Tkip Countermeasure Holdoff Time - Cisco 8800 Series Deployment Manual

Wireless lan deployment guide

Hide thumbs Also See for 8800 Series:

Manual (544 pages)

Administration manual (406 pages)

User manual (218 pages)

Table Of Contents

100

101

102

103

104

Table of Contents

EAP-Request Max Retries.......................... 2

EAPOL-Key Timeout (milliseconds)......................

EAPOL-Key Max Retries............................

If using 802.1x or WPA/WPA2, the EAP-Request Timeout on the Cisco Unified Wireless LAN Controller should be set to at

least 20 seconds.

In later versions of Cisco Unified Wireless LAN Controller software, the default EAP-Request Timeout was changed from 2 to

30 seconds.

To change the EAP-Request Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter

the following command.

(Cisco Controller) >config advanced eap request-timeout

If using WPA/WPA2 PSK then it is recommended to reduce the EAPOL-Key Timeout to 400 milliseconds from the default of

1000 milliseconds with EAPOL-Key Max Retries set to 4 from the default of 2.

If using WPA/WPA2, then using the default values where the EAPOL-Key Timeout is set to 1000 milliseconds and EAPOL-

Key Max Retries are set to 2 should work fine, but is still recommended to set those values to 400 and 4 respectively.

The EAPOL-Key Timeout should not exceed 1 second (1000 milliseconds).

To change the EAPOL-Key Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the controller and enter

the following command.

(Cisco Controller) >config advanced eap eapol-key-timeout

To change the EAPOL-Key Max Retries Timeout on the Cisco Unified Wireless LAN Controller, telnet or SSH to the

controller and enter the following command.

(Cisco Controller) >config advanced eap eapol-key-retries

TKIP Countermeasure Holdoff Time

TKIP countermeasure mode can occur if the access point receives two Message Integrity Check (MIC) errors within a 60

second period. When this occurs, the access point will de-authenticate all TKIP clients associated to that 802.11 radio and

holdoff any clients for the countermeasure holdoff time (default = 60 seconds).

To change the TKIP countermeasure holdoff time on the Cisco Unified Wireless LAN Controller, telnet or SSH to the

controller and enter the following command:

(Cisco Controller) >config wlan security tkip hold-down <nseconds> <wlan-id>

To confirm the change, enter show wlan <WLAN id>, where the following will be displayed.

Tkip MIC Countermeasure Hold-down Timer....... 60

Cisco IP Phone 8800 Series Wireless LAN Deployment Guide

400

Table of Contents

Tkip Countermeasure Holdoff Time - Cisco 8800 Series Deployment Manual

TKIP Countermeasure Holdoff Time

Related Manuals for Cisco 8800 Series

Related Content for Cisco 8800 Series

Table of Contents