Our controllers use the default UDP source port 32769 for outgoing Radius requests.
According to the RFC, there can be no more than 256 different IDs for these requests. It has turned out that, in peak times, there are more than 256 outstanding requests, resulting in our Radius servers discarding some requests as supposed duplicates, because they have the same ID.
One solution would be to use a different source port for each request, or at least more than one for all requests. Is this possible?
I don't know that you can configure the source port on the WLC.
Option 1: You could look at changing the radius timeout on the radius server so you aren't keeping radius sessions open as long. This might be a feasible option, but might not be present in all radius servers, it also might have undesired consequences.
Per the RFC:
The Identifier field is one octet, and aids in matching requests
and replies. The RADIUS server can detect a duplicate request if
it has the same client source IP address and source UDP port and
Identifier within a short span of time.
Option 2: (Probably my preferred option)
Well, I don't think we can diversify the port number, but we can diversify the source IP. Assuming you have these clients on more than one dynamic interface, you could enable the option on the WLAN for the "RADIUS server interface override." Which would alter the source IP address from the Management interface to the dynamic interface the clients are on. You would have to have more than 1 dynamic interface to put clients on to make it happen, and you would have add all of the dynamic interfaces you wanted to leverage this technique with to the RADIUS server as clients, but this complies with the RFC.
This isn't a problem I have run into, but hopefully this will be something that is doable in your environment. I would hope that all 250 clients in that short of a period of time aren't all on the same dynamic interface.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...