1)
By debugging on the AC, it was
found that the server did not respond to the radius access messages sent by the
AC, resulting in a timer timeout authentication failure;
2)
Contacted a third-party server
to investigate and found that the server received a large number of radius
messages and reached the server performance bottleneck, resulting in the server
being unable to respond to the messages in a timely manner;
3)
Combined with the roaming
information of terminals on the AC, it was found that some terminals would roam
frequently between two APs, and each roaming would result in a Mac
authentication. This leads to an excessive amount of radius messages;
4)
By adjusting the AP power to
reduce the overlapping area of signal coverage of the two APs, the pressure on
the server caused by frequent roaming of terminals is effectively relieved, but
since roaming is an active behavior of terminals, some terminals still roam
frequently between the two APs after adjusting the power;
5)
To continue to reduce the
pressure on the server caused by radius messages, configure mac-authentication
fast-connect enable on the AC. This command is used to enable the fast-connect
function after successful MAC address authentication, and after enabling the
fast-connect function after successful MAC address authentication when the
client roaming within the AC, it does not need to perform MAC address authentication
again, thus improving the online speed of client roaming within the AC, that
is, the terminal roaming will not resend radius authentication messages, which
also further relieves the pressure on the server, and mac authentication
resumes normally.
