Autonomous APs and Roaming

Hi,
is it possible to configure auonomous APs to allow clients to roam between them?
Thanks, Pat

yes, this is totally possible.
if you are using a PSK, then all you need to do is configure the AP exactly the same way, with the exception of the IP address on the BVI interface.
if you are using 802.1x, then you would want to configure WDS for the key caching.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml#step1
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered

Similar Messages

  • Mulitple SSIDs and ACLs on Autonomous APs

    This is an unusual situation:
    I have the need to run a few autonomous APs (1262) for some sites on satellite links.
    At a bare minimum I need to run two WLANs.
    One is wide open, and the other with an ACL that heavily restricts access.
    Is there any way to tie two WLANs to a single VLAN, while applying an ACL to just one WLAN?
    Any ideas?

    On autonomous, you cans have multiple ssid pointing to one vlan.  You can on a WLC.
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • WAP2000 fails WDS and roaming

    Hi,
    I'm wondering if anyone on this forum has successfully used WAP2000 access points.
    I'm particularly disappointed with these device:
    Hardware Version:
    1.0
    Software Version:
    2.0.0.5
    I set two of them up with exactly the same wifi security settings, same channel and WDS, one of which is a repeater (MAC addresses correctly set).
    Whenever I turn the repeater station on, the wireless supplicant not only doesn't extend it's coverage but if it's within the AP's outer range then it LOSES its connection with the AP. It's as if the wrieless repeater "jammed" the connection. I tried just about every possible setup and came to the conclusion that WDS does not work with my WAP2000 devices.
    I don't even "require" WDS to work if at least a decent roaming could be done. So I setup 2 WAP2000 as 2 APs with exactly the same wifi security settings and different, non-overlapping channels (same SSID). Roaming *should* be fairly quick but it lasts between 30 and 50 seconds!
    I replaced both WAP2000 APs with older WAP54G APs (same settings) and roaming is "fast" (less than 3 seconds!).
    So on one hand I'm demonstrating that roaming does NOT depend ONLY on the client side and that APs can be the culprit.
    On the other hand, I'm also showing how bad the WAP2000 product is (it's more expensive than the WAP54G but is completely unreliable).
    No wonder there are so few references on the web to the WAP2000 device.
    "Cisco" isn't as good as it sounds (I know it's "small business" but it's still Cisco).
    If someone here has had a similar experience and has found a solution, please let me know.
    Otherwise, I'm definitely not going to value the "Cisco/Linksys" brand as well as I did in the past.
    Thanks,
    Vieri

    To get the best roaming, you need to make sure you have enough coverage. That usually means a good site survey was performed to specify how many access points and the locations of the access point. Without this piece, there is no guarantee of roaming.
    As far as WDS, you can setup an autonomous ap as a WDS server that is either dedicated as a WDS or is a WDS server and also serves clients.
    Sent from Cisco Technical Support iPhone App

