Cisco Cisco Cius 4G 디자인 가이드
Cisco Cius Wireless Deployment Guide
86
To disable the Auto-Immune feature on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter
the following command.
(Cisco Controller) >config wps auto-immune disable
WLAN Controller Advanced EAP Settings
Need to ensure that the advanced EAP settings in the Cisco Unified Wireless LAN Controller are configured per the
information below.
To view the EAP configuration on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter the
following command.
information below.
To view the EAP configuration on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter the
following command.
(Cisco Controller) >show advanced eap
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds)....................
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds)....................
30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)......................
EAPOL-Key Timeout (milliseconds)......................
400
EAPOL-Key Max Retries............................
4
If using 802.1x or WPA/WPA2, the EAP-Request Timeout on the Cisco Unified Wireless LAN Controller should be set to at
least 20 seconds.
In later versions of Cisco Unified Wireless LAN Controller software, the default EAP-Request Timeout was changed from 2 to
30 seconds.
The default timeout on the Cisco ACS server is 20 seconds.
To change the EAP-Request Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter
the following command.
least 20 seconds.
In later versions of Cisco Unified Wireless LAN Controller software, the default EAP-Request Timeout was changed from 2 to
30 seconds.
The default timeout on the Cisco ACS server is 20 seconds.
To change the EAP-Request Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter
the following command.
(Cisco Controller) >config advanced eap request-timeout
30
If using WPA/WPA2 PSK then it is recommended to reduce the EAPOL-Key Timeout to 400 milliseconds from the default of
1000 milliseconds with EAPOL-Key Max Retries set to 4 from the default of 2.
If using WPA/WPA2, then using the default values where the EAPOL-Key Timeout is set to 1000 milliseconds and EAPOL-
Key Max Retries are set to 2 should work fine, but is still recommended to set those values to 400 and 4 respectively.
The EAPOL-Key Timeout should not exceed 1 second (1000 milliseconds).
To change the EAPOL-Key Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter
the following command.
the following command.
(Cisco Controller) >config advanced eap eapol-key-timeout
400