This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Radius on AP load

Radius on AP load

Go to solution
bnolen1
New Contributor II

‎08-16-2021 02:47 PM

Recently deployed 60 Extreme AP510C. Over 1000 users throughout the campus.

We’re running Radius at the AP level which phones home to on premise AD.

What is a reasonable amount of devices the AP running Radius can support? We’re seeing high latency on Radius and wonder if this is just too much for the AP to handle.

d6b107c81c8a4618bf72c6cce97d1152_f51e9cf9-45be-411e-a9fb-80ef2a83191a.jpg

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
SamPirok
Community Manager Community Manager
Community Manager

‎08-17-2021 02:04 PM

Thank you for that screen shot. The way you have this set up now is that there is a primary Radius server, and several backups in case the primary Radius server goes down. But until the primary AP stops responding, all requests go to the primary AP only.

 

To set up more of a ‘load balancing’ situation, you’ll want to go in to XIQ> Configure> Network Policy> Open the network policy in use> Open the Radius SSID> In the Authentication Settings section of the SSID, below the Radius Server Group you have configured, there is a check box for the option to “Apply Radius server groups to devices via classification”. I would recommend using classification rules to determine which clients reach out to which Radius AP for authentication. This page goes in to more detail on the Radius Server Group settings. 

 

Hope that helps!

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
bnolen1
New Contributor II

‎08-17-2021 09:08 PM

Thanks so much Sam. We’re going to dig in to this and see if it works for us. I really appreciate the detailed and quick answers!

0 Kudos

Go to solution
SamPirok
Community Manager Community Manager
Community Manager

‎08-17-2021 02:04 PM

Thank you for that screen shot. The way you have this set up now is that there is a primary Radius server, and several backups in case the primary Radius server goes down. But until the primary AP stops responding, all requests go to the primary AP only.

 

To set up more of a ‘load balancing’ situation, you’ll want to go in to XIQ> Configure> Network Policy> Open the network policy in use> Open the Radius SSID> In the Authentication Settings section of the SSID, below the Radius Server Group you have configured, there is a check box for the option to “Apply Radius server groups to devices via classification”. I would recommend using classification rules to determine which clients reach out to which Radius AP for authentication. This page goes in to more detail on the Radius Server Group settings. 

 

Hope that helps!

0 Kudos

Go to solution
bnolen1
New Contributor II

‎08-16-2021 07:12 PM

Thank you for the reply!

We have several APs set up for Radius. It seems like everything still hammers the first one. Is there somewhere else to go to set it up for load balancing?

ee7b3b2aab3c48888ace66ac232d3cec_2d72babe-dbea-4a99-8121-f5975c1af2d2.jpg
ee7b3b2aab3c48888ace66ac232d3cec_dbdc70a1-1834-4648-a6b5-75704143902f.jpg

 

0 Kudos

Go to solution
SamPirok
Community Manager Community Manager
Community Manager

‎08-16-2021 06:45 PM

I would add a second AP to your Radius set up to help even out the load. Just to give you an idea, if you were using the AP as your user DB, it could handle a little over 500 concurrent Radius connections at a time, and 256 simultaneous authentication requests. Those limits don’t apply to your set up since you’re using an AD and an external user DB, but that might give you an idea of what the APs limits could be. 

0 Kudos
GTM-P2G8KFN