Wireless Access

Hello,

 

I am running ArubaOS 6.4.2.12 on a 7210 series controller and also use ClearPass 6.5.4

 

I have a SSID with 802.1x enabled so that people can use their Active Directory credentials to connect to the network. Most people are using Apple iOS based devices or Windows Phones.

 

There are quite a few users that have reported that they are losing Wifi connectivity throughout the day and after a few minutes its back up again.

 

What I see in ClearPass for iOS devices is that sometimes the authentication requests are being rejected. For Windows Phones I do see a lot of timeout messages in ClearPass (see attached screenshots).

 

From the ClearPass logs I see that the rejected RADIUS request from an iOS device is being classified into the default role instead of the correct one. Requests from Windows Phones sometimes run into a timeout for whatever reason.

 

Are there any timers that should be adjusted? Reauthentication intervals and such... I have left those on their default values so far.

 

Thanks for your help!

 

cheers,

Harald

Do you have enable cache roles under the Enforcement Policy ?

Victor,

 

no, that option was not enabled until now.

 

I have checked the last 15 minutes or so and so far its looking better. I still see the occasional REJECT but not so many as before.

 

Thanks for the hint. I will keep an eye on this!

 

cheers,

Harald

Essentially what that does is prevent ClearPass from reaching AD every time a user successfully authenticates so it caches the user information for certain amount time and it doesn't overwhelm your AD server with every RADIUS request.

What is your average end to end processing time?
What EAP method are you using?
Are you terminating on the controller or ClearPass?
How dense is your deployment?
Are you using custom radio configurations or defaults?
Is your active directory infrastructure sized correctly?


Sent from Nine