We have a Wireless Lan controller set to authenticate users against (Lucent) Radius server. The username and password is stored in a database. About once a week the cpu on the radius/java process spikes to %100 cpu and all users for REALM-X get access denied/rejected authentication while users of REALM-Y are unaffected.
After we restart the radius service we then see ACCESS-ACCEPT messages for REALM-X users again. We notice in the logs what appears to be most of the clients/supplicants repeated sending auth requests. There can be up to 500-1000 auths for some users within an hour or so.
I believe the high cpu is a function of the high load. We are trying to understand why the supplicants (android/iphones/various laptops) send so many auth requests. We have the session set for 1 hour. Once the supplicant is authenticated isn't is 'done' with radius?
Yes. It is.