  • How to improve client handover and roaming between AP's

    Improving client Handover and roaming between APs
    There are a few standards and methodologies available to use to improve handover of clients between APs. Most are focused on VOIP technologies, but it must always be remembered that we cannot control the client Handover (especially with legacy clients) we can only encourage them. Some Standards and methods work well for some environments and some do not - test the recommendations extensively before implementing in a live Production environment. It must also be noted that all settings take effect immediately once applied, however from a client perspective it might need to re-associate for the changes to take effect client side.
    As with everything else in IT, if a perfect method/solution existed there would only be one - try them all and keep the best.
    The Standards and Definitions
    802.11k
    IEEE 802.11k allows a device to quickly identify nearby APs that are available for roaming. When the signal strength of the current AP weakens and the device needs to roam to a new AP, it will already know the best candidate AP with which to connect to.
    802.11r
    IEEE 802.11r specifies fast Basic Service Set (BSS) transitions between access points by redefining the security key negotiation protocol, allowing both the negotiation and requests for wireless resources to occur in parallel.
    When a device roams from one AP to another on the same network, 802.11r streamlines the authentication process. BSS allows a devices to associate with APs more quickly. Coupled with 802.11k's ability to quickly identify the target AP, BSS's faster association method may enhance application performance.
    Handoff Assist
    The AP monitors the RSSI for every associated client. If the RSSI for a specific client falls below "low-rssi-threshold" and continues to fall for the "rssi-falloff-wait-time", then the AP will send a de-auth to the client. 
    The de-auth is meant to kick the client away from the current AP and get it to re-authenticate to a nearby AP. This will have the effect of helping a client handover between 2 APs.
    BUT (Big But), if the client gets de-authed and takes a while to re-authenticate (if it even does re-authenticate automatically after a de-auth), then this will have the effect of destroying communication instead of helping it -- mostly found with legacy clients. 
    Remove Lower Transmit Rates
    Removing lower transmit rates is a way to promote better roaming, BUT not all clients respond well, or even respond to it. 
    The practice is that the basic rates are a subset of the transmit rates. If you only want to allow speeds 9 and up, you would select only the transmit rates of 9 and up, and the basic rates of 9 and 11. If a legacy client expects the rates of 1 and 2 it will not connect.
    Local Probe Threshold
    Local probe Threshold prevents a client from connecting to an AP with a too low a signal - helps more with initial connection than roaming.
    The local probe threshold parameter is not supposed to force clients to roam as soon as they pass near an access point with a good signal, but rather to NOT hold on to an access point with a weak signal (avoiding sticky clients).
    PMK Caching
    Defined by 802.11i and is a technique available for authentication between a single AP and a station. If a station has authenticated to an AP, roams away from that AP, and comes back, it does not need to perform a full authentication exchange. Only the 802.11i 4-way handshake is performed to establish transient encryption keys.
    Opportunistic Key Caching (OKC)
    Is a similar technique to PMK, but not defined by 802.11i, for authentication between multiple APs in a network where those APs are under common administrative control. An Aruba deployment with multiple APs under the control of a single controller is one such example. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys
    Implementation and Configuration
    802.11k
    802.11k is configured in your VAP profile. Tick the option to “Advertise 802.11k”. There after set the Handover Trigger Feature Settings.
    Tick the “Enable Handover Trigger feature” and then set RSSI threshold by specifying the -dBm level at what the hand over trigger should be sent to the client
    802.11r
    802.11r is configured under SSID of your VAP profile. Tick the option to “Advertise 802.11r”
    HandofF Assist
    Station Handoff Assist is enabled in RF Optimization under the RF Management section of AP configuration.
    Tick the “Station Handoff Assist” option to enable it, next set the Low RSSI Threshold – the threshold determines above what level no deauth gets sent
    Lower Transmit Rates
    Transmit rates can be adjusted in the Advanced tab of SSID under your VAP profile.
    Remember that the basic rates are a subset of the transmit rates. If you only want to allow speeds 9 and up, you would select only the transmit rates of 9 and up, and the basic rates of 9 and 11
    Local Probe threshold
    Local Probe threshold can be adjusted in the advanced tab of SSID under your VAP profile.
    Depending on the density of your APs consider values between 20 and 40 -- 40 being aggressive in an AP dense area.
    Deny Broadcast Probes
    Denying Broadcast Probes can cause problems with Roaming especially if the SSID is hidden – leave option disabled.

    Hi, thank you for the helpful guidance.  I have a basic question, if the device roam from one AP to another AP with the same SSID.  Is there a need of re-authentication given a) the network uses EAP based authentication; b) the network uses MAC address authentication.   If there is no need of EAP re-authentication, how the 802.11 keys are moved to the new AP.  Thank you very much if you could help me clarify my thought. 

