Controller Based WLANs

The auth throttling feature was introduced in AOS 6.3 code version to prevent high cpu utilization for Auth process.

(Aruba3600) #show dot1x counters

       802.1x Counters
Throttling Counters
Dot1x high watermark..................200
Dot1x low watermark...................190
Dot1x stm throttling percent..........50
Dot1x auth pass count.................22
Dot1x auth fail count.................2447
Double dot1x context init counts......269/269
Active dot1x station count............0
Max collisions in active table........0
Pending station count.................0
Max collisions in pending table.......0
AP
 Up.............................34
 Down...........................34
 Acl............................10
Station
 Up.............................2944
 Down...........................2657
EAP
 RX Pkts........................63
 EAPOL-Failure...................2447
 TX Pkts........................65
WPA
 Message-1......................22
 Message-2......................21
 Message-3......................22
 Message-4......................21
 Group Message-1................21
 Group Message-2................21
Radius
 Accept.........................22
Station Deauths.................2449

When "Active dot1x station count" reaches high watermark, requests start being put in Pending queue.

If "Active dot1x station count" is between high and low water mark, then active queue requests are processed, but pending queue requests are not processed.

If "Active dot1x station count" is below low water mark, then both active clients and pending clients get processed.

If "Pending station count" reaches 80% of the active queue, then STM module on the controller will drop the new requests until pending queue is below 80% of the active queue. In this situation, we will see the "associations dropped due to auth throttling" will increase.


(Aruba3600) #show ap debug client-mgmt-counters | include Thrott
Associations Dropped Due to Auth Throttling                         0


In this case, device will have to try again.

Dot1x throttling is applied for dot1x termination and non-termination cases.

Following are the default platform configurations:

Platform    HighWaterMark (HWM    LowWaterMark(95%of HWM)
7210            550                                      522
7220            600                                      570
7240            750                                      712
M3               450                                      427
3600            200                                     190
3400            60                                         57
3200            40                                         38
600              20                                         19