Cisco Cisco 8540 Wireless Controller 白皮書
Cisco vs Aruba Wireless Controllers
9
DR150602D
Copyright © Miercom 2015
18 June 2015
5 - User Authentication Rate
Test Objective
To determine the maximum rate that new WiFi client authentications can be processed
.
How We Did It
Our research was unable to find any known test tools on the market for conducting high-volume
WiFi client-authentication testing. So to quantify client-authentication performance, we acquired
a custom test platform originally developed for this purpose by Cisco.
The client-authentication test package would work with Cisco wireless controllers, but not with
Aruba. Subsequently, we decided to conduct this comparative performance testing on two Cisco
models the latest Cisco 5520 controller, supporting 20 Gbps of network bandwidth, and the older
Cisco 5508 Wireless Controller, which supports 8 Gbps of network connectivity.
We decided to test most commonly used and one of the most secured authentication methods
based on IEEE 802.1X WPA2 Protected Access 2 specification. IEEE802.1X authentications like
PEAP, EAP-FAST , EAP-SIM, EAP-TLC are commonly used in the deployments like enterprises,
campuses, hotspot deployments.
WiFi client-authentication testing. So to quantify client-authentication performance, we acquired
a custom test platform originally developed for this purpose by Cisco.
The client-authentication test package would work with Cisco wireless controllers, but not with
Aruba. Subsequently, we decided to conduct this comparative performance testing on two Cisco
models the latest Cisco 5520 controller, supporting 20 Gbps of network bandwidth, and the older
Cisco 5508 Wireless Controller, which supports 8 Gbps of network connectivity.
We decided to test most commonly used and one of the most secured authentication methods
based on IEEE 802.1X WPA2 Protected Access 2 specification. IEEE802.1X authentications like
PEAP, EAP-FAST , EAP-SIM, EAP-TLC are commonly used in the deployments like enterprises,
campuses, hotspot deployments.
This test simulates a campus spanning wireless environment, where classes change on a college
campus, or a stadium game starts or restarts, or a corporation starts up in the morning. In these
cases large numbers of users with wireless devices all want to connect, or disconnect and re-
connect to, the wireless network or connection at approximately the same time. It is important in
such environments for the WiFi system to be able to handle these requests quickly the first time.
As shown in the test bed configuration diagram on the next page, the Cisco 5520 and the older
5508 were connected through a wire speed switch to five AAA/RADIUS (Remote Authentication
Dial In User Service, a networking protocol that provides centralized Authentication,
Authorization and Accounting (AAA)).
The controllers were connected through the switch to five simulators, which were set up to
simulate 1,500 APs (300 APs/simulator), each AP with 13 simulated clients – a total of 19,500
simulated clients. The simulated clients are spread across all five of the simulators.
The authentication was done by roaming each simulated client from one AP to the next, at a rate
of 800 roams per second. This is designed to roll all the clients through all 1,500 APs. The test
was run for 5 minutes, using the 802.1X authentication.
campus, or a stadium game starts or restarts, or a corporation starts up in the morning. In these
cases large numbers of users with wireless devices all want to connect, or disconnect and re-
connect to, the wireless network or connection at approximately the same time. It is important in
such environments for the WiFi system to be able to handle these requests quickly the first time.
As shown in the test bed configuration diagram on the next page, the Cisco 5520 and the older
5508 were connected through a wire speed switch to five AAA/RADIUS (Remote Authentication
Dial In User Service, a networking protocol that provides centralized Authentication,
Authorization and Accounting (AAA)).
The controllers were connected through the switch to five simulators, which were set up to
simulate 1,500 APs (300 APs/simulator), each AP with 13 simulated clients – a total of 19,500
simulated clients. The simulated clients are spread across all five of the simulators.
The authentication was done by roaming each simulated client from one AP to the next, at a rate
of 800 roams per second. This is designed to roll all the clients through all 1,500 APs. The test
was run for 5 minutes, using the 802.1X authentication.