  • 802.1x auth fail through WLC but OK on autonomous APs

    Hello,
    I migrate 1310 APs from Autonomous to Lightweight. Migration is OK with Cisco Upgrade Tool, and AP are registered on my 2504 WLC.
    Previously, a 802.1x network was broadcasted by autonomous APs, supplicants were identified on a freeradius server with MSCHAPv2/PEAP method.
    I send you in attachement a AP config which is OK.
    But on the WLC, supplicants can't auth on Radius server.
    I configured a WLAN with WPA/TKIP/802.1x with my radius server in AAA tab.
    When clients try to authenticate, I get these messages where xxx is login:
    AAA Authentication Failure for UserName:821 User Type: WLAN USER
    AAA Authentication Failure for UserName:200 User Type: WLAN USER
    AAA Authentication Failure for UserName:209 User Type: WLAN USER
    Security info on client page is:
    Security Policy Completed
    No
    Policy Type
    WPA
    Encryption Cipher
    TKIP-MIC
    EAP Type
    PEAP
    SNMP NAC State
    Access
    Radius NAC State
    8021X_REQD
    What is strange, there are some clients which are OK in RUN State, and 50 other % which are not.
    In attachment there is a debug client "mac-address" on a device which cannot authenticate through WLC.
    Thank you,
    Clement

    Hi Amjad,
    I'm not using NAC.
    Clients makes a MSCHAPv2/PEAP auth on a FreeRadius server through the WLC.
    Because network is critical, I do a rollback so I passed the light APs into their autonomous original state.
    Now all clients can successfully auth on the network. I don't understand what happens when APs are in lightweight mode :/
    I have more information about the WLAN clients  :
    - Each client is an infrastructure which have a AXIS wireless modem in bridge mode, which is client of the WLAN. This modem have login/password for MSCHAPv2 auth.
    - Behind the AXIS, there is a switch on which 4 devices in static IP are connected.
    - If the AXIS is successfully authenticated on the WLAN, only one device of four is able to ping servers on the LAN. The others cannot, it seems to be a "token ring" like ?!
    The WLAN clients infrastructures are very proprietary, it's very difficult to debug.
    What I know, is all clients are OK on autonomous AP (auth 100% successfull, ping 100% successfull for 4 devices) and when the clients join a lightweight AP it is (auth 50% successfull, ping 100% successfull for 1 device, 0% successfull for 3 others devices)
    Tell me if you need specific debug logs.
    Clement

  • Autonomous APs to LWAPP

    I have a project to upgrade the current Autonomous APs 1242 running on a customer site and they want them to be converted to LWAPP and moved over to controller.Is there a way to convert them? Note the APs are about 12-15ft high in the ceiling.

    Hi
    cisco upgrade tool is available on  cisco web site you can download it and then you need to create a text file which you want to convert them.format is given below
    This is simplest way to convert.
    Helping document
    http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html
    thanks
    Tahir

  • 5 wireless controller and roaming security

    i want to connect 5 wlan controller to core switch with 470 ap . client must roaming and dont have disconnect. what security must configured

    Stephen,
    I dropped these questions in the Ask the Expert forum, but they are relevant here:
    Our intention is to use the Mobility Group to distribute AP connections among many controllers on several campuses for redundancy in the event of catastrophic failure. With this in mind, several questions arise as to how this can be achieved:
    1. What is the formula by which an AP, once it has a list of candidate controllers to join, chooses a specific controller? We understand it has something to do with the number of APs and clients a controller is managing, but what are the quantitative criteria/tiebreakers in the AP decision process? What are the relative/absolute values?
    2. If we use DHCP Option 43 to point to the APs to a Master Controller, and subsequently re-assign via the controller GUI the APs Primary, Secondary, and Tertiary controllers, will the APs automatically join the Primary, or do they have to be rebooted? And if rebooted, will these WLC assignments override the DHCP Option 43 if not changed?
    3. In the above setup, will the AP stop searching for available controllers if the Pri/Sec/Ter WLC assignments fail? Can other, unassigned controllers in the Mobility Group provide a connection for an AP? Or is N + 1 + 1 the limit?
    4. Assuming the AP tries them in sequential order, can we place all WLCs in a Mobility Group inside Option 43, or is it limited to 3 entries like the controller-based assignment?
    Thanks for any assistance,

  • Communication between APs and controlleurs under 100ms

    I heard from a Cisco representative that communication between the APs and the controlleur(s) should be less than 100ms. Did anyone experienced problems by not respecting that restriction?
    This restriction would have an impact on our design. Originaly we were planning to host the controlleurs as well as the WCS on our datacenter and have the APs communicate with the controlleurs/WCS via WAN. We would like to avoid having a controlleur for each site since the sites won't need more than 5-6 APs each...

