Guru Elite

Re: Device end to end processing time


@nilslau03 wrote:

Thank you for the responses!

 

I was refering to the Clearpass Authentication Source Cache. If it is caching only the attributes then a client have to go through a full 802.1x authentication. In short, the user credentials username/password are verified every time?. I have OKC with validate PMKID enable. 

 

Is there a command in the controller tha show you if the user took advantage of the OKC feature? 

 

The dorm building consit of 5 floors. Each floor have 25 dorm rooms. We have an AP-325 in every room of the buildling. Both bands are enable with 20Mhz channels. The power level for 5Ghz band is (min 9 max 18), and for 2.4Ghz (min 6 max 9). Mode aware and Client match is disable. 

 

I verified the DHCP pool. We have a /20 with 1 hr lease time. From the controller we dont have more than 2,500 users connected at night (busiest time). 

 

The student mentioned ramdomly the wireless connection will stop working, wifi icon spin, and they have to input credentials again. I asked if it happened stationary or when walking around. It seems it happen the most when moving around. 

 

I walked the bulding and my Iphone did not ask me to authenticate when moving from floor to floor, so i suspecting is a client specific issue. However, i want to rule out the connection between Clearpass and AD. A reason why i was asking how to measure the response from Clearpass and AD (thank you again for the answers). 

 

Moving to TLS seems a good approach. Would you have same SSID or diffrent SSID to onboard the devices? So, TLS would be faster because user credentials dont have to be validated. Once, a client have a valid certificate when Clearpass will validate it without AD? 

 

Thank you

Nils. 


You need to reduce your variables.  Is this happening to all users?  If not, like Tcappalli said, it is probably RF.  I would start with the Dashboard> Performance> AP chart and give us the print screen of the Channel Quality, Noise Floor, Channel Busy and Interference.  Of all of your issues, RF is the most variable and that needs to be looked at first.  Min 9 and max 18 is too large of a difference.  The difference between the min and max should not be more than 6 for even coverage.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars