WLC and AAA server TTL time

abinaya.2.r · ‎12-10-2020

Hi,

I am installing a 3504 WLC . The WLC is located at Brazil and the RADIUS servers are at Australia.

Can some one tell what should be the maximum TTL between the WLC and the RADIUS server as part of cisco's best practice?

Also is there is any guide/link to refer, please share with me,

MHM Cisco World · ‎12-10-2020

depend if there is VPN or not from site to site.

marce1000 · ‎12-10-2020

- Presumably if the TTL falls within the spec mentioned below - you will be safe :

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-6/b_Cisco_Wireless_LAN_Controller_Configuration_Best_Practices.html#concept_42BA20535D2D4B3D815720133BC6AEFC

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Scott Fella · ‎12-10-2020

Well I would first check what the latency is so everyone has an idea. You also should look at the default timers that are set and possibly if that would need to be increased. Then you also need to check with the vendor of the radius server and see what is their best practice and also what the timeout setting is.

-Scott
*** Please rate helpful posts ***

abinaya.2.r · ‎12-10-2020

Below is the ping response of the two RADIUS servers. I tried to ping the RADIUS servers from the switch where wlc is connected. Is this a 300ms roundtrip would cause any delay? What is recommended round trip as per best practices

switch#ping x.x.x.x
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 330/336/340 ms
switch#
switch#ping y.y.y.y
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to y.y.y.y, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 330/334/340 ms

MHM Cisco World · ‎12-10-2020

are you use any DMVPN WAN ?

abinaya.2.r · ‎12-10-2020

NO. DMVPN is not used.. It is MPLS here.

Scott Fella · ‎12-10-2020

What radius server are you using?

-Scott
*** Please rate helpful posts ***

abinaya.2.r · ‎12-10-2020

RADIUS server is hosted on Azure cloud.

Scott Fella · ‎12-10-2020

What radius server is it? You can host different radius servers like ISE, ClearPass, etc. You should reach out the to manufacture of the radius or hit up the forum for that radius server to get some suggestions.

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎12-10-2020

What is the recommendations from the radius server manufacturer? That might be pushing the limits.

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎12-10-2020

Here is a thread for Cisco WLC and Cisco ISE suggests no more than 200ms. Now what you can and can’t get away with is up to you testing.

https://community.cisco.com/t5/network-access-control/maximum-value-for-the-round-trip-latency-between-ise-and-wlc/m-p/2943740/highlight/true

-Scott
*** Please rate helpful posts ***