reset the connection to the client?

Also, do we have a timeout value for the steps to follow after this? The client is authenticated but association hasn't completed, how long would the AP wait for the client to respond? 

 

Thanks

3 REPLIES
Highlighted
Hall of Fame Master

Re: Wireless authentication and association timeout

There are radius timers which you can change. So depending what values you set, will determine when the controller will reset the association.
-Scott
*** Please rate helpful posts ***
Contributor

Re: Wireless authentication and association timeout

Client starts probe request (10ms per request if no response), followed with probe response from AP, followed with open authentication (can also do WEP) this is unicast communication to specific AP followed by an acknowledgement, followed by association request and response (Again Unicast) eventually obtaining an Association ID, till this stage any failure will be presented with a Status code 0-9 for success or failure result, you should be able to see this in capture.

post this Client will Start EAP communication with WLC and WLC will indeed talk Radius to AAA, there are timers here for EAP between controller and client, timers and retires are show below

(Cisco Controller) >show advanced eap
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
EAP-Broadcast Key Interval....................... 3600

 

For Radius timeout can vary default in most cases in 5 sec.

 

All these are configurable parameters.

-Rate helpful posts-
Beginner

Re: Wireless authentication and association timeout

Thanks Ammahend,

 

Do you know what the timeout is in the first phase? probe is send and is heard but then the client isnt heard of, how long would the AP wait for a response before resetting the session?

With EAP, the user now needs to enter a password and be authenticated either through radius or other methods. If the client does not respond at this stage or if the client takes too long to put in his/her key, the AP would keep the session for 30 seconds and then reset?

 

Thanks

CreatePlease to create content
This widget could not be displayed.
Ask the Expert- DMVPN on Cisco routers