Cisco Cisco IP Phone 8841 Guía De Diseño
Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide
72
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Signature Policy
Signature Processing........................... Enabled
Signature Policy
Signature Processing........................... Enabled
To disable the Auto-Immune feature on the Cisco Wireless LAN Controller, telnet or SSH to the controller and enter the
following command.
(Cisco Controller) >config wps auto-immune disable
CCKM Timestamp Tolerance
The default CCKM timestamp tolerance is set to 1000 ms.
It is recommended to adjust the CCKM timestamp tolerance to 5000 ms to optimize the Cisco Wireless IP Phone 8821 and
8821-EX roaming experience.
It is recommended to adjust the CCKM timestamp tolerance to 5000 ms to optimize the Cisco Wireless IP Phone 8821 and
8821-EX roaming experience.
(Cisco Controller) >config wlan security wpa akm cckm timestamp-tolerance ?
<tolerance> Allow CCKM IE time-stamp tolerance <1000 to 5000> milliseconds; Default tolerance 1000 msecs
Use the following command to configure the CCKM timestamp tolerance per Cisco recommendations.
Use the following command to configure the CCKM timestamp tolerance per Cisco recommendations.
(Cisco Controller) >config wlan security wpa akm cckm timestamp-tolerance 5000 <WLAN id >
To confirm the change, enter show wlan <WLAN id>, where the following will be displayed.
CCKM tsf Tolerance...............................
5000
TKIP Countermeasure Holdoff Time
TKIP countermeasure mode can occur if the access point receives two Message Integrity Check (MIC) errors within a 60
second period. When this occurs, the access point will de-authenticate all TKIP clients associated to that 802.11 radio and
holdoff any clients for the countermeasure holdoff time (default = 60 seconds).
To change the TKIP countermeasure holdoff time on the Cisco Wireless LAN Controller, telnet or SSH to the controller and
enter the following command specifying the number of seconds and WLAN ID.
second period. When this occurs, the access point will de-authenticate all TKIP clients associated to that 802.11 radio and
holdoff any clients for the countermeasure holdoff time (default = 60 seconds).
To change the TKIP countermeasure holdoff time on the Cisco Wireless LAN Controller, telnet or SSH to the controller and
enter the following command specifying the number of seconds and WLAN ID.
(Cisco Controller) >config wlan security tkip hold-down <nseconds> <wlan-id>
To confirm the change, enter show wlan <WLAN id>, where the following will be displayed.