Roaming from AP to AP on same SSID

Hi Guys,
I have an issue where I have an AP in one room and another in another.
When I walk from one room to the other, I lose signal but manages to see the SSID and join.
But, I cannot seem to surf the Internet, I have to manually disconnect and reconnect.
Any suggestions? Normal wireless routers I reconnect seamlessly without any manual disconnect & reconnect.
Currently using cisco 5508 and ap2600
Thanks

Sorry still no debugs, but it looks like it is not Roaming issue.I can conduct continous ping to 8.8.8.8 -t from AP to another AP
But if I ping a website for example www.facebook.com
works fine roaming
But if you access the URL via domain name or IP it fails.
Checked the ASA firewall I get SYN Timeout and deny TCP...
If I disconnect SSID and reconnect... traffic goes through... something wierd is going on

Similar Messages

  • Is there any way I can control which specific access point I connect (and stay connected) to from amongst a set of access points with the same SSID?

    I'm working from a boat in a harbor in which the ISP has deployed numerous access points around the periphery.  All the access points share the same SSID and each is configured to use either channel 1, 6 or 11.   From my location, there are over a dozen of these access points "visible" (based on the the output of WiFi Scanner) with a range of RSSI and S/N values that vary over time.
    The ISP has told me that the quality of my connection should be "perfectly fine" for any access point with an RSSI value better than -75, but I know from experience that my connection quality is miserable (i.e. < 50Kbps download) for almost all of these, including those with RSSI values better than -75.  There is at least one exception, however, which gives me on the order of 2Mbps download, which is "great" in this context.
    I've tried using a more powerful USB antenna plugged into my MacBook Air (mid 2011), but as far as I can tell, it really doesn't make much difference.  Neither does my location within the boat.   The overriding factor seems to be which access point I happen to connect up to.
    I should point out that the closest access points are about 75 yards away, with many of them being several hundred yards away or more.  I'm guessing that even though the signal strength of some of the distant access points is causing them to get "chosen" some times, the results are unacceptable due to the distance.
    I'm hoping that I can determine, through experimentation, which access point(s) provide(s) acceptable performance and then configure my Mac to limit my connection to those points through whatever mechanism I need to use (e.g. channel, MAC id, etc.).

    Establishing a wireless connection with a client computer is left to the access point for various reasons. One reason that your Mac may not connect to the strongest access point is that it may have reached a limit of the number of clients it can serve, leaving it unable to accept a connection with another. The limit may not be very large.
    Suppose that happens, and your Mac establishes a connection with a more distant access point having a weaker signal. Then, suppose a client drops off the network. Doesn't this mean your Mac will switch to the stronger access point? Not necessarily. The throughput delivered to and from your Mac would have to drop below a threshold specified in the AP for it to drop the client, leaving your Mac free to connect with another one. The reason for this is to prevent rapid switching from one AP to another in an area in which two signals are of approximately equal quality. If that were to occur the frequent and repetitive handshaking between the two devices would slow throughput to zero.
    In an environment in which several access points are broadcasting the same SSID, Apple provides no insight as to how it determines which access point to choose. This is the reason I suspect this "choice" is a function of the router, or access point. The connection originates with it, not the Mac.
    Now, what would solve your dilemma would be to determine a way to control the access point with which your Mac connects, by specifying the access point's unique MAC address for example. In this happy circumstance, you could maintain an editable "whitelist" or "blacklist" of the harbor's access points and be able to choose which among them you prefer.
    I do not believe OS X maintains such a record of MAC addresses though, only those of the routers it uses. If I am correct about that, such a solution is unlikely to exist. Don't let that discourage you from searching for one though... I would concentrate on something like "selecting access point by specific MAC address".
    I did find this patent application though:
    Roaming Network Stations Using A Mac Address Identifier To Select New Access Point
    Perhaps it's a start

