Environment- Typical environment of clients doing captive portal authentication.
Answer- Note:Below commands were ran on 22.214.171.124 code both on M3 Vs 72xx series controller.
Web-max-clients is the concurrent number of HTTP/HTTPS requests that are allowed to hit the httpd process.
The below output is applicable for 3000 series/M3 controllers.
(Aruba) # show web-server
Web Server Configuration
Cipher Suite Strength high
SSL/TLS Protocol Config sslv3 tlsv1
Switch Certificate default
Captive Portal Certificate default
Management user's WebUI access method username/password
User session timeout <30-3600> (seconds) 900
Maximum supported concurrent clients <25-400> 25===============> By default,this is the web-max-client configuration on controller
However for 7200 series controller, value has been increased to 75 by default.
This configuration is used in the typical scenario while client doing the captive portal authentication and maximum concurrent clients are allowed to get the captive portal page at the same time.
The same rule is applied when user is doing the captive portal authentication against the Clear pass as well.
Web-max-clients is the number http worker threads that can be spawned for processing http requests. Each request consumes one thread and the thread is freed up when we are done processing the request. If CPPM uses POST back to the controller, the authentication will also be affected by the web-max that is configured. This can be avoided by making CPPM do the authentication and generate a radius CoA to the controller. This will prevent CPPM from doing a POST to the controller for authentication.