WLC Web-Auth hangs with >20 clients

Lawrence Steinke · ‎12-09-2011

Hello!

Our school wi-fi network has web-auth configured to login against AD (ldap). Everything appears to work fine in a classroom with up to about 20 clients. Once we get past that number web-auth freezes on all the screens where students have not yetcompleted the login. It simply times out. AT times when this is happening I have even lost the ability manage the WLC as the web page gets unresponsive.

If web-auth is turned off there are absolutely no problems.

If web-auth is on and there are 15 or less laptops trying to logon then we are just fine. Everyone logs in gets online.

Any ideas on how we can let the whole class get online at the same time?

PS:

-We have already increased teh number of clients on all the APs to support 75 max.

-In one test the clients were associating to multiple APs so I do not believe we are overloading one AP. I really think the issue is with the controller

-A consultant configured the APs for H-REAP.

-Our servers and WLC are on GigE. Our APs are plugged into GigE.

-We have two ldap servers config'd in the software and do not have login issues like this for our wired computer labs.

-DHCP is being handled by a Microsoft Server (i.e. not the WLC).

George Stefanick · ‎12-09-2011

What WLC code are you on? Also, are your APs local to the WLC, why HREAP?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Lawrence Steinke · ‎12-09-2011

WLC software version 7.0.116.0

I am not familiar with "local to the WLC" as a term. Our APs to get their config via connection to the WLC over the native vlan. They were not in HREAP mode until recently. That was a recommendation from our consultants that have not yet solved the issue. Their thought was that this would cut down on traffic to the controller and might help.

George Stefanick · ‎12-09-2011

Are you using the local web auth bundle or default screen on the WLC or a external server ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

weterry · ‎12-09-2011

I'm not so sure its a user quantity problem.

I dont have a bug ID handy but basically there is something about having an unresponsive Radius server or LDAP server that can create momentary holds in WLC Control communication (gui/cli). So perhaps your LDAP server stops responding intermittently? Again, I don't have many details, but its worth talking to TAC about.

Lawrence Steinke · ‎12-09-2011

I will bring up these comments with our conulstants and the TAC.

Ravi Singh · ‎07-10-2013

I don’t think there is problem of users. I think there is a problem with your LDAP or Radius server, When WLC forward the client request to server and if server is not responding your WLC will become unresponsive for momentarily. Please cross check the connectivity between LDAP server and WLC also check settings of LDAP and Radius server.

Lawrence Steinke · ‎07-11-2013

The solution was finally solved when a newer (patch) version of the WLC software was issued. Apparently it was a "known issue" for a very long time. The problem was related to an end user typing an incorrect password. No joke. The previous version of the software was not multi-threaded. The result was that when an end user entered incorrect credentials the system would stall and all subsequent users needed to wait until that thread terminated. The newer patch handles authentication in a multi-threaded manner that does not exhibit the problem.