Deploying an AP for normal, Campus, operation that is separated from the controller by a WAN connection is not a supported architecture. The only supported option for this situation is to deploy the AP as a Remote AP which has a separate set of trade-offs.
With that said, we understand that some customers are going to attempt this anyways so these are the guidelines that have been provided:
- Private WAN, not VPN over Internet, may work and can be deployed at customer's discretion but any issues arising directly from the limitation involved with the WAN cannot be supported
- Maximum latency of 100ms between AP and Gateway
- Limited strictly to AP connecting back to a controller/cluster, controllers should not attempt to form a cluster across any WAN link
- Characterization of WAN link requirements is dependent on protocols and applications in use across the WAN link
- Client association and roaming will take longer due to added latencies between APs and controllers and between clients and RADIUS servers
- Legacy devices may not complete 4-way handshake within required time and fail to come online, need to validate the devices in use
- Roaming with VoIP should be completed within 50ms or dropped packets will occur
- 802.11r will be impacted by any added latency, exchange expects to complete within 40ms
- AirGroup could be highly impacted to unusable
- Image upgrades can easily saturate WAN links
- AP images currently in the 30-40 MB range
- Timings within Live Upgrade may fail when run across a WAN link, causing Live Upgrade to abort
- Troubleshooting of any problems that may be related to WAN connectivity issues will require a packet capture to determine
------------------------------
Carson Hulcher, ACEX#110
------------------------------
Original Message:
Sent: Feb 08, 2023 04:37 AM
From: AVY
Subject: latency/jitter requirements for WAN between Aruba WLC and RADIUS server to authenticate clients
In most cases wireless controller is deployed on site and is authenticating wifi clients via RADIUS server, which is located e.g. in main site or in data center.
I could not find, if there are a documentation for latency/jitter requirements for WAN between Aruba WLC and RADIUS server to authenticate clients.
Bad WAN quality (not fulfilled latency and other parameters) will lead to such wifi clients will drop sometimes and/or not able to connect.