Cisco Cisco DX70 Guia Do Desenho
Cisco DX Series Wireless LAN Deployment Guide
102
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)......................
EAPOL-Key Timeout (milliseconds)......................
400
EAPOL-Key Max Retries............................
4
If using 802.1x or WPA/WPA2, the EAP-Request Timeout on the Cisco Unified Wireless LAN Controller should be set to at
least 20 seconds.
In later versions of Cisco Unified Wireless LAN Controller software, the default EAP-Request Timeout was changed from 2 to
30 seconds.
To change the EAP-Request Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter
the following command.
least 20 seconds.
In later versions of Cisco Unified Wireless LAN Controller software, the default EAP-Request Timeout was changed from 2 to
30 seconds.
To change the EAP-Request Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter
the following command.
(Cisco Controller) >config advanced eap request-timeout
30
If using WPA/WPA2 PSK then it is recommended to reduce the EAPOL-Key Timeout to 400 milliseconds from the default of
1000 milliseconds with EAPOL-Key Max Retries set to 4 from the default of 2.
If using WPA/WPA2, then using the default values where the EAPOL-Key Timeout is set to 1000 milliseconds and EAPOL-
Key Max Retries are set to 2 should work fine, but is still recommended to set those values to 400 and 4 respectively.
The EAPOL-Key Timeout should not exceed 1 second (1000 milliseconds).
1000 milliseconds with EAPOL-Key Max Retries set to 4 from the default of 2.
If using WPA/WPA2, then using the default values where the EAPOL-Key Timeout is set to 1000 milliseconds and EAPOL-
Key Max Retries are set to 2 should work fine, but is still recommended to set those values to 400 and 4 respectively.
The EAPOL-Key Timeout should not exceed 1 second (1000 milliseconds).
To change the EAPOL-Key Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter
the following command.
the following command.
(Cisco Controller) >config advanced eap eapol-key-timeout
400
To change the EAPOL-Key Max Retries Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the
controller and enter the following command.
controller and enter the following command.
(Cisco Controller) >config advanced eap eapol-key-retries
4
TKIP Countermeasure Holdoff Time
TKIP countermeasure mode can occur if the access point receives two Message Integrity Check (MIC) errors within a 60
second period. When this occurs, the access point will de-authenticate all TKIP clients associated to that 802.11 radio and
holdoff any clients for the countermeasure holdoff time (default = 60 seconds).
To change the TKIP countermeasure holdoff time on the Cisco Unified Wireless LAN Controller, telnet or SSH to the
controller and enter the following command:
second period. When this occurs, the access point will de-authenticate all TKIP clients associated to that 802.11 radio and
holdoff any clients for the countermeasure holdoff time (default = 60 seconds).
To change the TKIP countermeasure holdoff time on the Cisco Unified Wireless LAN Controller, telnet or SSH to the
controller and enter the following command:
(Cisco Controller) >config wlan security tkip hold-down <nseconds> <WLAN id>
To confirm the change, enter show wlan <WLAN id>, where the following will be displayed.
Tkip MIC Countermeasure Hold-down Timer....... 60