Re: Experiencing 'Load Threshold Violated' alerts, and some Secu
Unfortunately, there is not much tuning you can do on your controller if you have too many users. Basically your issue is that there are too many users for the given available wireless space. What you need is more wireless space (more APs, especially in 5 Ghz, but also in 2.4 Ghz wherever you can add them without interfering with the others).
You can change the Aggressive Load Balancing threshold, but this will do is simply to change the threshold (number of users) from which you controller will consider the AP as overloaded... but then the users have to be sent somewhere else, which supposes 2 factors:
1. That other access points in the neighboring environment hear the incoming new clients, with a signal good enough to take them onboard (in other words, that you have enough APs in this area, which does not seem to be the case).
2. That the clients are not "sticky", that is to say that when the receive the Authentication Deny - reason 17 from the first AP, that they actually try the second best AP, which is not always the case. Many clients will stick to the first heard AP and Aggressive Load Balancing will not work.
So here the only solution is again more wireless space, i.e. more APs on unused channels.
You cannot set the load threshold per AP, as it is a controller wide collective effort...
Large NAV are very often the clear sign of the load excess you describe. Every time you send an 802.11 frame and fail (collisions / no ACK from the AP), you basically double your NAV and retry. Large NAVs usually are the sign that you re-try too many times without success, which is a sign of important interferences or too many users per AP.
Broadcasts floods and NULL probe responses can be many different things ranging from PC misconfiguration to real attacks. Too many users per AP is one possibility. If these messages come from the same APs that have too many clients, I would try to solve the too many users issue first.
Technically, the best fix is unfortunately probably not on the controller, but in the wireless coverage...
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...