Wireless Access

I'm looking to compare our existing NPS authentication environment with our new ClearPass appliances, in particular authentication performance.  I've set up some basic RADIUS monitoring of both solutions and it appears that the NPS servers respond significantly quicker than the ClearPass appliances.

I appeciate the CP policies can be a little more complex than NPS, but my tests use the most basic of user authentication settings.  So, is this expected behaviour?  Perhaps the AD lookups just aren't as responsive?  If not, are there any settings that I can investigate to troubleshoot the response times?  I've checked network latency and it isn't the issue here.

I would recommend breaking up the delay components to see what exactly is the cause of the delay. First I would test creating a user in CPPM's local database and try authenticating. This will help eliminate issues with other dependencies on network/ AD etc.

Second troubleshooting option would be to take a packet capture on the CPPM uplink port to see the exact delay between request and response.

Switching to local DB authentication has relatively little impact (approx ten milliseconds) on the overall response times so I think it's safe to assume it is not AD-related.

Having inspected a network capture, the time between the final RADIUS request and accept messages seems to vary wildly, anywhere between a few milliseconds and 60-70 milliseconds.

I'd be interested to know what overall request processing times other users of CP see?  Our's seems to average around the 1000ms mark.

joecarter,

Is this a hardware appliance or a VM?  If you feel you are not seeing the response times you think you should, you should definitely open a support case so that they can track down the source of your problem.