Solved: Client drops - Tuning EAP timers? - Page 2

emily00001 · ‎03-13-2015

I have had some clients complaining (laptop users) about being dropped from the WiFi and this appears to correlate with the events in the WLC log for DOT1X-4-MAX_EAPOL_KEY_RETRANS for those clients.

Drops are more frequent when the network and neighbours networks are under load during the day.

What would your advice be on tuning this? I based my settings off a guide found here:

https://supportforums.cisco.com/document/46101/eap-timers-wireless-lan-controllers

The way I interpret this is that the settings present a bit of a tradeoff between the risk of being dropped and the time it takes to get back in if you are dropped.

We have a WLC 2500 with 2700 APs running 7.6.130.0.

Below are the current settings that we have set:

Edit: Table did not paste correctly

Local Auth Active Timeout1 (in secs) "300"

Identity Request Timeout (in secs) "5"

Identity request Max Retries "12"

Dynamic WEP Key Index "0"

Request Timeout (in secs) "30"

Request Max Retries "2"

Max-Login Ignore Identity Response "enable"

APOL-Key Timeout (in milliSeconds) "1000"

EAPOL-Key Max Retries "2"

EAP-Broadcast Key Interval(in secs) "3600"

Local Auth Active Timeout¹ (in secs)
Identity Request Timeout (in secs)
Identity request Max Retries
Dynamic WEP Key Index
Request Timeout (in secs)
Request Max Retries
Max-Login Ignore Identity Response
EAPOL-Key Timeout (in milliSeconds)
EAPOL-Key Max Retries
EAP-Broadcast Key Interval(in secs)

Scott Fella · ‎03-28-2015

There are know issues with Apple on controller code v7.6.100.0-v7.6.120.0. There are current stability issue with Yosemite and iOS code. You can find more info on Apple forms regarding that.

-Scott

-Scott
*** Please rate helpful posts ***

emily00001 · ‎03-29-2015

That's good to know. I have controller code 7.6.130.0 running but maybe upgrading that could be a good idea even if this isn't a known problem with this version.

Also I've heard of the OSX issues but since users don't report them after office hours when the network and neighbours networks have lighter load (we still have a considerable number of users working late), I'm not sure if that matches with the OSX issue? Maybe that's an omission on part of those reports that they are more frequent in noisy environments.

Scott Fella · ‎03-29-2015

I wouldn't upgrade to v8.0.x, but that's me. Look at optimizing your wireless to be honest and know of what client devices have issues, because there is only so much you can do to help with stability. The fix would be by the manufacture of the NIC drivers.

-Scott

-Scott
*** Please rate helpful posts ***

emily00001 · ‎03-29-2015

Well, we had some success with adjusting AP positions and then changing Identity Request Timeout (30 to 5) and Identity request Max Retries (2 to 12). The majority of users in polls have described themselves as very satisfied both before and after these changes with both changes resulting in in notable improvements for some of the users that weren't as satisfied.

From the users having issues I can normally write off some client devices by identifying problems with them but I still have around 10-20 % of client devices that I can't explain why they are having issues, their owners are also likely to insist on this not occurring elsewhere. Maybe that's false information...

I'm marking your answers as correct as they probably represent the most reasonable course of action but additional feedback and suggestions are always welcome.

Scott Fella · ‎03-29-2015

I have had good luck with timers being set at what you have and lower at 3 and 10. AP placement and defining the data rates and max/min data rates will also help with distribution of clients.

-Scott

-Scott
*** Please rate helpful posts ***