Experiencing 'Load Threshold Violated' alerts, and some Security alerts

Unanswered Question
Oct 7th, 2009

The wireless environment has been growing quickly at the university campus I work at. From roughly 500 users a couple years ago to nearly 1000 today.

This is starting to cause issues. Clients are reporting that they can 'associate' but they are unable to browse to any website.

WCS (v4.2.128.0, WiSM is v4.2.207.0 on both controllers) is reporting several load threshold violations, which is to be expected with so many extra clients.

- What are the best steps to help resolve the issue?

- I have Aggressive Load Balancing turned on with a threshold of 12- should I increase the threshold?

- How do I set the actual 'load threshold' of the individual APs, if possible?

We don't have very many APs to deploy unfortunately, as our current campus-wide model is the 1010, which is EoS/EoL. At most we can deploy 1 or 2 in the busiest areas.


Also, I'm getting several critical security alerts reporting 'large NAV fields', 'broadcast floods' and 'NULL probe responses'.

I included this problem with my initial questions because I have a hunch that its a direct result of the load issues, but I may be wrong.

- Do these seem like a result of association issues due to load (ie, false alarms)?

- If they are actual attacks, what's the best course of action?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
jeromehenry_2 Wed, 10/07/2009 - 13:45


Unfortunately, there is not much tuning you can do on your controller if you have too many users. Basically your issue is that there are too many users for the given available wireless space. What you need is more wireless space (more APs, especially in 5 Ghz, but also in 2.4 Ghz wherever you can add them without interfering with the others).

You can change the Aggressive Load Balancing threshold, but this will do is simply to change the threshold (number of users) from which you controller will consider the AP as overloaded... but then the users have to be sent somewhere else, which supposes 2 factors:

1. That other access points in the neighboring environment hear the incoming new clients, with a signal good enough to take them onboard (in other words, that you have enough APs in this area, which does not seem to be the case).

2. That the clients are not "sticky", that is to say that when the receive the Authentication Deny - reason 17 from the first AP, that they actually try the second best AP, which is not always the case. Many clients will stick to the first heard AP and Aggressive Load Balancing will not work.

So here the only solution is again more wireless space, i.e. more APs on unused channels.

You cannot set the load threshold per AP, as it is a controller wide collective effort...

Large NAV are very often the clear sign of the load excess you describe. Every time you send an 802.11 frame and fail (collisions / no ACK from the AP), you basically double your NAV and retry. Large NAVs usually are the sign that you re-try too many times without success, which is a sign of important interferences or too many users per AP.

Broadcasts floods and NULL probe responses can be many different things ranging from PC misconfiguration to real attacks. Too many users per AP is one possibility. If these messages come from the same APs that have too many clients, I would try to solve the too many users issue first.

Technically, the best fix is unfortunately probably not on the controller, but in the wireless coverage...

Hope it helps


jpeterson6 Fri, 10/09/2009 - 06:49


Thanks, that gives me a few things to think about. Also thanks for the confirmation of my hunch (about the NAV field alerts).

I suppose it's time I look into ordering new model APs. We're running the latest version of 4.2, so we'll need to use LWAPP still.

Are the 1100 models considered acceptable 'replacements' for the 1000 model APs? Do they play well together when associated to the same controller?

ericgarnel Mon, 10/12/2009 - 06:52


Well said... You touch on a lot of points that tend to get overlooked in high-density deployments and key issues to look for trouble-shooting

5 points to you



This Discussion



Trending Topics - Security & Network