Controller Based WLANs

How to reduce CPU utilization on the controller for httpd and internal site based captive portal
Problem:

Issue Reported: High CPU utilization on the controller.

 

Network Setup:

 

  • Master-Standby running 6.4.2.5 code.
  • There are around 100 APs terminated on the  controller.
  • Most of the clients are Mobile devices like I-phone, Android and the clients are getting captive portal page from the controller.
  • Clients will be getting captive portal page just fine but the CPU utilization will be high on the controller in peak hours.


Diagnostics:

In peak hours there were around 300 clients associated to Guest SSID and around 700 clients in dot1x SSID.
There are around 150 clients in Initial role and 150 clients are in Authenticated role. However the idle % was less than 10%.

(test) #show cpuload 

Tue Mar 24 11:13:55 2015

user 46.7%, system 49.1%, idle 4.2%

(test) #show cpuload 

Tue Mar 24 11:13:59 2015

user 46.7%, system 49.1%, idle 4.2%



Solution

The requirement is that the Guest users will not be any URLs other than their internal site to get the captive portal page as like "www.aquatech.com"

Based on the requirement we need to implement the netdestination config to fix this issue.

 

Create netdestination for "aquatech.com”


Name: aquatech.com

Position  Type  IP addr          Mask-Len/Range

--------  ----  -------          --------------

1         host  66.175.240.138   32

 

Modify the captive portal policy as below.


1         user    controller   svc-https               dst-nat 8081                           Low                                                           4

2         user    aquatech.com   svc-https               dst-nat 8081                           Low                                                           4

3         user    aquatech.com   svc-http                dst-nat 8080                           Low                                                           4

 

  • CPU utilization would be drastically reduced as other traffic apart from http and https traffic was denied when the clients were in Initial role.
Version history
Revision #:
2 of 2
Last update:
‎06-03-2015 12:01 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.