Meraki

Community

Latency - Authenticator and Authentication Server

pfillips
New here
‎Dec 22 2022 6:43 PM
‎Dec 22 2022 6:43 PM

Latency - Authenticator and Authentication Server

Hi, We are designing a wireless network with EAP-TLS and centralized RADIUS. Given that we have sites across the globe, are there any defined latency guidelines between the Meraki AP and the RADIUS server?

 

Thank you.

0 Kudos
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Dec 22 2022 6:48 PM
‎Dec 22 2022 6:48 PM

 

Have you tried increasing the values of EAP timers?

 

alemabrahao_0-1671763650177.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
pfillips
New here
‎Dec 22 2022 6:53 PM
‎Dec 22 2022 6:53 PM

Hi, Thank you for the response. This is not in production yet. We are in design stage and are trying to find if we can work with a central RADIUS server across the globe or need to put region specific RADIUS servers. If there are any defined latency guidelines then accordingly we can define our solution. We plan to use EAP-TLS.

0 Kudos
In response to pfillips
alemabrahao
Kind of a big deal
Kind of a big deal
‎Dec 22 2022 7:03 PM
‎Dec 22 2022 7:03 PM

You can use a centralized server without problems, but keep in mind that if for some reason you have some kind of problem in the place where the server will be installed, the other locations will be unable to authenticate on the network.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 23 2022 4:35 PM
‎Dec 23 2022 4:35 PM

The initial authentication will be fine sub 2s.

The next thing to consider is roaming between APs.  You'll want to make sure you have fast roaming enabled (802.11r), so a full re-auth is not required each time a client moves between APs.  Otherwise if auth takes 2s, the user will stop passing traffic for 2s each time they roam.

 

This might also be of interest:

https://documentation.meraki.com/MR/Encryption_and_Authentication/Meraki_Local_Authentication_-_MR_8... 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.