cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1147
Views
10
Helpful
11
Replies

WLC and AAA server TTL time

abinaya.2.r
Level 1
Level 1

Hi,

 

I am installing a 3504 WLC . The WLC is located at Brazil and the RADIUS servers are at Australia.

 

Can some one tell what should be  the maximum TTL between the WLC and the RADIUS server as part of cisco's best practice?

 

Also is there is any guide/link to refer, please share with me,

11 Replies 11

depend if there is VPN or not from site to site.

marce1000
VIP
VIP

 

 - Presumably if the TTL falls within the spec mentioned below - you will be safe :

          https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-6/b_Cisco_Wireless_LAN_Controller_Configuration_Best_Practices.html#concept_42BA20535D2D4B3D815720133BC6AEFC

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Scott Fella
Hall of Fame
Hall of Fame
Well I would first check what the latency is so everyone has an idea. You also should look at the default timers that are set and possibly if that would need to be increased. Then you also need to check with the vendor of the radius server and see what is their best practice and also what the timeout setting is.
-Scott
*** Please rate helpful posts ***

Below is the ping response of the two RADIUS servers. I tried to ping the RADIUS servers from the switch where wlc is connected. Is this a 300ms roundtrip would cause any delay? What is  recommended round trip as per best practices

switch#ping x.x.x.x
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 330/336/340 ms
switch#
switch#ping y.y.y.y
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to y.y.y.y, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 330/334/340 ms

are you use any DMVPN WAN ?

NO. DMVPN is not used.. It is MPLS here. 

What radius server are you using?

-Scott
*** Please rate helpful posts ***

RADIUS server is hosted on Azure cloud. 

What radius server is it?  You can host different radius servers like ISE, ClearPass, etc.  You should reach out the to manufacture of the radius or hit up the forum for that radius server to get some suggestions.

-Scott
*** Please rate helpful posts ***

What is the recommendations from the radius server manufacturer? That might be pushing the limits.
-Scott
*** Please rate helpful posts ***

Here is a thread for Cisco WLC and Cisco ISE suggests no more than 200ms. Now what you can and can’t get away with is up to you testing.

https://community.cisco.com/t5/network-access-control/maximum-value-for-the-round-trip-latency-between-ise-and-wlc/m-p/2943740/highlight/true
-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: