Meraki

Austeames · ‎Nov 13 2024

Hi

I'm trying to piece together where/if timers are set for 802.11r when enabled for WPA Enterprise with ISE or client and if they need to align. How long will a Meraki AP give a timer to say 'you don't need to rekey' The goal here is to make roaming as seamless as possible to not effect teams calls

My understanding is there's the full session established from client to ISE. Is the session timeout shared to the AP for it to know when to request a new full key exchange?

Our clients have:

PMK timeout of 12 hours

Cache size of 128

Max pre auth enabled and set to 1 (I've read that Meraki doesn't support pre-auth? Would this create multiple sessions conflicting with .r enablement?)

ISE - I don't think these apply to 11.r but confirmation would be appreciated.

EAP TLS Session Timeout 7,200

Stateless Session Resume - 1 week

Thanks in advance

PhilipDAth · ‎Nov 14 2024

I don't know the answer.

What I can tell you is I have never had to touch any timers, and it works great.

Austeames · ‎Jun 24 2025

We do.

Clients drop off the Wi-Fi and we can see from the WLAN report that the endpoint is trying many times to reconnect. The Meraki AP's are saying 'previous authentication expired' see below for pictures

AndersSJensen · ‎Jun 30 2025

We are seeing this is lot, but only on computers with MediaTek wifi NIC. We have been trying to update drivers etc. but havent really been able to solve this.

Austeames · ‎Jul 3 2025

Something potentially interesting. In speaking with some colleagues at other places of work they mentioned an incompatibility between Cisco and Intel specifically around FT. They reported that they switched off FT and the issue went away.

I'm going to try and see.

Austeames · ‎Jun 30 2025

Thanks we have Intel AX series NICs we've updated them and haven't seen a change in performance

Meraki

Community

802.11r FT / PMK and Timers for EAP-TLS

802.11r FT / PMK and Timers for EAP-TLS