How do you handle simultaneous wireless PEAP authentications in volume? When building an 802.1x backend, there is concern for the bandwidth of all of those simultaneous authentications making it to the server(s), through, and back to the end user in time. Servers have a finite number of simultaneous authentications they can handle per second, so I'd like to avoid over-burdening any particular RADIUS server. So I have three backend servers, all of which are entered into the controllers (3 4404 controllers). As I understand it, the controller(s) will only move to the next server for authentications when the previous one becomes unresponsive. Do I modify the EAP timeouts to force logins to the next server in a round-robin fashion (i.e. shorten to something like 5 sec), or is there some way to actually get the controller to load balance authentications to avoid exhausting any one of the servers?
Do you really have that make request, so there will be problems with bandwidth or that the server can't handle all users?
To make it simple, can't you just use diffrent primary RADIUS on the three diffrent controllers. Not true round robin, but you would spread the authenication requests over all three servers. I don't think it's a good idea to mess with the timeouts.
How many clients? I have 3-5000 wireless clients on 1 ACS (we have a backup as well) with no issues.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...