Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
400
Views
10
Helpful
11
Replies
abinaya.2.r
Beginner
Beginner
‎12-10-2020 05:18 AM
‎12-10-2020 05:18 AM

WLC and AAA server TTL time

Hi,

 

I am installing a 3504 WLC . The WLC is located at Brazil and the RADIUS servers are at Australia.

 

Can some one tell what should be  the maximum TTL between the WLC and the RADIUS server as part of cisco's best practice?

 

Also is there is any guide/link to refer, please share with me,

Labels:
0 Helpful
11 REPLIES 11
MHM Cisco World
Rising star
Rising star
‎12-10-2020 05:54 AM
‎12-10-2020 05:54 AM

depend if there is VPN or not from site to site.

0 Helpful
marce1000
VIP Advisor VIP Advisor
VIP Advisor
‎12-10-2020 08:42 AM
‎12-10-2020 08:42 AM

 

 - Presumably if the TTL falls within the spec mentioned below - you will be safe :

          https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-6/b_Cisco_Wireless_LAN_Controller_Configuration_Best_Practices.html#concept_42BA20535D2D4B3D815720133BC6AEFC

 M.

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
‎12-10-2020 09:04 AM
‎12-10-2020 09:04 AM

Well I would first check what the latency is so everyone has an idea. You also should look at the default timers that are set and possibly if that would need to be increased. Then you also need to check with the vendor of the radius server and see what is their best practice and also what the timeout setting is.
-Scott
*** Please rate helpful posts ***
0 Helpful
abinaya.2.r
Beginner
Beginner
In response to Scott Fella
‎12-10-2020 09:12 AM
‎12-10-2020 09:12 AM

Below is the ping response of the two RADIUS servers. I tried to ping the RADIUS servers from the switch where wlc is connected. Is this a 300ms roundtrip would cause any delay? What is  recommended round trip as per best practices

switch#ping x.x.x.x
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 330/336/340 ms
switch#
switch#ping y.y.y.y
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to y.y.y.y, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 330/334/340 ms

0 Helpful
MHM Cisco World
Rising star
Rising star
In response to abinaya.2.r
‎12-10-2020 09:18 AM
‎12-10-2020 09:18 AM

are you use any DMVPN WAN ?

0 Helpful
abinaya.2.r
Beginner
Beginner
In response to MHM Cisco World
‎12-10-2020 09:42 AM
‎12-10-2020 09:42 AM

NO. DMVPN is not used.. It is MPLS here. 

0 Helpful
Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
In response to abinaya.2.r
‎12-10-2020 09:57 AM
‎12-10-2020 09:57 AM

What radius server are you using?

-Scott
*** Please rate helpful posts ***
0 Helpful
abinaya.2.r
Beginner
Beginner
In response to Scott Fella
‎12-10-2020 10:02 AM
‎12-10-2020 10:02 AM

RADIUS server is hosted on Azure cloud. 

0 Helpful
Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
In response to abinaya.2.r
‎12-10-2020 12:26 PM
‎12-10-2020 12:26 PM

What radius server is it?  You can host different radius servers like ISE, ClearPass, etc.  You should reach out the to manufacture of the radius or hit up the forum for that radius server to get some suggestions.

-Scott
*** Please rate helpful posts ***
0 Helpful
Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
In response to abinaya.2.r
‎12-10-2020 09:32 AM
‎12-10-2020 09:32 AM

What is the recommendations from the radius server manufacturer? That might be pushing the limits.
-Scott
*** Please rate helpful posts ***
0 Helpful
Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
In response to Scott Fella
‎12-10-2020 09:42 AM
‎12-10-2020 09:42 AM

Here is a thread for Cisco WLC and Cisco ISE suggests no more than 200ms. Now what you can and can’t get away with is up to you testing.

https://community.cisco.com/t5/network-access-control/maximum-value-for-the-round-trip-latency-between-ise-and-wlc/m-p/2943740/highlight/true
-Scott
*** Please rate helpful posts ***
Latest Contents
Cisco IOS-XE 17.5.1 for the Catalyst 9800 Wireless Controlle...
Created by anandg on 04-02-2021 11:02 AM
5
15
5
15
  It’s been about two and half years, since the launch of next generation Cisco Catalyst 9800 Wireless LAN Controllers that has the most deployment flexibility and runs the modular, scalable, highly reliable, open and programmable operating system, I... view more
Wi-Fi 6 and Embeded Wireless Controller (EWC) Demo
Created by eugenelee28 on 03-21-2021 01:48 AM
3
5
3
5
Hi All, I have made this video for Cisco Pitch the Future Contest in Malaysia which talks about Wi-Fi 6 and EWC Demo. Please feel free to view the video below and please support me for this contest by giving the video a like as the Contest will end o... view more
Cisco Wants your Feedback on the Cat9800-80!
Created by caiharve on 03-09-2021 03:43 PM
0
5
0
5
Review the Cisco Catalyst 9800-80 Wireless Controller on TrustRadius and receive a $25 gift card!   
EEM Scripts to Enable/Disable the RLAN Ports on APs Connecte...
Created by justloo on 03-07-2021 10:43 AM
0
10
0
10
Overview On the Cisco Catalyst 9800 Series WLC, enabling/disabling the remote LAN (RLAN) ports on APs requires going into the configuration for each AP and manually enabling/disabling the ports. However, as the number of APs that need to have their RLAN... view more
An End of an Era for Cisco AireOS Controllers
Created by byronm19 on 03-05-2021 12:30 PM
2
5
2
5
It’s been a long road for our AireOS wireless controllers. In fact these products have been around Cisco in some form since 2005. As you may have heard, Cisco made the decision to End-of-Sale (EOS) these products last month. That means that these AireOS ... view more
Content for Community-Ad