802.11r FT / PMK and Timers for EAP-TLS

Austeames
Comes here often

802.11r FT / PMK and Timers for EAP-TLS

Hi

 

I'm trying to piece together where/if timers are set for 802.11r when enabled for WPA Enterprise with ISE or client and if they need to align.  How long will a Meraki AP give a timer to say 'you don't need to rekey'  The goal here is to make roaming as seamless as possible to not effect teams calls

 

My understanding is there's the full session established from client to ISE.  Is the session timeout shared to the AP for it to know when to request a new full key exchange?  

 

Our clients have:

 

PMK timeout of 12 hours

Cache size of 128

Max pre auth enabled and set to 1 (I've read that Meraki doesn't support pre-auth? Would this create multiple sessions conflicting with .r enablement?)

 

ISE - I don't think these apply to 11.r but confirmation would be appreciated.

EAP TLS Session Timeout 7,200

Stateless Session Resume - 1 week

 

Thanks in advance

1 Reply 1
PhilipDAth
Kind of a big deal
Kind of a big deal

I don't know the answer.

 

What I can tell you is I have never had to touch any timers, and it works great.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels