Wireless Access

Hi,

I don't know if this should be posted here or in the security section, but here goes:

We have a school, which uses Captive Portal for authentication for all students.

The controller is a 3400 running 6.1.2.7

Whenever the students starts class, roughly at the same time, they all try to validate through CP.

We're talking about 2-300 simultaneous logins. The CP is either extremely slow or simply timing out.

I'm guessing the controller can't handle the load, so what are my options ?

I tried convincing them to switch to 802.1X for authentication, but apparently that's not an option...

Can I tweak the controller in any way, or should it be able to handle this amount of connections ? 

Regards 

Kevin

You should first consider increasing the number of supported connections:

(Aruba3600) #show web-server 

Web Server Configuration
------------------------
Parameter                                      Value
---------                                      -----
Cipher Suite Strength                          high
SSL/TLS Protocol Config                        sslv3 tlsv1
Switch Certificate                             default
Captive Portal Certificate                     default
Management user's WebUI access method          username/password
User session timeout <30-3600> (seconds)       900
Maximum supported concurrent clients <25-320>  25
Enable WebUI access on HTTPS port (443)        false

(Aruba3600) (Web Server Configuration) #?
captive-portal-cert     Certificate name configured under certificate 
                        manager
ciphers                 Configure cipher suite strength. Default is high
mgmt-auth               Configure management user's WebUI access method, 
                        either username/password authentication or 
                        certificate authentication or both. Default is 
                        username/password authentication
no                      Delete Command
session-timeout         Configure user's WebUI session timeout <30-3600> 
                        (seconds)
ssl-protocol            SSL/TLS Protocol Config
switch-cert             Certificate name configured under certificate 
                        manager
web-https-port-443      Enable WebUI access on HTTPS port (443)
web-max-clients         Configure web servers' maximum supported concurrent 
                        clients <25-320>

(Aruba3600) (Web Server Configuration) #web-max-clients 

 In addition, you could:

- Consder upgrading the older code

- Moving some clients to 802.1x as a pilot to decrease the reliance on the captive portal

- Make sure you have "Drop Broadcast and Multicast" enabled on all of your Virtual APs

Thank you for the quick reply, Colin. I did NOT know about the web-max-clients command.

I increased it to 100, that should hopefully do the trick.

the Drop Broadcast and Multicast was already enabled.

Will let you know when i get a status back, if increasing web clients helped :)

Regards 

Kevin

Kevin,

Increasing that number just deals with the web server only serving 25 clients at a time being the bottleneck.  There will be increased memory requirements on the controller as a result.  Please consider upgrading the code because there are hundreds of bug fixes between the code you are on to where we are today.

I will try to get the code updated ASAP.

BTW, any recommended code to put on it ? Looking for a stable release, doesnt have to be the latest and greatest. :)

6.1.3.7.

You could also get a recommendation from TAC depending on what you are doing, but 6.1.3.7 is the most conservative, up to date option.

First day after upgrading controller and increasing number of concurrent sessions. Everything went smooth. 

Thank you

/Kevin

Is there a command to find out how many clients are currently consuming a connection to captive portal?  I can do a show user-table essid SSID_name and look for all users with the guest-logon role, which I assume would give me what I'm looking for, right?