RADIUS/802.1x Latency Guidelines

Fowl asked:

We’re considering a centralising our RADIUS infrastructure but I can’t find any information about acceptable latency between the Authenticator (ie. switch or WLC) and the Authentication Server.

Would 100ms roundtrip work well without issues, what about 200ms?

My answer:

You’re nowhere near cause for concern. A typical RADIUS access server has a configurable timeout of several seconds (e.g. Brocade switches have a 3 second timeout, Cisco switches have a 5 second timeout, and they all allow you to change it).

Just keep your network connections terrestrial (that is, not over satellite) and you’re not likely to run into any issues. If you need to increase the timeout, your existing switches should allow you to do that.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.