I am receiving the following two ACS failed attempts logs for wireless clients connecting to WLAN using WPA1/PEAP.
"NAS duplicated authentication attempt"
"EAP-TLS or PEAP authentication failed during SSL handshake"
I am seeing these messages for many clients. Same clients show both messages at times.
The clients fail authentication and then will succeed at random.
I am seeing constant flow of these at all times though.
I wonder if the ACS is overwhelmed as we have added 770 new clients that use WPA/PEAP recently. It is these clients that most often show up in the log. But other clients show up too.
I have the ACS Radius Authentication server timeout set to the max (30 secs) on the WLCS...
Does anyone know what these messages indicate?
How can I determine if the ACS svr is overwhelmed? Is there a way to quantify it's load? For example, how many requests per second can it handle? etc....
Are there any design guides on redundant/HA ACS designs for 1000s of clients?
Any input is appreciated.