  • Connectivity loss when roaming from AP to AP

    I work for a healthcare organization where nurses use what we refer to as COWS, or carts on wheels. These carts are basically laptops attached to carts that utilize our wireless infrastructure to access patient care applications.
    The problem we've been having and working with the application developers on is that, whenever the carts are moved between patient rooms and have to associate with a different AP, the telnet connection that the application uses to establish connectivity is dropped during the short delay in the changeover.
    Anyone have any experience with settings that might mitigate this? Far as I know there are no telnet timers that can be adjusted(buffered) to help with this situation, and I'm not certain if anything can be adjusted on the wireless network to help. The "fix" has been to have the user reboot to re-establish the telnet session and then everything's good again.
    Any suggestions on things to try?
    Thanks.
    /rls

    I assume these are all on the same SSID and same subnet, i.e. there are no layer 3 roaming issues since you did not mention if you use LWAPP APs. In any case I used to roam all the time with telnet sessions to Cisco switches. If it is dropping the session, it is more likely because of the host system. You could test that by testing to a Cisco device.
    A couple of suggestions:
    1. Use WPA2 instead of WPA. WPA2 handles roaming better.
    2. If you are using XP wireless make sure you have the Microsoft WPA2 update installed. Not necessary if you use another wireless supplicant.
    3. Test roaming with a laptop from room to room. If you are loosing more than two pings or so, your roaming sensitivity is not working optimally. Use continuous pings.
    4. You could go to fast roaming using CCKM; however, I would make sure the standard roaming method is working correctly before going to the effort of changing everything. Besides, you will need to have a wireless client capable of CCKM. If not, you are out of luck. I had that problem with some of my Windows CE devices. They were too dumb to use CCKM.
    5. I did have some Windows CE devices which did not roam properly until I had the roaming sensivity set. I was loosing about 7 pings. This is not normal unless you have a problem.
    6. Last resort - but expensive. We had an intermediate server that would hold sessions to SAP due to the potential of the same problem you have. The company that provided it to us was Psion Teklogix. It prevented session loss because a server held the session, not the mobile client. A company like this one should be able to modify the application to your needs if you have money to spend.
    Testing is the key I think, but WPA2 would have to help due to the caching of authentications. If you go back to a room you were just in, it should roam faster.
    Randy

  • Need to setup AP's with the same SSID

    We are looking to purchase two Acess Points for our new building.  Currently at our old facility we have two lower end AP's with two different SSID's.  Users just manaully switch between the two.  I'd like to know how difficult it would be to set things up so users wouldn't have to manually switch as they traveled through the building.
    I have been looking at Cisco AP below and was wondering if it had the capability to do this.  Is there any other hardware or software required to set something like this up.
    Just to clarify I only need two AP's and want things transperent to my users.  I want them to be able to walk from area covered by AP1 and to another area covered by AP2 and not loose any connection.  Also want this to be automatic so the users do not have to do anything to switch things over.
    Any info anyone can provide to help me out would be greatly appreceated.  Thanks in advance.
    Cisco Aironet 1140 AIR-LAP1141N-A-K9 Wireless Access Point

    Note that the part number you gave (AIR-LAP1141N-A-K9) requires a controller to operate.  That is because the OS on it is a lightweight image.  If you already have the APs, they can be converted to autonomous mode per the instructions at http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp161272.  If you haven't yet ordered them, use AIR-AP1141N-A-K9.  (Or,use 1142 if you want both the 2.4GHz and 5GHz radios.)
    And, yes, if you configure both APs with the same SSID and the same encryption/authentication, clients will be able to connect to both without changing their parameters.  Whether or not they roam properly is dependent on how close the APs are to one another and how well the individual clients roam.

  • What is the best configuration for 2 AP's Broadcasting? same SSID/channel?

