Load Balance RADIUS/PEAP Authentications

Unanswered Question
Mar 29th, 2010
User Badges:

General question to the mass(es):

How do you handle simultaneous wireless PEAP authentications in volume?  When building an 802.1x backend, there is concern for the bandwidth of all of those simultaneous authentications making it to the server(s), through, and back to the end user in time.  Servers have a finite number of simultaneous authentications they can handle per second, so I'd like to avoid over-burdening any particular RADIUS server.  So I have three backend servers, all of which are entered into the controllers (3 4404 controllers).  As I understand it, the controller(s) will only move to the next server for authentications when the previous one becomes unresponsive.  Do I modify the EAP timeouts to force logins to the next server in a round-robin fashion (i.e. shorten to something like 5 sec), or is there some way to actually get the controller to load balance authentications to avoid exhausting any one of the servers?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jhedstr2 Wed, 03/31/2010 - 03:16
User Badges:

Hi Scott,

Do you really have that make request, so there will be problems with bandwidth or that the server can't handle all users?

To make it simple, can't you just use diffrent primary RADIUS on the three diffrent controllers. Not true round robin, but you would spread the authenication requests over all three servers. I don't think it's a good idea to mess with the timeouts.

Kind Regards


George Stefanick Wed, 03/31/2010 - 04:26
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015


How many clients? I have 3-5000 wireless clients on 1 ACS (we have a backup as well) with no issues.


This Discussion

Related Content



Trending Topics - Security & Network