Hey,
I am currently in the midst of a RADIUS rebuild for a multi-state enterprise. The backbone for the network is 10gbps and is DWDM for the backbone between all campus routers. The DCs are 40gbps and have jumbo frames enabled. We are going to be load balancing radius requests through an F5. (most likely). We have about 300 requests per second on average and will be using clearpass. Due to this load, we are going be using four of the C3000 clearpass boxes to service the requests (one additional to use as the publisher serving no RADIUS). So that's the background.
This will be servicing wireless clients in both cisco and aruba wireless environments. So I have a few questions that I was hoping y'all can help me out with.
-
Are there settings on either or both of those wireless environments to specify a timeout interval before assuming RADIUS is not responding to the client's requests?
-
Is there something on clearpass I should be looking at for the same type of timer?
-
How can I test RADIUS RTT in the environment with one of the boxes? Is it possible to do RTT testing minus the RADIUS processing time?
-
Does putting RADIUS traffic on its own DWDM channel through the backbone buy us anything special?
Basically I'm seeing whether I absolutely need to put one or two of the boxes in what's not really a DC to reduce RTT for RADIUS or if I can put everything within the real DCs which is a state away and not have client impact. And I'm just not sure how to get real data to say yes, this is a viable design or no, I need to put these devices closer to where the user authentications are, and even in the same rack as some of the WLCs.
Thanks for any help. Like always, whenever I think I know stuff, there's a million other things that will stump me. Onward and upward.
No comments:
Post a Comment