Our clearpass Events logs shows fairly frequent timeouts from both eduroam.us proxy servers, and it responds by marking the proxy as down for a minimum of 60 seconds. The cause is when some random school somewhere doesn't reply, and clearpass can't tell the difference between no response from the proxy (which is up, and is handling _lots_ of downstream schools) and the failure of a single down stream. Mostly one or the other proxy is up, but I think that is just luck -- is there a better way?
Maybe I just have too short a timeout on these proxies? What is a recommended setting?
If I establish a radsec connection to eduroam.us rather than our existing bare RADIUS, would that let clearpass tell that the proxy is up, even if a particular remote .edu is non-responsive?
Or, is there any way to have a shorter "down time" after a failed proxy than the 60 sec minimum the GUI allows?
Here's the events I'm concerned about, which hit pretty frequently, (though not so many now with all the students away for break):
Following through with the event viewer at the specified time shows a "no response from home server", and that is enough for CPPM to shut down half of our connection to Eduroam.us !
(Our campus is on the edge of Boston Common, so we get lots of walk-by eduroam traffic)