关于无线的Idle Timeout和Session Timeout

1、Session Timeout

Session Timer的默认值为1800s，也就是30min。
Session Timeout：当该计时器超时时，使得客户端强制发生重认证，这个时间是从客户端认证成功后开始计算，进入倒计时。

配置Session Timeout
我们可以调整Session Timeout时间，以确认客户端在重认证之前所维持的时间。
时间范围：
对于802.1x：300-86400s
对于其他安全类型：0-65535s

注意：在Open System下，如果配置Session Timeout为0，就代表关闭了Session Timer；而对于Other System types，最大值为86400s
注意：当修改802.1x的Session Timeout值时，关联的客户端的PMK缓存不会改变来反映新的Session Timeout值。

GUI下的配置：

Step 1	Choose WLANs to open the WLANs page.
Step 2	Click the ID number of the WLAN for which you want to assign a session timeout.
Step 3	When the WLANs > Edit page appears, choose the Advanced tab. The WLANs > Edit (Advanced) page appears.
Step 4	Select the Enable Session Timeout check box to configure a session timeout for this WLAN. Not selecting the checkbox is equal to setting it to 0, which is the maximum value for a session timeout for each session type.<<<不选中该复选框等于将其设置为0，这是每种会话类型的会话超时的最大值。
Step 5	Click Apply to commit your changes.
Step 6	Click Save Configuration to save your changes.

CLI下的配置

Step 1	Configure a session timeout for wireless clients on a WLAN by entering this command: config wlan session-timeout wlan_id timeout The default value is 1800 seconds for the following Layer 2 security types: 802.1X, Static WEP+802.1X, WPA+WPA2 with 802.1X, CCKM, or 802.1X+CCKM authentication key management and 0 seconds for all other Layer 2 security types (Open WLAN/CKIP/Static WEP). A value of 0 is equivalent to no timeout.
Step 2	Save your changes by entering this command: save config
Step 3	See the current session timeout value for a WLAN by entering this command: show wlan wlan_id Information similar to the following appears: WLAN Identifier.................................. 9 Profile Name..................................... test12 Network Name (SSID)........................... test12 ... Number of Active Clients......................... 0 Exclusionlist Timeout............................ 60 seconds Session Timeout............................... 1800 seconds ...

 

故障示例：客户端由于Session timeout解除协商

命令：debug client <mac addr>

Logs to parse

apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!

apfMsExpireMobileStation (apf_ms.c:5009) Changing state for mobile 00:1e:8c:0f:a4:57 on

               AP 00:26:cb:94:44:c0 from Associated to Disassociated

Scheduling deletion of Mobile Station:  (callerId: 45) in 10 seconds

apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!

Sent Deauthenticate to mobile on BSSID 00:26:cb:94:44:c0 slot 0(caller apf_ms.c:5094)

解决方法：

增加session timeout值，WLC GUI>>WLAN>>ID>>Advanced

2、Idle Timeout

Idle Timer的默认值为300s，也就是5min.

Idle Timeout：Idle计时器超时时，客户端会从WLC上被移除掉（如果一个用户的设备关机了，或者是笔记本等设备进入睡眠状态，进入空闲状态，无法和AP之前进行沟通，进行信息传递，那么该计时器就开始倒计时）。当计时器超时后，下次客户端协商就需要完成完整的认证过程。

我们可以针对单个WLAN去进行配置，还可以配置阈值触发超时，如果客户端在指定的Idle Timeout时间内没有发送阈值数据值，则认为客户端处于非活动状态且已取消身份验证。如果客户端发送的数据超过用户Idle Timeout内指定的阈值配额，则认为客户端处于活动状态，控制器刷新另一个超时时间。如果阈值配额在超时期限内耗尽，则刷新超时时间。
假设用户Idle Timeout指定为120秒，用户空闲阈值指定为10MB。在120秒的时间段之后，如果客户端没有发送10MB的数据，则认为客户端处于非活动状态并且未经身份验证。如果客户端在120秒发送了10MB，则会刷新超时时间。

配置Idle Timeout

• Configure user idle timeout for a WLAN by entering this command:

  config wlan usertimeout timeout-in-seconds wlan-id

• Configure user idle threshold for a WLAN by entering this command:

  config wlan user-idle-threshold value-in-bytes wlan-id

 

故障示例：客户端由于Idle Timeout解除协商

命令：debug client <mac addr>

Received Idle-Timeout from AP 00:26:cb:94:44:c0, slot 0 for STA 00:1e:8c:0f:a4:57

apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 4, reasonCode 4

Scheduling deletion of Mobile Station:  (callerId: 30) in 1 seconds

apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!

Sent Deauthenticate to mobile on BSSID 00:26:cb:94:44:c0 slot 0(caller apf_ms.c:5094)

解决方法：

增加Idle Timeout的值：“WLC GUI>>Controller>>General” 或针对单独WLAN “WLC GUI>>WLAN>>ID>>Advanced”

参考：

如下两个链接是配置说明文档及非常有用的故障典型示例：

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_0100111.html

https://www.cisco.com/c/en/us/support/docs/wireless/5508-wireless-controller/200072-Cheat-Sheet-Common-Wireless-issues.html#anc8