Wireless Access

Hello all!

 

I was out of the office for a long vacation and while I was out there were issues with AirWave and IAP Groups with the dhcp scope - I'm trying to find any information out there on this and thought I would start with all of you wonderful people to see if any of you have encountered and issue with more than 9 different IAP clusters in a group.

 

We currently have 11 different IAP clusters, when we put more than 9 in a group, we start having authentication issues with the group. (we use CPPM for authentication, we have 2 7030 controllers, 2 CPPMs).

 

I can't find anything in the documentation to indicate that this would be an issue - but I'm sure I haven't read all the documentation either.

 

Any advice, documents or thoughts would be greatly appreciated.

 

I will be contacting TAC but thought somebody out there might have seen this issue before.

 

Thank you!

 

Lirria

One of our installs has more than 500 IAP clusters (most are single AP clusters though) in a group on Airwave without issues so would say that there isnt a limit there. Others have more than 100 with upto 30 AP's per cluster also without issues.

 

 We did have a "weird" performance issues when we went over about 400 clusters , in that it would take an hour or two before a new cluster would show up in the new devices section on AMP but that was solved with more RAM/CPU etc.

 

re Authentication, do you mean authentication between the clients an ClearPass or Airwave and ClearPass?

 

Clients and clearpass - we see radius auth issues for the site, the site can't reach the 2 different clearpass servers so they are effectively unable to do anything. I've been fighting with this since last October. It settled down once they move some of the iaps to a different group and that's where it's been while I was out - but I was trying to clean up things again and it broke. All the notes I have say is that was an issue with dhcp scopes, that there could only be 8 different scopes, and I have 11. I can't find anything in the documentation and tac is for some reason focused on the fact that I get timeouts on some clients (usually bad passwords) and they don't want to work on the dhcp until all the time out issues are gone......

 

So do all of your clusters use the same dhcp scope or do they all have different ones? not sure what the best practice is for that - the vendor that helped us set it up encouraged the use of multiple dhcp scopes but maybe that's not the right way to go.

All our cluster use different management and user subnets (hence all the scopes will be different).

 

 Are you using a template or igc to manage the AP's?

Started with a template and now modify with the IGC to manage the differences with each cluster (the dhcp scope, the local network configuration for access etc)

So I still have no solution to this. Not sure I'm explaining it correctly.

 

We have 2 7030 controllers, approximately 25 IAP215 total over the 9 clusters, CPPM, Airwave (GUI configuration, but based on a master template), approximately 25 AP225 (over 2 sites), we use certificate/user authentication and VIA vpn too.

 

I have 9 IAP sites (the clusters at each site vary from 1 iap to 8 iaps), each site is allocated an dhcp address range with in a /21 - but the scope on each cluster is set for /24 (to give us expansion room if the sites grow larger)

 

We have a bit of an issue when we put all 9 sites into one group - one of the sites will no longer work - won't hand out dhcp, pass traffic properly etc - makes the site completely unusable until the VC is rebooted, at which point it kicks one of the other sites off the network. Our work around is to only have 8 sites in one group. We came to this solution when TAC said it was a dhcp issue - but I can't find any information on what that issue is. Not sure if anybody has any other thoughts - I seem to have stumped TAC and their solution is to make it happen so we can test on a live production system and have your  users be unable to work - not a solution we can live with right now (I've been battling this issue for 11 months - needless to say extended wireless downtime is not good).

 

Any thoughts or advice would be greatly appreciated.

 

Lirra

You did not say if the IAP is providing DHCP or your wired network is doing that function, so it is hard to understand what could be happening.

Sorry about that - yes the IAPs are configured with a distributed L3 dhcp scope that is technically a /21 but configured currently as a /24