Cisco Cisco IP Phone 8841 Guida Alla Progettazione
Cisco IP Phone 8861 and 8865 Wireless LAN Deployment Guide
69
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Signature Policy
Signature Processing........................... Enabled
Signature Processing........................... Enabled
To disable the Auto-Immune feature on the Cisco Wireless LAN Controller, telnet or SSH to the controller and enter the
following command.
(Cisco Controller) >config wps auto-immune disable
CCKM Timestamp Tolerance
The default CCKM timestamp tolerance is set to 1000 ms.
It is recommended to adjust the CCKM timestamp tolerance to 5000 ms to optimize the Cisco IP Phone 8861 and 8865 roaming
experience.
It is recommended to adjust the CCKM timestamp tolerance to 5000 ms to optimize the Cisco IP Phone 8861 and 8865 roaming
experience.
(Cisco Controller) >config wlan security wpa akm cckm timestamp-tolerance ?
<tolerance> Allow CCKM IE time-stamp tolerance <1000 to 5000> milliseconds; Default tolerance 1000 msecs
Use the following command to configure the CCKM timestamp tolerance per Cisco recommendations.
Use the following command to configure the CCKM timestamp tolerance per Cisco recommendations.
(Cisco Controller) >config wlan security wpa akm cckm timestamp-tolerance 5000 <WLAN id >
To confirm the change, enter show wlan <WLAN id>, where the following will be displayed.
CCKM tsf Tolerance...............................
5000
TKIP Countermeasure Holdoff Time
TKIP countermeasure mode can occur if the access point receives two Message Integrity Check (MIC) errors within a 60
second period. When this occurs, the access point will de-authenticate all TKIP clients associated to that 802.11 radio and
holdoff any clients for the countermeasure holdoff time (default = 60 seconds).
second period. When this occurs, the access point will de-authenticate all TKIP clients associated to that 802.11 radio and
holdoff any clients for the countermeasure holdoff time (default = 60 seconds).
To change the TKIP countermeasure holdoff time on the Cisco Wireless LAN Controller, telnet or SSH to the controller and
enter the following command specifying the number of seconds and WLAN ID.
enter the following command specifying the number of seconds and WLAN ID.
(Cisco Controller) >config wlan security tkip hold-down <nseconds> <wlan-id>
To confirm the change, enter show wlan <WLAN id>, where the following will be displayed.
Tkip MIC Countermeasure Hold-down Timer....... 60