Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1639
Views
5
Helpful
5
Replies

High CPU on WLC 2006

Go to solution
David Schau
Level 1
Level 1

‎11-15-2010 08:09 AM - edited ‎07-03-2021 07:24 PM

I'm wondering if there are any options I can try for the following situation:

Professional sports arena has a small wireless deployment intended for use by media during games for research and submitting updates.  Currently four APs on a WLC2006 (4.2.61) with a dedicated DSL connection for internet access.   Only about 20-30 users typically and other than game time very stable.  WLAN setup with an open SSID using web-auth to keep from needing to deal with support for encryption for visiting people.  But during games with all the spectators the associations go way up due to iphones, driods, etc..  Eventually the performance starts dropping to the point where web-auth stops working.  On the console (web unresponsive) I got CPU utilization staying at 80-98% and client counts of up to 180..  Too much for a 2006  I'm going to assume?

A couple options off the top of my head:

Turn on some form of encyption to reduce the number of associations, but this possibly opens up a requirement for additional support that may be needed to get non-technical users connected that need to.

More powerful controller?   I haven't really been able to find anything yet on scalability expectations for the WLCs for this situation.  Also don't believe there is a budget for any serious upgrade right now.

Any other thoughts or ideas anyone has that might help?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee
In response to David Schau

‎11-15-2010 10:52 PM

Hi David,

VERY good point you have there. In that way, yes it will help.

If the SSID is open, lots of laptop will associate "by default behavior" to the SSID and never authenticate. Those laptops consume client entries and webauth ACL on the AP/WLC. If you have a PSK they will never be able to associate in the first place so that will save ressources.

This is only worth for WPA/WPA2. Let me remind that WEP allows association even if you have the wrong key (you won't be able to pass traffic but you're still associated).

Nicolas

===

Don't forget to rate answers that you find useful

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee

‎11-15-2010 12:13 PM

Hi David, 4.2.61 is one of the worst release to chose. In general the first release of a branch is not the best one.

4.2.209 is still the same code branch and is the most stable software out there. There has been a couple of bugs with web authentication not working under load.

Now you have another good point, that many clients on only 6 APs and a 2006 is a undersized network. 30 clients per AP is over recommendations. And the fact that some might stay in "web auth required" state means they have a special ACL applied and consume a lot of CPU on the WLC ...

The encryption is done by the AP, so WLAN encryption will not change anything to WLC CPU usage.

Regards,

Nicolas

0 Helpful

Go to solution
David Schau
Level 1
Level 1
In response to Nicolas Darchis

‎11-15-2010 01:29 PM

I was thinking of upgrading to 4.2.209 once I saw that's what was on the 2006.  I just got engaged with this issue so until Friday night I had very little to go on.  When I describe 180 clients,  that's from the WLC summary.  A large number were just probing, most were sitting associated but not authenticated, and only about 20 were actually authenticated and using the wireless successfully.

My thought on addding encryption was to have a PSK so that the default setting on the phones would not associate and be consuming a incomplete web-auth session.  Would that not alleviate alot of the CPU load as well?

0 Helpful

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee
In response to David Schau

‎11-15-2010 10:52 PM

Hi David,

VERY good point you have there. In that way, yes it will help.

If the SSID is open, lots of laptop will associate "by default behavior" to the SSID and never authenticate. Those laptops consume client entries and webauth ACL on the AP/WLC. If you have a PSK they will never be able to associate in the first place so that will save ressources.

This is only worth for WPA/WPA2. Let me remind that WEP allows association even if you have the wrong key (you won't be able to pass traffic but you're still associated).

Nicolas

===

Don't forget to rate answers that you find useful

0 Helpful

Go to solution
David Schau
Level 1
Level 1
In response to Nicolas Darchis

‎11-16-2010 06:35 AM

Good point on not using WEPfor a PSK, I hadn't realized they would still associate.  Although I suspect that would at least keep from having the web-auth pending and eating up CPU along with the DHCP scope.

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee
In response to David Schau

‎11-16-2010 12:15 PM

Rethinking about it you have another good point. Not being able to pass traffic because they don't have the correct WEP key means they would not get an ip address so they would stay in "DCHP_required" state on the WLC and will not have the webauth pending.

However client will still try to get DHCP and will get packets. While with WPA, the client clearly understood from the key handshake that he was deauthenticated.

Nicolas.

===

Don't forget to rate answers that you find useful

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card