Solved: WLC 4404 Upgraded to 7.0.235.3 (WPA HandShake Timeout) not availbale

cbellinger · ‎10-16-2012

Greetings,

Just upgraded my Cisco 4404 WLC's to 7.0.235.3, the upgrade went just fine. My problem is when I either Telnet or SSH to my Lightweight AP's and run the "DOT11 WPA Handshake Timeout 1000" command the AP doesn't recognized this command. This is one of the reasons I upgrade my WLC's.I have several wireless printers that are passive and are heavily used and keep getting disassociated because they don't respond in time.

Any Help would be greatly appreciated.

Stephen Rodriguez · ‎10-16-2012

yeah, that is for an IOS AP. not sure why they wouldn't have the correct command for the WLC.

To verify, it would be

show advanced eap

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

Stephen Rodriguez · ‎10-16-2012

that command is for IOS AP, not for the WLC.

Q. How do you change the Wi-Fi Protected Access (WPA) handshake timeout value on a Wireless LAN Controller (WLC) through CLI? I know I can do this on Cisco IOS® Access Points (APs) with the dot11 wpa handshake timeout value command, but how...

A. The ability to configure the WPA-Handshake timeout through the WLCs was integrated in software release 4.2 and later. You do not need this option in earlier WLC software versions.
These commands can be used to change the WPA Handshake timeout:
    config advanced eap eapol-key-timeout 
    config advanced eap eapol-key-retries 
The default values continue to reflect the WLCs current behavior.
   - the default value for eapol-key-timeout is 1 second.
   - the default value for eapol-key-retries is 2 retries
Note: On IOS APs, this setting is configurable with the dot11 wpa handshake command.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

cbellinger · ‎10-16-2012

Stephen,

Thank you for your quick response. I did make my self clear, sorry. I had to upgrade the WLC's so the Lightweight access point IOS software could be upgraded to a version that supported Telnet and SSH and the "DOT11 WPA Handshake Timeout' command. I was trying this command on the AP (IOS version 12.4(23c).JA6) and the AP was not recognizing the command. any ideas?

Stephen Rodriguez · ‎10-16-2012

You don't configure the AP directly when you have a WLC. You need to use the below commands on the WLC CLI.

    config advanced eap eapol-key-timeout 
    config advanced eap eapol-key-retries

Even if the AP did take the command, it wouldn't hold through a reboot.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

cbellinger · ‎10-16-2012

Stephen,

Great, I will try it. Just so that i'm clear the about commands govern the Client to AP communications? And not the AP to WLC communications? The printer web site stated to use the "DOT11 WPA Handshake Timeout" command on the AP's thenselves, that is why I was trying to that command on the AP's. What is the command I can use to verify?

Thank You Very Much for your help!!!!!!!

Stephen Rodriguez · ‎10-16-2012

yeah, that is for an IOS AP. not sure why they wouldn't have the correct command for the WLC.

To verify, it would be

show advanced eap

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

cbellinger · ‎10-16-2012

Stephen,

Thank you!!!!