关于无线的Idle Timeout和Session Timeout
1、Session Timeout
Session Timer的默认值为1800s,也就是30min。
Session Timeout:当该计时器超时时,使得客户端强制发生重认证,这个时间是从客户端认证成功后开始计算,进入倒计时。
配置Session Timeout
我们可以调整Session Timeout时间,以确认客户端在重认证之前所维持的时间。
时间范围:
对于802.1x:300-86400s
对于其他安全类型:0-65535s
注意:在Open System下,如果配置Session Timeout为0,就代表关闭了Session Timer;而对于Other System types,最大值为86400s
注意:当修改802.1x的Session Timeout值时,关联的客户端的PMK缓存不会改变来反映新的Session Timeout值。
GUI下的配置:
Step 1 | Choose WLANs to open the WLANs page. |
Step 2 | Click the ID number of the WLAN for which you want to assign a session timeout. |
Step 3 | When the WLANs > Edit page appears, choose the Advanced tab. The WLANs > Edit (Advanced) page appears. |
Step 4 | Select the Enable Session Timeout check box to configure a session timeout for this WLAN. Not selecting the checkbox is equal to setting it to 0, which is the maximum value for a session timeout for each session type.<<<不选中该复选框等于将其设置为0,这是每种会话类型的会话超时的最大值。 |
Step 5 | Click Apply to commit your changes. |
Step 6 | Click Save Configuration to save your changes. |
CLI下的配置
Step 1 | Configure a session timeout for wireless clients on a WLAN by entering this command:
config wlan session-timeout wlan_id timeout The default value is 1800 seconds for the following Layer 2 security types: 802.1X, Static WEP+802.1X, WPA+WPA2 with 802.1X, CCKM, or 802.1X+CCKM authentication key management and 0 seconds for all other Layer 2 security types (Open WLAN/CKIP/Static WEP). A value of 0 is equivalent to no timeout. |
Step 2 | Save your changes by entering this command:
save config |
Step 3 | See the current session timeout value for a WLAN by entering this command:
show wlan wlan_id Information similar to the following appears: WLAN Identifier.................................. 9 |
故障示例:客户端由于Session timeout解除协商
命令:debug client <mac addr>
Logs to parse
apfMsExpireCallback (apf_ms.c:608) Expiring Mobile! apfMsExpireMobileStation (apf_ms.c:5009) Changing state for mobile 00:1e:8c:0f:a4:57 on AP 00:26:cb:94:44:c0 from Associated to Disassociated Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds apfMsExpireCallback (apf_ms.c:608) Expiring Mobile! Sent Deauthenticate to mobile on BSSID 00:26:cb:94:44:c0 slot 0(caller apf_ms.c:5094)
解决方法:
增加session timeout值,WLC GUI>>WLAN>>ID>>Advanced
2、Idle Timeout
Idle Timer的默认值为300s,也就是5min.
Idle Timeout:Idle计时器超时时,客户端会从WLC上被移除掉(如果一个用户的设备关机了,或者是笔记本等设备进入睡眠状态,进入空闲状态,无法和AP之前进行沟通,进行信息传递,那么该计时器就开始倒计时)。当计时器超时后,下次客户端协商就需要完成完整的认证过程。
我们可以针对单个WLAN去进行配置,还可以配置阈值触发超时,如果客户端在指定的Idle Timeout时间内没有发送阈值数据值,则认为客户端处于非活动状态且已取消身份验证。如果客户端发送的数据超过用户Idle Timeout内指定的阈值配额,则认为客户端处于活动状态,控制器刷新另一个超时时间。如果阈值配额在超时期限内耗尽,则刷新超时时间。
假设用户Idle Timeout指定为120秒,用户空闲阈值指定为10MB。在120秒的时间段之后,如果客户端没有发送10MB的数据,则认为客户端处于非活动状态并且未经身份验证。如果客户端在120秒发送了10MB,则会刷新超时时间。
配置Idle Timeout
Configure user idle timeout for a WLAN by entering this command:
config wlan usertimeout timeout-in-seconds wlan-id
Configure user idle threshold for a WLAN by entering this command:
config wlan user-idle-threshold value-in-bytes wlan-id
故障示例:客户端由于Idle Timeout解除协商
命令:debug client <mac addr>
Received Idle-Timeout from AP 00:26:cb:94:44:c0, slot 0 for STA 00:1e:8c:0f:a4:57
apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 4, reasonCode 4
Scheduling deletion of Mobile Station: (callerId: 30) in 1 seconds
apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!
Sent Deauthenticate to mobile on BSSID 00:26:cb:94:44:c0 slot 0(caller apf_ms.c:5094)
解决方法:
增加Idle Timeout的值:“WLC GUI>>Controller>>General” 或针对单独WLAN “WLC GUI>>WLAN>>ID>>Advanced”
参考:
如下两个链接是配置说明文档及非常有用的故障典型示例:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_0100111.html
https://www.cisco.com/c/en/us/support/docs/wireless/5508-wireless-controller/200072-Cheat-Sheet-Common-Wireless-issues.html#anc8
关于无线的Idle Timeout和Session Timeout的更多相关文章
- Zookeeper中Session Timeout的那些事
前言: RDS系统致力于MySQL数据的高可用,高可靠,高性能以及在线扩展功能,实现这些特性的主要逻辑功能都运行在管理服务器上,一旦管理服务器宕机,数据库的在线扩展功能/备份功能/故障恢复功能等都无从 ...
- How to configue session timeout in Hive
This article explains how to configure the following settings in Hive:hive.server2.session.check.int ...
- Kafka session.timeout.ms heartbeat.interval.ms参数的区别以及对数据存储的一些思考
Kafka session.timeout.ms heartbeat.interval.ms参数的区别以及对数据存储的一些思考 在计算机世界中经常需要与数据打交道,这也是我们戏称CURD工程师的原因之 ...
- Tomcat connection & session timeout settings
# connection timeout for globle web application cat /home/soft/apache-tomcat-7.0.92/conf/server.xml ...
- 项目server中设置session timeout遇到的问题
RT:在项目server中的web.xml设置session timeout=10,当10分钟后,继续右键执行jsp文件,运行失败,如下图所示: 但是单独启动tomcat server后,在浏览器中输 ...
- Forms authentication timeout vs sessionState timeout
https://stackoverflow.com/questions/17812994/forms-authentication-timeout-vs-sessionstate-timeout Th ...
- SSRS 2008 R2 错误:Timeout expired. The timeout period
今天遇到了Reporting Services(SQL SERVER 2008 R2)的报表执行异常情况,报表加载数据很长时间都没有响应,最后报"An error occurred with ...
- Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
今天碰到了一个查询异常问题,上网查了一下,感谢原创和译者 如果你使用的数据库连接类是 the Data Access Application Blocks "SqlHelper" ...
- SQLSERVER:Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool size was reached.
背景: 在最近开发中遇到一个问题,对一个数据库进行操作时,我采用64个并行的任务每个任务保证一个数据库连接对象:但是每个任务内部均包含有24个文件需要读取,在读取文件之后,我们需要快速将这24个文件批 ...
随机推荐
- ios 下 select和option 无法隐藏指定元素
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8&quo ...
- layer.open 回调函数
官方资料:http://www.layui.com/doc/modules/layer.html 在一个弹出框中新增个按钮,点击按钮后执行自己的语句(返回上一页并刷新). layer.open({ti ...
- Flask 教程 第十八章:Heroku上的部署
本文翻译自The Flask Mega-Tutorial Part XVIII: Deployment on Heroku 这是Flask Mega-Tutorial系列的第十八部分,我将在其中部署M ...
- 链剖-What you are?-大话西游-校内oj2440
This article is made by Jason-Cow.Welcome to reprint.But please post the writer's address. http://ww ...
- opencv:霍夫直线检测
#include <opencv2/opencv.hpp> #include <iostream> using namespace cv; using namespace st ...
- Go性能调优
文章引用自 Go性能调优 在计算机性能调试领域里,profiling 是指对应用程序的画像,画像就是应用程序使用 CPU 和内存的情况. Go语言是一个对性能特别看重的语言,因此语言中自带了 pr ...
- 【音乐欣赏】《TIT FOR TAT》 - MYTH & ROID
曲名:TIT FOR TAT 作者:MYTH & ROID [00:00.000] 作曲 : MYTH & ROID [00:01.000] 作词 : MYTH & ROID ...
- 压缩/批量压缩/合并js文件
写在前面 如果文件少的话,直接去网站转化一下就行. http://tool.oschina.net/jscompress?type=3 1.压缩单个js文件 cnpm install uglify-j ...
- 联合查询:union
1.联合查询:union 1.1 作用:将多条select语句的结果,合并到一起,称之为联合操作. 1.2 语法:( ) union ( ); 例子:(select name from info_or ...
- web项目获取路径
Java获取路径的各种方法: (1).request.getRealPath("/"); //不推荐使用获取工程的根路径 (2).request.getRealPath(requ ...