Wireless Access

I have a request to setup a new 7010 controller with MAC address authentication of around 5000 entries.

 

Question 1: What is the maximum number of entries for the Internal DB ?

 

Question 2: Will there be any performance issue for the controller to handle this big amount of entries in the internal db ?

 

Question 3 : Will there be any security issues with 5000 entries of MAC address in the internal db ?

The 7010 only supports entering 4000 EDIT 2000 devices/users in the internal database.

You should not do mac authentication with the database on the controller itself, because it is hard to add/remove manage that list in the GUI in the controller for the numbers that you are trying to do.  Mac authentication is not secure at all, but if you want to do it on that scale, you should use an external AAA server to improve manageability.

 

You can also consider a different authentication method like 802.1x or captive portal where the user, instead of the device is authenticated

Hi Collin,

 

Is there any way we can find the official information on the internal db scaling for the controllers, ie 7010,7030, 7205 ?

 

Actually I'm setting the Clearpass server for the end user MAC authentication request. Reasons for asking on the controller is that end user is thinking of putting a copy of the 5000 MAC addresses on the remote controllers as a backup authentication in case their WAN link fail. Is this possible ? And will it effect performance of the remote 7010 contoller ?

I am looking for documented numbers.

 

What I see for internal numbers is:

 

7010  2000

7030  4000

7205  8000

 

How would the user synchronize the database between the controller and clearpass?

 

Please let me know abput 7005RW controller maximum mac address entries in internal database.

 

Regards

N.Muthusaravanakumar

1000

Hi Cjoseph,

 

To handle 10k AP MAC address whitelisted,which controller suitable?7210.7220 or 7240?

The  7205 can hold 8000 and the 7210 can hold 16000.

 

To be honest, nobody chooses a controller platform based on the number of mac addresses that can be held in the internal database; they would typically have an external server like ClearPass do mac authentication, so that even a smaller controller can scale to thousands of mac addresses.  

 

Hi Colin,
Thanks for your input.Actually we will have iap-vpn deployment and controller will act as vpn terminator.Total 10k ap mac address need to whitelist inside controller internal db.


Regards,Amir

Whether you have an IAP-VPN or Remote AP deployment, both types of mac addresses for deployment can be hosted within ClearPass:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/AP-Whitelist-with-CPPM/ta-p/242915  That would eliminate the need to tie the number of mac addresses to the size of a controller.  It would also allow you to have distributed redundancy by allowing multiple controllers to share a whitelist on CPPM, but not be physically located in the same datacenter.

 

 

 

Hi everyone!

 

We have a 7005 Aruba controller with ArubaOS 6.5.0.3, in the internal DB we add 52 users (4 guests for tests, and the others employee MAC address devices), but we're experiencing some troubles when adding new employee user/device to the internal DB, and connecting to the SSID (we only use MAC auth due small amount of users) the controller send an error message (like if were redirecting to a captive portal but there isn't one) and that cannot authenticate the user.

 

I believe this could be the "logon" initial role, but that's the one the controller assign when using the wizard for the creation of the WLAN, but there is also the quantity of users, if I delete one of the created useres (guest or employee), the new one can connect with no problem.

 

I hope you can guide me in order to solve this issue.

 

Greetings

in which document we can check over these internal-db limits on various controller models?

Hi possibleyp, 

 

Usually you can check it on the product Data Sheet. I was experiencing some bad configuration issues, so that I created this post.

 

Regards

What is the maximum whitelist-DB entries for 7240 controllers?

32000