01-17-2017 04:19 PM
Airwave is reporting slow authentication for all of my access points, on the order of 1700-7600ms. DHCP is showing anywhere from 265-1700ms. I'm wondering how this is determined and what I can do to fix it.
I verified the radius server selected for my dot1x authentication is the local one. A ping from my controller to the server averages 158ms. A ping to the DHCP server is about the same at 157ms.
What I find odd here is that the NPS server that authenticates our user traffic is on the same floor as the controllers and AP's with the highest auth response time. The DHCP server is on the same hypervisor.
Any thoughts or misconfigurations I may have on my controller, or is this really just the slowness of the servers?
01-17-2017 05:24 PM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
01-18-2017 10:10 AM
Apologies -- I had someone else do the basic ping checks and assumed they were correct. A typical ping to our NPS server is:
(aruba-01) #ping 10.1.1.1
Press 'q' to abort.
Sending 5, 92-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 0.134/0.1638/0.222 ms
One to the DHCP server is:
(aruba-01) #ping 10.1.1.2
Press 'q' to abort.
Sending 5, 92-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 0.135/0.1566/0.213 ms
So it is technically less than 1ms each way. Is there any way to see in Airwave how it gathers/reports these metrics, or is this perhaps a server side issue?
I am going to run a wireshark capture on a device that joins our corporate SSID network to see how long between frames it takes to get a DHCP address.
01-18-2017 10:29 AM
Seems pretty speedy to me except for the ACK.
Since it does not appear to be our wired network causing the latency I'll assume it is the server itself. Is there any way to drill into the metrics that Airwave has to show that type of information, or would I have to do another packet capture on the NPS server port to verify the time it takes for each frame to ingress/egress?