cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
397
Views
10
Helpful
11
Replies
abinaya.2.r
Beginner

WLC and AAA server TTL time

Hi,

 

I am installing a 3504 WLC . The WLC is located at Brazil and the RADIUS servers are at Australia.

 

Can some one tell what should be  the maximum TTL between the WLC and the RADIUS server as part of cisco's best practice?

 

Also is there is any guide/link to refer, please share with me,

11 REPLIES 11
MHM Cisco World
Rising star

depend if there is VPN or not from site to site.

marce1000
VIP Advisor

Scott Fella
Hall of Fame Master

Well I would first check what the latency is so everyone has an idea. You also should look at the default timers that are set and possibly if that would need to be increased. Then you also need to check with the vendor of the radius server and see what is their best practice and also what the timeout setting is.
-Scott
*** Please rate helpful posts ***

Below is the ping response of the two RADIUS servers. I tried to ping the RADIUS servers from the switch where wlc is connected. Is this a 300ms roundtrip would cause any delay? What is  recommended round trip as per best practices

switch#ping x.x.x.x
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 330/336/340 ms
switch#
switch#ping y.y.y.y
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to y.y.y.y, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 330/334/340 ms

are you use any DMVPN WAN ?

NO. DMVPN is not used.. It is MPLS here. 

What radius server are you using?

-Scott
*** Please rate helpful posts ***

RADIUS server is hosted on Azure cloud. 

What radius server is it?  You can host different radius servers like ISE, ClearPass, etc.  You should reach out the to manufacture of the radius or hit up the forum for that radius server to get some suggestions.

-Scott
*** Please rate helpful posts ***

What is the recommendations from the radius server manufacturer? That might be pushing the limits.
-Scott
*** Please rate helpful posts ***

Here is a thread for Cisco WLC and Cisco ISE suggests no more than 200ms. Now what you can and can’t get away with is up to you testing.

https://community.cisco.com/t5/network-access-control/maximum-value-for-the-round-trip-latency-between-ise-and-wlc/m-p/2943740/highlight/true
-Scott
*** Please rate helpful posts ***
Content for Community-Ad