    Hi Mehdi,
    Have a look at the specs in this H-Reap design guide. It may help explain this restriction and the effect it will have on the "Wireless Rollout";
    H-REAP WAN Considerations
    Because the H-REAP has been designed specifically to operate across WAN links, it has been optimized for such installations. Though H-REAP is flexible when it comes to these remote network design scenarios, there are still a few guidelines that need to be honored when architecting a network with H-REAP functionality.
    H-REAPs may not be placed across WAN links any slower than 128 kbps.
    Roundtrip latencies between H-REAP and the controller may not exceed 100 ms.
    Between the access point and the controller, a minimum of a 500 byte MTU is supported.
    In order to ensure that support for this stated latency limitation is in place, it is strongly recommended that between the access point and controller, priority be configured in the intermediary infrastructure to elevate LWAPP control (UDP port 12223) to the highest priority queue available. Without priority placed on LWAPP control, spikes in other network traffic will very likely cause H-REAP access points to frequently shift from connected to Standalone modes as WAN link congestion prevents access point/controller messages (and keep-alives) from being delivered.
    Frequent H-REAP flapping causes serious connectivity issues. Without proper network prioritization in place, it may be prudent to place controllers at remote sites to ensure consistent and stable wireless access.
    Note: Whether H-REAP is configured to tunnel client traffic back to the controller or not, the LWAPP data path is used to forward all 802.11 client probes and authentication/association requests, RRM neighbor messages, and EAP and web authentication requests back to the controller. As such, ensure that LWAPP data (UDP port 12222) is not blocked anywhere between the access point and controller.
    From this good doc;
    http://www.cisco.com/en/US/products/ps6521/products_tech_note09186a0080736123.shtml#t7
    Hope this helps!
    Rob

  • I just got my MacBook Pro a month ago. However I am realizing I need more hard drive space due to aps and programs.  I use am external but am concerned about the space. Is there a way to upgrade my hard drive from apple and keep my warranty valid?

    I just got my MacBook Pro a month ago. However I am realizing I need more hard drive space due to aps and programs.  I use am external but am concerned about the space. Is there a way to upgrade my hard drive from apple and keep my warranty valid?

    That would depend on whether your model actually has a hard drive. If you have the new 2013 Retina model, then you have a fixed storage device built-in that cannot be modified after purchase.

  • HT4623 i am trying to update my Ipad 1 but it tells me i have no updates available under my general settings. i talked to someone on the phone yesterday and they said my software version is 2 updates behind.  i paid for some aps and they will not open wit

    i am trying to update my Ipad 1 but it tells me i have no updates available under my general settings. i talked to someone on the phone yesterday and they said my software version is 2 updates behind.  i paid for some aps and they will not open with my cu

    You are as far as you can be with the original iPad; only iPad 2 and greater will update to 7+

  • Need to use production schedule in OPM without ASCP,APS and VCP.

    Hi Folks,
    Pls suggest me the options to work on PS for OPM in R12 without using ASCP,APS and VCP.Client is not interested to go for ASCP.I just need to run the schedule and show him how the alternate resource works.Kindly throw me the options which will be best to take it forward.
    Regards,
    Arul

    Hi Partha,
    My client does not want the ASCP,APS and value chain planning.The option which you provide also cannot pull the data to EBS which is currently in ER as per Oracle.
    Any other functionality which can be used which will help my client.
    Regards,
    Arul

  • I updated my iPhone 5 yesterday to iOS 8.1.3, now the touch screen isn't responding, keeps opening aps and then get stuck.

    I updated my iPhone 5 yesterday to iOS 8.1.3, now the touch screen isn't responding, keeps opening aps and then get stuck.  Can't hang up after making a call.  Can't close messages.  Have I done something wrong?

    Good day catjono,
    If you are having an issue with your iPhone's touchscreen not responding, I would suggest that you troubleshoot using the steps in this article - 
    If the screen on your iPhone, iPad, or iPod touch doesn't respond to touch - Apple Support
    Thanks for using Apple Support Communities.
    Safe computing,
    Brett L 

  • Query about the WebLogic conf for APS and Planning

    Hi All,
    We have threee servers used for Hyperion Planning and APS and are load balanced
    Configuration details are as shown below for one server and remaining two servers will also has the same. In this configuration
    APS shows as load balanced and Planning is shown pertaining to that one server alone. Can we make this Planning smartview connection
    to be balanced or APS balance itself will take care of this for the connection of planning?
    Am seeing performance issues with Planning with this configuration and server load is high falling on one server at times and is that due to this
    configuration of Planning Smartview connection falling on one server?
    Your help is much appreciated
    </LocationMatch>
    <LocationMatch /aps>
         SetHandler weblogic-handler
         PathTrim /
         WeblogicCluster
    <ServerName1>:13080,<ServerName2>:13080,<ServerName3>:13080
    WLProxySSL ON
    </LocationMatch>
    <LocationMatch /aps/*>
         SetHandler weblogic-handler
         PathTrim /
         WeblogicCluster
    <ServerName1>:13080,<ServerName2>:13080,<ServerName3>:13080
    WLProxySSL ON
    </LocationMatch>
    <LocationMatch /HyperionPlanning/SmartView>
         SetHandler weblogic-handler
         WLIOTimeoutSecs 6000
         WLCookieName HPSESSIONID
         PathTrim /
         WeblogicCluster <ServerName1>:8300
    </LocationMatch>
    <LocationMatch /HyperionPlanning/SmartView/*>
         SetHandler weblogic-handler
         WLCookieName HPSESSIONID
         WLIOTimeoutSecs 6000
         PathTrim /
         WeblogicCluster <ServerName1>:8300
    </LocationMatch>
    Thanks

    Download location: http://www.oracle.com/technology/software/products/ias/htdocs/wls_main.html
    You can upgrade the domain after you install wls 10.3 using QuickStart.
    When we migrated we have moved from windows to linux. We have installed, created domain, created managed servers, configured, etc. from scratch. We didn't face any 'show stopper' issues.

  • Do the 1042 Autonomous APs support GRE tunnels?

    Hi,
    Do the 1042 Autonomous APs support GRE tunnels?
    Any help is much appreciated.

    I have found:
    When you configure VLANs on access points, the native VLAN must be VLAN1. In a single architecture, client traffic received by the access point is tunneled through an IP-GRE tunnel, which is established on the access point’s Ethernet interface native VLAN.

  • HT5616 how do you change your apple id on your phone. Trying to update aps and it wont let me because its still using old apple id.

    how do you change your apple id on your phone. Trying to update aps and it wont let me because its still using old apple id.

    Delete them and then download them from the desired Apple ID. This may require repurchasing paid applications.
    (104499)

Maybe you are looking for

  • My daughter forgot her passcode for her iPhone 5c

    My daughter changed her passcode on her iPhone 5c.  The problem?  She forgot it before she told me.  Help!  What do I do?

  • This.submitForm() -- problem with my cgi script

    Thanks to George Johnson for an earlier answer to a related issue with this.submitForm. I am trying to use this.submitForm as per Example 1 on p. 348 of "JavaScript for Acrobat API Reference" document. To avoid any restrictions with my web hosting se

  • External FireWire disk doesn't mount on Leopard, does on Tiger?

    Hi All, I have an external FireWire Hard Drive that mounts as it should on all our Tiger Macs, but is invisible on our Leopard Mac. If we swap the FW cable for a USB2 cable, it shows up. Is this perhaps another Leopard 'thing' maybe? Like the one whe

  • Spry Accordion default panels

    Hello, I have been trying to get the panels on the Spry Accordion to open while on the corresponding pages. I have tried setting the default panel to the corresponding panel number, but that does not work. Right now I have all of the panels set to -1

  • I can see the music toolbar moving, but cannot hear any music.

    I can see the music toolbar moving, but cannot hear any music. My phone rings and clicks, so I know some sound works.  Ever since I synced my phone on my computer, I cannot hear my music or any videos.