A question for folks with relatively large 802.1x (greater than 15,000 unique clients) wi-fi deployment (EAP-TTLS) with a FreeRADIUS infrastructure using Kerberos as the backend authentication .....
- how many FreeRADIUS servers do you deploy?, and - have you changed any of the default eap.con/radius.conf performance parameters/values? The good news is that we've started the year with a lot more folks finally using the 802.1x network than the last academic year. The bad news is that we're getting long delays in connecting/authenticating -- not just a wireless issue as we're also getting lots of "RADIUS server FAILED" traps from our VPN concentrators throughout the day since the semester started (using the same RADIUS servers as the 1x wireless deployment) We've also been seeing in the last three days HUGE numbers of: Aug 22 19:25:00 calvin radiusd[21691]: Discarding duplicate request from client Wireless8021XResNET port 32769 - ID: 76 due to unfinished request 253745 Aug 22 19:25:00 calvin radiusd[21691]: Discarding duplicate request from client Wireless8021XResNET port 32769 - ID: 140 due to unfinished request 253705 Aug 22 19:25:00 calvin radiusd[21691]: Discarding duplicate request from client Wireless8021XResNET port 32769 - ID: 85 due to unfinished request 253758 and Aug 19 03:30:14 calvin radiusd[3507]: Login incorrect: [anonymous] (from client Wireless8021XResNET port 29 cli 68-a8-6d-ae-fc-5d) Aug 19 03:31:15 calvin radiusd[3507]: Login incorrect: [anonymous] (from client Wireless8021XResNET port 29 cli 28-6a-ba-6a-9d-6e) Aug 19 03:31:35 calvin radiusd[3507]: Login incorrect: [anonymous] (from client Wireless8021XResNET port 29 cli c8-bc-c8-2e-52-13) Aug 19 03:32:13 calvin radiusd[3507]: Login incorrect: [anonymous] (from client Wireless8021XResNET port 29 cli 10-40-f3-29-60-2c) which, from what we can discern from the wonderful world of google, may be related to a "slow database", although our Kerberos folks don't see any issues on their end. Any thoughts? Responses to the two questions above would be appreciated ... thanks!! -- Jim Gogan / Univ of North Carolina at Chapel Hill ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
