cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
501
Views
0
Helpful
1
Replies

Evaluating Authorization Policy - High Delay

acontes
Level 1
Level 1

Hi,

to authenticate wireless users we use an ldap directory. In the prime time, between 8am and 12am when there is a lot of movement on the floors, we are faced with a high delay 10-20 seconds) in step "Evaluating Authorization Policy" on ISE resulting in a lot of failed logins.

There is no big authorization done, just checking if the user is in a specific group on the ldap server. Thats all. But we are checking 10 different groups.

Any ideas how to optimize this?

ISE is 1.2.1 Patch 8.

Wireless Controller is 5760 with 3.4

1 Reply 1

nspasov
Cisco Employee
Cisco Employee

Hi there. I have a couple of questions:

1. What type of ISE servers are you using? Virtual or physical?

2. If the servers are virtual, can you confirm that:

2.1. You have the correct resources (Memory, CPU and thick provisioned disk) assigned to them

2.2. The resources are reserved in VMware

3. How many concurrent endpoints do you have authenticating against ISE

4. What type of deployment do you have (distributed, 2-nodes, etc)

5. Provide the full version of your WLC

Thank you for rating helpful posts!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: