關於無線的Idle Timeout和Session Timeout

1、Session Timeout

Session Timer的默認值為1800s，也就是30min。
Session Timeout：當該計時器超時時，使得客戶端強制發生重認證，這個時間是從客戶端認證成功后開始計算，進入倒計時。

配置Session Timeout
我們可以調整Session Timeout時間，以確認客戶端在重認證之前所維持的時間。
時間范圍：
對於802.1x：300-86400s
對於其他安全類型：0-65535s

注意：在Open System下，如果配置Session Timeout為0，就代表關閉了Session Timer；而對於Other System types，最大值為86400s
注意：當修改802.1x的Session Timeout值時，關聯的客戶端的PMK緩存不會改變來反映新的Session Timeout值。

GUI下的配置：

Step 1	Choose WLANs to open the WLANs page.
Step 2	Click the ID number of the WLAN for which you want to assign a session timeout.
Step 3	When the WLANs > Edit page appears, choose the Advanced tab. The WLANs > Edit (Advanced) page appears.
Step 4	Select the Enable Session Timeout check box to configure a session timeout for this WLAN. Not selecting the checkbox is equal to setting it to 0, which is the maximum value for a session timeout for each session type.<<<不選中該復選框等於將其設置為0，這是每種會話類型的會話超時的最大值。
Step 5	Click Apply to commit your changes.
Step 6	Click Save Configuration to save your changes.

CLI下的配置

Step 1	Configure a session timeout for wireless clients on a WLAN by entering this command: config wlan session-timeout wlan_id timeout The default value is 1800 seconds for the following Layer 2 security types: 802.1X, Static WEP+802.1X, WPA+WPA2 with 802.1X, CCKM, or 802.1X+CCKM authentication key management and 0 seconds for all other Layer 2 security types (Open WLAN/CKIP/Static WEP). A value of 0 is equivalent to no timeout.
Step 2	Save your changes by entering this command: save config
Step 3	See the current session timeout value for a WLAN by entering this command: show wlan wlan_id Information similar to the following appears: WLAN Identifier.................................. 9 Profile Name..................................... test12 Network Name (SSID)........................... test12 ... Number of Active Clients......................... 0 Exclusionlist Timeout............................ 60 seconds Session Timeout............................... 1800 seconds ...

 

故障示例：客戶端由於Session timeout解除協商

命令：debug client <mac addr>

Logs to parse

apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!

apfMsExpireMobileStation (apf_ms.c:5009) Changing state for mobile 00:1e:8c:0f:a4:57 on

               AP 00:26:cb:94:44:c0 from Associated to Disassociated

Scheduling deletion of Mobile Station:  (callerId: 45) in 10 seconds

apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!

Sent Deauthenticate to mobile on BSSID 00:26:cb:94:44:c0 slot 0(caller apf_ms.c:5094)

解決方法：

增加session timeout值，WLC GUI>>WLAN>>ID>>Advanced

 

2、Idle Timeout

Idle Timer的默認值為300s，也就是5min.

Idle Timeout：Idle計時器超時時，客戶端會從WLC上被移除掉（如果一個用戶的設備關機了，或者是筆記本等設備進入睡眠狀態，進入空閑狀態，無法和AP之前進行溝通，進行信息傳遞，那么該計時器就開始倒計時）。當計時器超時后，下次客戶端協商就需要完成完整的認證過程。

我們可以針對單個WLAN去進行配置，還可以配置閾值觸發超時，如果客戶端在指定的Idle Timeout時間內沒有發送閾值數據值，則認為客戶端處於非活動狀態且已取消身份驗證。如果客戶端發送的數據超過用戶Idle Timeout內指定的閾值配額，則認為客戶端處於活動狀態，控制器刷新另一個超時時間。如果閾值配額在超時期限內耗盡，則刷新超時時間。
假設用戶Idle Timeout指定為120秒，用戶空閑閾值指定為10MB。在120秒的時間段之后，如果客戶端沒有發送10MB的數據，則認為客戶端處於非活動狀態並且未經身份驗證。如果客戶端在120秒發送了10MB，則會刷新超時時間。

配置Idle Timeout

• Configure user idle timeout for a WLAN by entering this command:

  config wlan usertimeout timeout-in-seconds wlan-id

• Configure user idle threshold for a WLAN by entering this command:

  config wlan user-idle-threshold value-in-bytes wlan-id

 

故障示例：客戶端由於Idle Timeout解除協商

命令：debug client <mac addr>

Received Idle-Timeout from AP 00:26:cb:94:44:c0, slot 0 for STA 00:1e:8c:0f:a4:57

apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 4, reasonCode 4

Scheduling deletion of Mobile Station:  (callerId: 30) in 1 seconds

apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!

Sent Deauthenticate to mobile on BSSID 00:26:cb:94:44:c0 slot 0(caller apf_ms.c:5094)

解決方法：

增加Idle Timeout的值：“WLC GUI>>Controller>>General” 或針對單獨WLAN “WLC GUI>>WLAN>>ID>>Advanced”

 

參考：

如下兩個鏈接是配置說明文檔及非常有用的故障典型示例：

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_0100111.html

https://www.cisco.com/c/en/us/support/docs/wireless/5508-wireless-controller/200072-Cheat-Sheet-Common-Wireless-issues.html#anc8