Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
24962
Views
11
Helpful
32
Replies

802.1x Session Re-authentication timeout and DHCP

Go to solution
kanansimpson
Level 1
Level 1

‎01-20-2016 11:39 AM - edited ‎07-05-2021 04:31 AM

Hello,

Has anyone experienced an issue with wireless client IP renewal on a 802.1x enabled WLAN/SSID when the Re-authentication timeout occurs?

Here is the issue..

I have a dot1x enabled WLAN. I have some wireless clients (a mixture/not the same) that will lose it's IP address after the Re-authentication timeout occurs. When this occurs, the client remains connected to the ap but will eventually show an APIPA address. I have enabled client debug on the the WLC and see that the client reauth logs after the timeout occurs. I know the reauth is fine (Client remains connected to ap). I've done several pcaps and it indicates that the DHCP server is receiving the Discover packet and replying with the Offer. However, the last place I see the offer packet is at the WLC up link port. From there, its not getting to the client to complete the process.

By default, the Re-authentication timeout is configured for 30 mins (or 1800 secs). As a work around, I've increase the Re-authentication timeout value to 12 hours. A 30 minute disconnect is not acceptable.

Has anyone experienced this issue or know anything about it?

Thanks Kindly.

4 people had this problem
Labels:
0 Helpful
32 Replies 32

Go to solution
Ara
Level 1
Level 1

‎01-19-2018 10:19 AM

What was finally causing the issue and what was the fix?

Thanks,

0 Helpful

Go to solution
Sam Brynes
Level 1
Level 1
In response to Ara

‎08-09-2019 02:00 AM

I"d like to know too. Time to spill the beans! :)

0 Helpful

Go to solution
jonas
Level 1
Level 1

‎10-06-2020 01:45 AM

Disabling the session timer entirely on the SSID solves this in my case.  Disabling the DHCP required option, also solves this issue and is perhaps a better workaround.  It does seem as though something is wrong/different with the DHCP process for some specific clients, during re-auth.  In my case it is typically Linux operating systems that behave this way, where IP is registered as 0.0.0.0 in the WLC and only a reboot of the device, brings the device online again with an IP address, until session timer again forces the client to re-auth with 4 way handshake and then fails.  Still no understanding why this happens.  I definately prefer to have session timer and DHCP required enabled. By the way, I am not using DHCP proxy in the WLC, just pure layer 2 bridging.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card