Wireless Access

Reply
Contributor I

Captive Portal slow / timeout

Hi,

 

I don't know if this should be posted here or in the security section, but here goes:

We have a school, which uses Captive Portal for authentication for all students.

The controller is a 3400 running 6.1.2.7

 

Whenever the students starts class, roughly at the same time, they all try to validate through CP.

We're talking about 2-300 simultaneous logins. The CP is either extremely slow or simply timing out.

I'm guessing the controller can't handle the load, so what are my options ?

I tried convincing them to switch to 802.1X for authentication, but apparently that's not an option...

 

Can I tweak the controller in any way, or should it be able to handle this amount of connections ? 

 

Regards 

Kevin

Guru Elite

Re: Captive Portal slow / timeout

You should first consider increasing the number of supported connections:

 

(Aruba3600) #show web-server 

Web Server Configuration
------------------------
Parameter                                      Value
---------                                      -----
Cipher Suite Strength                          high
SSL/TLS Protocol Config                        sslv3 tlsv1
Switch Certificate                             default
Captive Portal Certificate                     default
Management user's WebUI access method          username/password
User session timeout <30-3600> (seconds)       900
Maximum supported concurrent clients <25-320>  25
Enable WebUI access on HTTPS port (443)        false

 

(Aruba3600) (Web Server Configuration) #?
captive-portal-cert     Certificate name configured under certificate 
                        manager
ciphers                 Configure cipher suite strength. Default is high
mgmt-auth               Configure management user's WebUI access method, 
                        either username/password authentication or 
                        certificate authentication or both. Default is 
                        username/password authentication
no                      Delete Command
session-timeout         Configure user's WebUI session timeout <30-3600> 
                        (seconds)
ssl-protocol            SSL/TLS Protocol Config
switch-cert             Certificate name configured under certificate 
                        manager
web-https-port-443      Enable WebUI access on HTTPS port (443)
web-max-clients         Configure web servers' maximum supported concurrent 
                        clients <25-320>

(Aruba3600) (Web Server Configuration) #web-max-clients 

 In addition, you could:

 

- Consder upgrading the older code

- Moving some clients to 802.1x as a pilot to decrease the reliance on the captive portal

- Make sure you have "Drop Broadcast and Multicast" enabled on all of your Virtual APs

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Contributor I

Re: Captive Portal slow / timeout

Thank you for the quick reply, Colin. I did NOT know about the web-max-clients command.

 

I increased it to 100, that should hopefully do the trick.

the Drop Broadcast and Multicast was already enabled.

 

Will let you know when i get a status back, if increasing web clients helped :)

 

Regards 

Kevin

Guru Elite

Re: Captive Portal slow / timeout

Kevin,

 

Increasing that number just deals with the web server only serving 25 clients at a time being the bottleneck.  There will be increased memory requirements on the controller as a result.  Please consider upgrading the code because there are hundreds of bug fixes between the code you are on to where we are today.

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Contributor I

Re: Captive Portal slow / timeout

I will try to get the code updated ASAP.

 

BTW, any recommended code to put on it ? Looking for a stable release, doesnt have to be the latest and greatest. :)

Guru Elite

Re: Captive Portal slow / timeout

6.1.3.7.

 

You could also get a recommendation from TAC depending on what you are doing, but 6.1.3.7 is the most conservative, up to date option.

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Trusted Contributor I

Re: Captive Portal slow / timeout

Is there a command to find out how many clients are currently consuming a connection to captive portal?  I can do a show user-table essid SSID_name and look for all users with the guest-logon role, which I assume would give me what I'm looking for, right?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Contributor I

Re: Captive Portal slow / timeout

First day after upgrading controller and increasing number of concurrent sessions. Everything went smooth. 

Thank you

 

/Kevin

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: