Wireless Access

 View Only
last person joined: 13 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

latency/jitter requirements for WAN between Aruba WLC and RADIUS server to authenticate clients

This thread has been viewed 10 times

  • 1.  latency/jitter requirements for WAN between Aruba WLC and RADIUS server to authenticate clients

    MVP
    Posted Feb 08, 2023 04:37 AM
    In most cases wireless controller is deployed on site and is authenticating wifi clients via RADIUS server, which is located e.g. in main site or in data center.

    I could not find, if there are a documentation for latency/jitter requirements for WAN between Aruba WLC and RADIUS server to authenticate clients.

    Bad WAN quality (not fulfilled latency and other parameters) will lead to such wifi clients will drop sometimes and/or not able to connect.


  • 2.  RE: latency/jitter requirements for WAN between Aruba WLC and RADIUS server to authenticate clients

    EMPLOYEE
    Posted Feb 08, 2023 09:28 AM
    Deploying an AP for normal, Campus, operation that is separated from the controller by a WAN connection is not a supported architecture.  The only supported option for this situation is to deploy the AP as a Remote AP which has a separate set of trade-offs.

    With that said, we understand that some customers are going to attempt this anyways so these are the guidelines that have been provided:

    • Private WAN, not VPN over Internet, may work and can be deployed at customer's discretion but any issues arising directly from the limitation involved with the WAN cannot be supported
    • Maximum latency of 100ms between AP and Gateway
    • Limited strictly to AP connecting back to a controller/cluster, controllers should not attempt to form a cluster across any WAN link
    • Characterization of WAN link requirements is dependent on protocols and applications in use across the WAN link
      • Client association and roaming will take longer due to added latencies between APs and controllers and between clients and RADIUS servers
      • Legacy devices may not complete 4-way handshake within required time and fail to come online, need to validate the devices in use
      • Roaming with VoIP should be completed within 50ms or dropped packets will occur
        • 802.11r will be impacted by any added latency, exchange expects to complete within 40ms
      • AirGroup could be highly impacted to unusable
    • Image upgrades can easily saturate WAN links
      • AP images currently in the 30-40 MB range
      • Timings within Live Upgrade may fail when run across a WAN link, causing Live Upgrade to abort
    • Troubleshooting of any problems that may be related to WAN connectivity issues will require a packet capture to determine


    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message