11-16
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-11350-01
Chapter11 Configuring Authentication Types
Configuring Authentication Types
Use the no form of the dot11 aaa mac-authen filter-cache command to disable MAC authentication
caching. This example shows how to enable MAC authentication caching with a one-hour timeout:
ap# configure terminal
ap(config)# dot11 aaa mac-authen filter-cache timeout 3600
ap(config)# end
Configuring Authentication Holdoffs, Timeouts, and Intervals
Beginning in privileged EXEC mode, follow these steps to configure holdoff times, reauthentication
periods, and authentication timeouts for client devices authenticating through your access point:
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 dot11 holdoff-time seconds Enter the number of seconds a client device must wait before it
can reattempt to authenticate following a failed authentication.
The holdoff time is invoked when a client fails three login
attempts or fails to respond to three authentication requests
from the access point. Enter a value from 1 to 65555 seconds.
Step3 dot1x timeout supp-response
seconds [local]
Enter the number of seconds the access point should wait for a
client to reply to an EAP/dot1x message before the
authentication fails. Enter a value from 1 to 120 seconds.
The RADIUS server can be configured to send a different
timeout value which overrides the one that is configured. Enter
the local keyword to configure the access point to ignore the
RADIUS server value and use the configured value.
The optional no keyword resets the timeout to its default state,
30 seconds.
Step4 interface dot11radio { 0 | 1 } Enter interface configuration mode for the radio interface. The
2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.