Cisco 8821 Manual page 73

Hide thumbs Also See for 8821:

Administration manual (158 pages)

User manual (116 pages)

Accessory manual (30 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

Table of Contents

EAPOL-Key Max Retries............................

If using 802.1x or WPA/WPA2, the EAP-Request Timeout on the Cisco Wireless LAN Controller should be set to at least 20

seconds.

In later versions of Cisco Wireless LAN Controller software, the default EAP-Request Timeout was changed from 2 to 30

seconds.

To change the EAP-Request Timeout on the Cisco Wireless LAN Controller, telnet or SSH to the controller and enter the

following command.

(Cisco Controller) >config advanced eap request-timeout

If using WPA/WPA2 PSK then it is recommended to reduce the EAPOL-Key Timeout to 400 milliseconds from the

default of 1000 milliseconds with EAPOL-Key Max Retries set to 4 from the default of 2.

If using WPA/WPA2, then using the default values where the EAPOL-Key Timeout is set to 1000 milliseconds and

EAPOL-Key Max Retries are set to 2 should work fine, but is still recommended to set those values to 400 and 4

respectively.

The EAPOL-Key Timeout should not exceed 1 second (1000 milliseconds).

To change the EAPOL-Key Timeout on the Cisco Wireless LAN Controller, telnet or SSH to the controller and enter the

following command.

(Cisco Controller) >config advanced eap eapol-key-timeout

To change the EAPOL-Key Max Retries Timeout on the Cisco Wireless LAN Controller, telnet or SSH to the controller and

enter the following command.

(Cisco Controller) >config advanced eap eapol-key-retries

Auto-Immune

The Auto-Immune feature can optionally be enabled for protection against denial of service (DoS) attacks.

Although when this feature is enabled there can be interruptions introduced with voice over wireless LAN, therefore it is

recommended to disable the Auto-Immune feature on the Cisco Wireless LAN Controller.

To view the Auto-Immune configuration on the Cisco Wireless LAN Controller, telnet or SSH to the controller and enter the

following command.

(Cisco Controller) >show wps summary

Auto-Immune

Auto-Immune....................................

Client Exclusion Policy

Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide

400

Disabled

Table of Contents

This manual is also suitable for:

8821-ex

Cisco 8821 Manual page 73

Related Manuals for Cisco 8821

Related Products for Cisco 8821

This manual is also suitable for:

Table of Contents