Cisco Cisco IP Phone 8841 デザインガイド
Cisco IP Phone 8861 and 8865 Wireless LAN Deployment Guide
68
If using 802.1x or WPA/WPA2, the EAP-Request Timeout on the Cisco Wireless LAN Controller should be set to at least 20
seconds.
In later versions of Cisco Wireless LAN Controller software, the default EAP-Request Timeout was changed from 2 to 30
seconds.
To change the EAP-Request Timeout on the Cisco Wireless LAN Controller, telnet or SSH to the controller and enter the
following command.
seconds.
To change the EAP-Request Timeout on the Cisco Wireless LAN Controller, telnet or SSH to the controller and enter the
following command.
(Cisco Controller) >config advanced eap request-timeout
30
If using WPA/WPA2 PSK then it is recommended to reduce the EAPOL-Key Timeout to 400 milliseconds from the
default of 1000 milliseconds with EAPOL-Key Max Retries set to 4 from the default of 2.
If using WPA/WPA2, then using the default values where the EAPOL-Key Timeout is set to 1000 milliseconds and
EAPOL-Key Max Retries are set to 2 should work fine, but is still recommended to set those values to 400 and 4
respectively.
The EAPOL-Key Timeout should not exceed 1 second (1000 milliseconds).
To change the EAPOL-Key Timeout on the Cisco Wireless LAN Controller, telnet or SSH to the controller and enter the
following command.
following command.
(Cisco Controller) >config advanced eap eapol-key-timeout
400
To change the EAPOL-Key Max Retries Timeout on the Cisco Wireless LAN Controller, telnet or SSH to the controller and
enter the following command.
enter the following command.
(Cisco Controller) >config advanced eap eapol-key-retries
4
Auto-Immune
The Auto-Immune feature can optionally be enabled for protection against denial of service (DoS) attacks.
Although when this feature is enabled there can be interruptions introduced with voice over wireless LAN, therefore it is
recommended to disable the Auto-Immune feature on the Cisco Wireless LAN Controller.
To view the Auto-Immune configuration on the Cisco Wireless LAN Controller, telnet or SSH to the controller and enter the
following command.
Although when this feature is enabled there can be interruptions introduced with voice over wireless LAN, therefore it is
recommended to disable the Auto-Immune feature on the Cisco Wireless LAN Controller.
To view the Auto-Immune configuration on the Cisco Wireless LAN Controller, telnet or SSH to the controller and enter the
following command.
(Cisco Controller) >show wps summary
Auto-Immune
Auto-Immune....................................
Auto-Immune
Auto-Immune....................................
Disabled
Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled