首页 > 其他分享 >CATALYST 9800 CONFIG RECOMM

CATALYST 9800 CONFIG RECOMM

时间:2024-05-21 23:20:30浏览次数:25  
标签:RECOMM WLAN seconds Period dot1x CATALYST timeout security CONFIG


Let me update this thread with some notes from my latest investigations with client disconnections (Windows). The problem from a WLAN engineer's perspective is that normally this part is not taken into account, as it is on the WinTel team side and it's hard to influence decisions on them. Same happen with tuning driver parameters regarding roaming aggresiveness, preferred band and some others that maybe available in all operating systems.

Take into consideration that this is my recommendation based on timer values in Cisco’s Best Practices, and some others have been tuned to address some known issues with drivers (like GTK issue seen with Mediatek WiFi6 chipsets).

Please feel free to add any comment or any recommended value from other best practices, or add same parameters for other operating systems such as MacOs or Linux.

CATALYST 9800 CONFIG:

// Number of retries in the event of not receiving counterpart from device
wireless security dot1x eapol-key retries 2
!
// Period in milliseconds between consecutive retries

wireless security dot1x eapol-key timeout 1000
!
// This setting is governed from the WLAN infrastructure and shared with the client so there is no counterpart in Windows profile
wireless security dot1x group-key interval 54000
!
// Number of retries to ask for Identity to the client once RADIUS server has initiated the authentication
wireless security dot1x identity-request retries 2
!
// Period in seconds when the WLAN infrastructure expires an ongoing authentication so to retry
wireless security dot1x identity-request timeout 30
!
// Number of retries before the WLAN infrastructure expire an ongoing authentication process so the client device starts a new one upon restoring connectivity
wireless security dot1x request retries 2
!
// Period in seconds when the WLAN infrastructure expires an ongoing authentication so the client needs to restart with full authentication
wireless security dot1x request timeout 30
!
// Period in seconds when the current session is removed from the WLAN infrastructure and triggers a new full authentication in the client device. Ideally this setting should match at both ends to avoid any part from expiring the current session.
session-timeout 54000
!
// Period in seconds that a client is held into the exclusion list due to credential failure (this could be due to expired certificate, or new device not provisioned yet, lack of certificate or not registered in the AD)
exclusionlist timeout 180
!

COUNTERPART IN WINDOWS (to be modified through GPO, or manual settings the WLAN profile):

// Advanced Settings:
Max Eapol-Start Msgs = 2         ==> This values matches WLAN infra eapol-key retries
Held Period (seconds) = 180     ==> This values matches WLAN infra exclusionlist timeout
Start Period (seconds) = 1         ==> This values matches WLAN infra eapol-key timeout
Auth Period (seconds) = 30       ==> This values matches WLAN infra request timeout
!
// Fast Roaming Settings:
Enable Pairwise Master Key (PMK) Caching = Enabled
PMK time to Live (Minutes) = 900       ==> This values matches WLAN infra session-timeout of 54000 secs
Number of Entries in PMK Cache = 128
This network uses pre-authentication = Disabled

 

https://community.cisco.com/t5/wireless/c9800-session-timeout-timer/td-p/4646389 (JPavonM

 

标签:RECOMM,WLAN,seconds,Period,dot1x,CATALYST,timeout,security,CONFIG
From: https://www.cnblogs.com/MomentsLee/p/18205155

相关文章

  • Biwen.Settings添加对IConfiguration&IOptions的集成支持
    Biwen.Settings是一个简易的配置项管理模块,主要的作用就是可以校验并持久化配置项,比如将自己的配置存储到数据库中,JSON文件中等使用上也是很简单,只需要在服务中注入配置,比如我们有一个GithubSetting的配置项,我们只需要定义好对象然后注入到Service中即可:[Descripti......
  • ConfigurationClassPostProcessor类,@Configuration注解的底层实现
    概览由前文可知,ConfigurationClassPostProcessor是作为Spring中的内置类被添加到容器中,【源码学习】Spring启动流程ConfigurationClassPostProcessor不仅实现了BeanFactoryPostProcessor(BFPP)并且实现了BeanDefinitionRegistryPostProcessor,具有比一般BFPP更高的初始化优先级,......
  • django rest django.core.exceptions.ImproperlyConfigured: Could not resolve URL f
    使用:HyperlinkedRelatedField报错信息django.core.exceptions.ImproperlyConfigured:CouldnotresolveURLforhyperlinkedrelationshipusingviewname"fk_table:album_list".YoumayhavefailedtoincludetherelatedmodelinyourAPI,orincorrectly......
  • ./configure --with-debug --prefix=/Users/root/opt/nginx/debug_nginx
    %./configure--with-debug--prefix=/Users/root/opt/nginx/debug_nginxcheckingforOS+Darwin21.6.0x86_64checkingforCcompiler...found+usingClangCcompiler+clangversion:14.0.0(clang-1400.0.29.202)checkingfor-Wl,-Eswitch...notfoundchec......
  • C# app.config配置appSettings标签
    AppSettings标签主要用于应用程中的一些配置信息。比如上传文件的路径,需要用到的可能会根据不同环境改变的一些常量等。可以在配置文件添加可执行文件要的配置。usingSystem;usingSystem.Collections.Generic;usingSystem.Configuration;classProgram{staticvoid......
  • Cisco Catalyst Center 2.3.7.5-VA - 网络管理和自动化
    CiscoCatalystCenter2.3.7.5-VA-网络管理和自动化CiscoCatalystCenter-NetworkManagementandAutomation请访问原文链接:CiscoCatalystCenter2.3.7.5-VA-网络管理和自动化,查看最新版。原创作品,转载请保留出处。作者主页:sysin.orgCiscoCatalystCenter节约时......
  • 如何把 log4net.config 文件删除, 改成代码实现
    如何把log4net.config文件改成代码?这样在编写winform或者其他客户端的时候就省去了一个配置文件分享下我常用的log4net.config配置文件<?xmlversion="1.0"encoding="utf-8"?><configuration><!--<configSections><sectionname="log4net"typ......
  • k8s——configmap-secret-nginx实验
    简介configmapsecret一、实验环境二、实验描述三、实验1:步骤1.使用configmap投射到nginx.conf配置文件到pod里1.1需要准备nginx.conf配置文件1.2将nginx.conf内容存放到configmap里(通过文件的方式,,这样简单一点)1.3启动ngnix的pod,使用configmap里的nginx.conf配置文件2.......
  • 创建启动springboot项目的一些问题,如spring-boot-autoconfigure 自动加载注入配置
    1.springboot项目启动是否只需要3下面3个jar包<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.b......
  • pkg-config(转)
    pkg-config是一个linux下的命令,用于获得某一个库/模块的所有编译相关的信息。例子:pkg-configopencv–libs–cflags结果:-I/usr/include/opencv/usr/lib/x86_64-linux-gnu/libopencv_calib3d.so/usr/lib/x86_64-linux-gnu/libopencv_contrib.so/usr/lib/x86_64-linux......