关于无线的Idle Timeout和Session Timeout
1、Session Timeout
Session Timer的默認值為1800s,也就是30min。
Session Timeout:當該計時器超時時,使得客戶端強制發生重認證,這個時間是從客戶端認證成功后開始計算,進入倒計時。
配置Session Timeout
我們可以調整Session Timeout時間,以確認客戶端在重認證之前所維持的時間。
時間范圍:
對于802.1x:300-86400s
對于其他安全類型:0-65535s
注意:在Open System下,如果配置Session Timeout為0,就代表關閉了Session Timer;而對于Other System types,最大值為86400s
注意:當修改802.1x的Session Timeout值時,關聯的客戶端的PMK緩存不會改變來反映新的Session Timeout值。
GUI下的配置:
| Step?1?? | Choose WLANs to open the WLANs page. |
| Step?2?? | Click the ID number of the WLAN for which you want to assign a session timeout. |
| Step?3?? | When the WLANs > Edit page appears, choose the Advanced tab. The WLANs > Edit (Advanced) page appears. |
| Step?4?? | Select the Enable Session Timeout check box to configure a session timeout for this WLAN. Not selecting the checkbox is equal to setting it to 0, which is the maximum value for a session timeout for each session type.<<<不選中該復選框等于將其設置為0,這是每種會話類型的會話超時的最大值。 |
| Step?5?? | Click Apply to commit your changes. |
| Step?6?? | Click Save Configuration to save your changes. |
CLI下的配置
| Step?1?? | Configure a session timeout for wireless clients on a WLAN by entering this command: config wlan session-timeout wlan_id timeout The default value is 1800 seconds for the following Layer 2 security types: 802.1X, Static WEP+802.1X, WPA+WPA2 with 802.1X, CCKM, or 802.1X+CCKM authentication key management and 0 seconds for all other Layer 2 security types (Open WLAN/CKIP/Static WEP). A value of 0 is equivalent to no timeout. |
| Step?2?? | Save your changes by entering this command: save config |
| Step?3?? | See the current session timeout value for a WLAN by entering this command: show wlan wlan_id Information similar to the following appears: WLAN Identifier.................................. 9 Profile Name..................................... test12 Network Name (SSID)........................... test12?...? Number of Active Clients......................... 0 Exclusionlist Timeout............................ 60 seconds Session Timeout............................... 1800 seconds? ...? |
?
故障示例:客戶端由于Session timeout解除協商
命令:debug client <mac addr>
Logs to parse
apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!apfMsExpireMobileStation (apf_ms.c:5009) Changing state for mobile 00:1e:8c:0f:a4:57 onAP 00:26:cb:94:44:c0 from Associated to DisassociatedScheduling deletion of Mobile Station: (callerId: 45) in 10 secondsapfMsExpireCallback (apf_ms.c:608) Expiring Mobile!Sent Deauthenticate to mobile on BSSID 00:26:cb:94:44:c0 slot 0(caller apf_ms.c:5094)解決方法:
增加session timeout值,WLC GUI>>WLAN>>ID>>Advanced
?
2、Idle Timeout
Idle Timer的默認值為300s,也就是5min.
Idle Timeout:Idle計時器超時時,客戶端會從WLC上被移除掉(如果一個用戶的設備關機了,或者是筆記本等設備進入睡眠狀態,進入空閑狀態,無法和AP之前進行溝通,進行信息傳遞,那么該計時器就開始倒計時)。當計時器超時后,下次客戶端協商就需要完成完整的認證過程。
我們可以針對單個WLAN去進行配置,還可以配置閾值觸發超時,如果客戶端在指定的Idle Timeout時間內沒有發送閾值數據值,則認為客戶端處于非活動狀態且已取消身份驗證。如果客戶端發送的數據超過用戶Idle Timeout內指定的閾值配額,則認為客戶端處于活動狀態,控制器刷新另一個超時時間。如果閾值配額在超時期限內耗盡,則刷新超時時間。
假設用戶Idle Timeout指定為120秒,用戶空閑閾值指定為10MB。在120秒的時間段之后,如果客戶端沒有發送10MB的數據,則認為客戶端處于非活動狀態并且未經身份驗證。如果客戶端在120秒發送了10MB,則會刷新超時時間。
配置Idle Timeout
?
故障示例:客戶端由于Idle Timeout解除協商
命令:debug client <mac addr>
Received Idle-Timeout from AP 00:26:cb:94:44:c0, slot 0 for STA 00:1e:8c:0f:a4:57
apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 4, reasonCode 4
Scheduling deletion of Mobile Station:? (callerId: 30) in 1 seconds
apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!
Sent Deauthenticate to mobile on BSSID 00:26:cb:94:44:c0 slot 0(caller apf_ms.c:5094)
解決方法:
增加Idle Timeout的值:“WLC GUI>>Controller>>General” 或針對單獨WLAN “WLC GUI>>WLAN>>ID>>Advanced”
?
參考:
如下兩個鏈接是配置說明文檔及非常有用的故障典型示例:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_0100111.html
https://www.cisco.com/c/en/us/support/docs/wireless/5508-wireless-controller/200072-Cheat-Sheet-Common-Wireless-issues.html#anc8
?
轉載于:https://www.cnblogs.com/MomentsLee/p/10050037.html
總結
以上是生活随笔為你收集整理的关于无线的Idle Timeout和Session Timeout的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: php 栈、 出栈、入栈
- 下一篇: 2018年广东工业大学文远知行杯新生程序