We’ve encountered some clients on our wireless network that seems to
handle roaming worse than other clients. Our WLC (Cisco 8540) responds
by excluding the client after some failed attempts (which, of course,
works as it should).
The culprit seems to be that the clients uses old CCKM-data when
“Received Timestamp deviation > 1 sec in REASSOC REQ IE from
I know this can be tuned (“config wlan security wpa akm cckm
timestamp-tolerance”), but that also increases the chance of replay
attacks (the WLC even warns about this). However, I’m not sure if this
is a “real” security issue in practice? (e.g. raising the tolerance
from 1000ms to 5000ms).
Since these are the first clients we’ve observed with this issue,
I’m more inclined to ask the vendor to fix the issue on their end, but
I know that will be a “fight” (that I’m not sure if I want to
have). The “easiest” solution is of course just to increase the
tolerance (if that helps, that is).
What is the BCP on this matter?
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/discuss.