08-22-2006 11:47 AM - edited 07-04-2021 12:54 PM
Hello,
I use freeRADIUS to authenticate WLAN Clients. Traffic is encrypted with WPA and clients are authenticated with LEAP or PEAP.
The AP 1220 with IOS 12.3(8)JA2 works well and the configuration is the same for PEAP and LEAP.
The value "Session-Timeout" is simply ignored, wenn a client is authenticated with PEAP. Using LEAP instead, Session-Timeout takes affect and the client is reauthenticated e.g. every 20s.
- What have I done wrong?
- Is rekeying neccessary for WPA/PEAP clients?
Kind regards
Peter
08-28-2006 10:32 AM
Rekeying is not mandatory for WPA/PEAP clients
09-07-2006 07:43 AM
I think I will see the same problem.
I configured session timeout 3600 sek. with WPA2 and PEAP using Microsoft IAS as radius.
The rekeying is not mandatory with WPA2 because of the "good" encryption algorithm. But if I configure it I want to rekey. By the way microsoft defaults a session timeout of 8 hours so a rekey should occur.
When I remember 802.1x, so the authenticator (WLAN-Controller) should initiate the reauthentication. I don't see any rekeying on my radiusserver so I think the controller does not work well.
Has anyone some clarifications ?
Should a rekey occur because of session-timeout ?
Can I watch this on my radius server ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide