Wireless Access

Reply
Occasional Contributor II

CP vs NPS - response times

I'm looking to compare our existing NPS authentication environment with our new ClearPass appliances, in particular authentication performance.  I've set up some basic RADIUS monitoring of both solutions and it appears that the NPS servers respond significantly quicker than the ClearPass appliances.

 

I appeciate the CP policies can be a little more complex than NPS, but my tests use the most basic of user authentication settings.  So, is this expected behaviour?  Perhaps the AD lookups just aren't as responsive?  If not, are there any settings that I can investigate to troubleshoot the response times?  I've checked network latency and it isn't the issue here.

Aruba Employee

Re: CP vs NPS - response times

I would recommend breaking up the delay components to see what exactly is the cause of the delay. First I would test creating a user in CPPM's local database and try authenticating. This will help eliminate issues with other dependencies on network/ AD etc.

 

Second troubleshooting option would be to take a packet capture on the CPPM uplink port to see the exact delay between request and response.

Thanks,
Abilash (ACCP, CWSP, CWAP, CWDP)
(Above answer is based on my knowledge and NOT an official statement from Aruba)
[Hit Kudos if my reply helps. ]
Occasional Contributor II

Re: CP vs NPS - response times

Switching to local DB authentication has relatively little impact (approx ten milliseconds) on the overall response times so I think it's safe to assume it is not AD-related.

 

Having inspected a network capture, the time between the final RADIUS request and accept messages seems to vary wildly, anywhere between a few milliseconds and 60-70 milliseconds.

 

I'd be interested to know what overall request processing times other users of CP see?  Our's seems to average around the 1000ms mark.

 

Guru Elite

Re: CP vs NPS - response times

joecarter,

 

Is this a hardware appliance or a VM?  If you feel you are not seeing the response times you think you should, you should definitely open a support case so that they can track down the source of your problem.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: