RE: [WIRELESS-LAN] Measuring RADIUS Auths

@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths Thanks for the additional info. We mainly were using it to compare against itself, especially the retransmissions. There were some telltale signs that we were having controller problems and a spike in retransmissions was a big

RE: [WIRELESS-LAN] Measuring RADIUS Auths

Sent: Monday, October 19, 2015 10:08 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths > Date:Fri, 16 Oct 2015 18:21:19 + > From:"Mattson III, Ken V." <kenmatt...@creighton.edu> > Subject: Re: Measuring RADIUS Auths >

Re: [WIRELESS-LAN] Measuring RADIUS Auths

Hi Charles, On Thu, Oct 15, 2015 at 09:08:33PM +, Charles Rumford wrote: > I’m currently embarking on a project to determine the number of > RADIUS auths per minute each one of my controllers is generating > to plan for the capacity I need for my RADIUS servers. > > I was curious if anyone

Re: [WIRELESS-LAN] Measuring RADIUS Auths

Hi, On Fri, Oct 16, 2015 at 11:11:21AM -0400, Walter Reynolds wrote: > Since you mention in the thread that you have Cisco with Freeradius > backend, I thought I would point out that if you are doing PEAP/MSChapv2 > that the bottleneck is winbind/samba and that it is based on auth's per > second,

Re: Measuring RADIUS Auths

Date:Fri, 16 Oct 2015 18:21:19 + From:"Mattson III, Ken V." <kenmatt...@creighton.edu> Subject: Re: Measuring RADIUS Auths I am pretty sure it is raw ("The number of RADIUS Access-Request packets sent to this server. This does not in

Re: [WIRELESS-LAN] Measuring RADIUS Auths

I ended up SNMP polling my Aruba controllers for their stat information. As I don’t run our RADIUS systems, getting comparable stats from them is a bit challanging. The RADIUS server stats I have access to are in number of requests, where the Aruba MIB offers stats by complete auth. You can

RE: [WIRELESS-LAN] Measuring RADIUS Auths

UCAUSE.EDU] On Behalf Of Charles Rumford Sent: Friday, October 16, 2015 12:13 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths Is that raw requests or complete auths? > On Oct 16, 2015, at 12:46 PM, Mattson III, Ken V. <kenmatt...@creighton.edu>

Re: [WIRELESS-LAN] Measuring RADIUS Auths

om: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ciesinski, Nick > Sent: Friday, October 16, 2015 10:20 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths > >

Re: [WIRELESS-LAN] Measuring RADIUS Auths

Since you mention in the thread that you have Cisco with Freeradius backend, I thought I would point out that if you are doing PEAP/MSChapv2 that the bottleneck is winbind/samba and that it is based on auth's per second, not purely auth request that show up in total request. That being said, our

Re: [WIRELESS-LAN] Measuring RADIUS Auths

This is the access key AV3Q6TQB I can’t add you for some reason. Did you ID change in CCW? Nick On Oct 16, 2015, at 10:11 AM, Walter Reynolds > wrote: Since you mention in the thread that you have Cisco with Freeradius backend, I thought I would

RE: [WIRELESS-LAN] Measuring RADIUS Auths

Msgs... 0 >> Pending Requests. 0 >> Timeout Requests. 36 >> Consecutive Drops ... 0 >> Unknowntype Msgs..... 0 >> Other Drops.

RE: [WIRELESS-LAN] Measuring RADIUS Auths

serv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ciesinski, Nick Sent: Friday, October 16, 2015 10:20 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths This is the access key AV3Q6TQB I can’t add you for some reason. Did you ID change in CCW? Nick On Oc

Measuring RADIUS Auths

I’m currently embarking on a project to determine the number of RADIUS auths per minute each one of my controllers is generating to plan for the capacity I need for my RADIUS servers. I was curious if anyone has embarked on a similar journey and tried to measure auth rates coming from their

Re: [WIRELESS-LAN] Measuring RADIUS Auths

We are using FreeRADIUS, but I want to measure independent of the RADIUS server. -- Charles Rumford Network Engineer/Senior Wireless Engineer ISC Network Operations University of Pennsylvania OpenPGP Key ID: 0xF3D8215A (p) 215-746-2808 Sent from my phone On Oct 15, 2015, at 17:12, Jeremy Gibbs

Re: [WIRELESS-LAN] Measuring RADIUS Auths

iversity of Adelaide, AUSTRALIA 5005 > Ph: +61 8 8313 4800 > > -Original Message- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Wang, Yu > Sent: Friday, 16 October 2015 9:23 AM > To: WI

RE: [WIRELESS-LAN] Measuring RADIUS Auths

@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths We are using FreeRADIUS, but I want to measure independent of the RADIUS server. -- Charles Rumford Network Engineer/Senior Wireless Engineer ISC Network Operations University of Pennsylvania OpenPGP Key ID: 0xF3D8215A (p) 215-746

RE: [WIRELESS-LAN] Measuring RADIUS Auths

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Jeremy Gibbs [jlgi...@utica.edu] Sent: Thursday, October 15, 2015 5:28 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths Hmm, I am

RE: [WIRELESS-LAN] Measuring RADIUS Auths

EDU Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths One way is to parse through radius logs (each controller has its unique client name) and generate stats for auth/sec, auth/min, auth/day. You can also generate graphs from scripts. I wrote a few to generate and mail graphic reports daily. Yu W

Re: [WIRELESS-LAN] Measuring RADIUS Auths

Hmm, I am interested to hear how you might accomplish that. My first instinct is to port mirror the controller to a large enough box to handle the traffic and have a filter looking for port 1645/1812 (whatever your RADIUS AUTH port is) so you only capture that traffic (I would use tcpdump). Then

Re: [WIRELESS-LAN] Measuring RADIUS Auths

What are you using for a RADIUS server? *--Jeremy L. Gibbs* Sr. Network Engineer Utica College IITS T: (315) 223-2383 F: (315) 792-3814 E: jlgi...@utica.edu http://www.utica.edu On Thu, Oct 15, 2015 at 5:08 PM, Charles Rumford wrote: > I’m currently embarking on a

Re: [WIRELESS-LAN] Measuring RADIUS Auths

I am surprised there are no statistics to be had from the controller. I am assuming you have gone down that avenue already. *--Jeremy L. Gibbs* Sr. Network Engineer Utica College IITS T: (315) 223-2383 F: (315) 792-3814 E: jlgi...@utica.edu http://www.utica.edu On Thu, Oct 15, 2015 at 5:35

Re: [WIRELESS-LAN] Measuring RADIUS Auths

That is my first thought also. I might put two smaller boxes out on select controllers and do selective port mirroring from the actual controller to reduce the flood of traffic. More thinking and planning needed. -- Charles Rumford Network Engineer/Senior Wireless Engineer ISC Network

RE: Measuring RADIUS Auths

] on behalf of Charles Rumford [charl...@isc.upenn.edu] Sent: Thursday, October 15, 2015 5:08 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Measuring RADIUS Auths I’m currently embarking on a project to determine the number of RADIUS auths per minute each one of my controllers

Re: [WIRELESS-LAN] Measuring RADIUS Auths

Charles, We’re running two load-balanced FreeRADIUS instances on RHEL servers. Our Identity and Access Management Team runs those machines. Short story long, last fall our auth rates were getting high enough that the IAM team had to convert the log rotation to MySQL because the log files

RE: [WIRELESS-LAN] Measuring RADIUS Auths

Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Walt Reynolds Sent: Friday, 16 October 2015 1:24 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths We have Cisco controllers and have a script that polls the radius table