Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
0
Helpful
0
Replies

Tuning EAP timers

jfaaborg
Level 1
Level 1

‎09-26-2022 10:04 AM

I am having a problem with PCs on my wireless network that are failing to authenticate on 802.1X EAP-FAST. My timers are currently 

Identity Request Timeout (in secs) .......15
Identity request Max Retries..................12
Dynamic WEP Key Index.........................0
Request Timeout (in secs)......................60
Request Max Retries................................5
Max-Login Ignore Identity Response........enable
EAPOL-Key Timeout (in milliSeconds)......3000
EAPOL-Key Max Retries...........................4
EAP-Broadcast Key Interval(in secs)........3600

My environment

WLC 8.10.171.1 (radius points to a VIP on an A10)

ISE - 2.7.0.356  (load balanced by an A10)

DNS-Bluecat - 9.3.0

PCs are running anyconnect version 3.9 or 3.10

ISE live logs for the failed PCs show the generic message "5440 Endpoint abandoned EAP session and started new" 

For my environment, are there any I should make to the EAP timers? 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card