    So i have 2 WRT54G version 2.0 wireless routers. They are not doing DHCP for my home network, i have another device (Sonicwall Firewall) that is taking care of that. Originally I had 1 wireless router (acting as just an access point, but I now have an additional one and want to add it to extend wireless coverage.
    My question is this. How do i make it so that laptops can roam around my house and switch from AP to AP depending on which one has the best signal? Is this possible?
    I figure that i would have to obviously disable DHCP on each router. But what about SSID's. Can they be the same? What channel should i use, the same for both, or different channels?
    Any help would be awesome, Thank you!
    -Aaron

    For a roaming network both access points must have the identical SSID and identical security settings. Regarding the channel it is difficult to say. They should be different as broadcasting on the same channel creates interference. Better whould be to use non over-lapping channels, e.g. channel 1 & 6. The problem, however, are the clients. Some clients have difficulty with roaming across channels.
    I had two access points with channel 1 & 6. My laptop worked fine in all locations with interruption. However, my WiFi-IP-Phone had troubles. It seems to search the channels from 1 up, thus I was able to roam from channel 1 to 6 but never back. The phone just disconnected.
    So, I would recommend to use different channels and test if your clients can roam without problems. If you'll find that one does not properly work try to put them on the same channel. Also: be patient when changing the configuration. I would even recommend to power cycle the router after each change of channel as well as the client. In the beginning I never did that and very often it did not work in the beginning but after an hour it work. I suppose this was because I was using WPA2 and some problems due to the rotation encryption keys WPA2 is using...

  • Access Connections - Many APs with same SSID (Again)

    I have a W520 running Access Connections 6.11 (release December 2013) on Windows 7 Pro 64-bit.  Access Connections is still broken in regards to dealing with multiple Access Ponts having the same SSID.  It keeps hoping from one access point to another regardless of signal strength of the AP.  
    The most desirable strategy would be if Access Connections would find and lock on to the best signal strength AP and stay there.  However, it doesn't do that.  It acts almost randomly.  It also keep shifting around.  The rate is almost random as well.  Sometimes it will stay locked on to an AP for up to 10 minutes, at other times it shifts in as little as 30 seconds.
    Other laptops, from other manufacturers like HP, Toshiba, and Apple do NOT exhibit this behavior on our campus.  Other Lenovo machines running Access Connections DO exhibit this behavior.  The problem is NOT machine specific (ie, not hardware or some weird idiosyncracy of the particular W520 i'm posting about).  The problem is Lenovo's Access Connections.  The problem is also not a configuration issue with the campus.  I have a network at home running Airport Extremes all having the same SSID's and the W520 in question does exactly the same behavior there.  Totally different hardware at home vs campus and same behavior.  I cannot change the names of the AP as a fix.  This is not a capability in the configuration of the AP's.  Even if it were, I shouldn't have to do it.  Campuses are often configured in this way.  Campuses that are large commercial users who I believe are the most lucrative Lenovo customers.
    This problem has been going on for literally years with different versions of Access Connections.  Here are two threads in the Lenovo Community I found in under 30 seconds.  Neither was solved correctly.  In other words, Lenovo never fixed the software, and people had to either give up or resort to kludge solutions in their campus configurations.  
    http://forums.lenovo.com/t5/ThinkVantage-Technologies/Is-it-possible-to-default-to-a-specific-Access...
    http://forums.lenovo.com/t5/ThinkVantage-Technologies/Access-Connections-Many-APs-with-same-SSID/m-p...
    Lenovo has actually made the problem progressively worse over time instead of fixing it.  They have done this by removing the abilty to prioritize AP's by MAC address.  Initially, Lenovo allowed you to configure 5 MAC addresses in order.  Then, Lenovo removed that capability making it possible to only give a single MAC address as preferred.  Finally, in recent iterations, Lenovo removed that capability alltogether.  The box is still there in the UI, but it's greyed out.  It is very frustrating to have this kind of thing happen.  The prioritize capability is fundamentally a kludge, but at least it's something to give a bit of a workaround.  Now we don't even have that.
    Can a lenovo engineer please look at this issue and give me a timeline for resolution?
    BTW, It is still not possible to configure Access Connections with a blank SSID either.  I bring this up, because if you're going to fix the Access Connections code for multiple SSID's, you should be aware of the blank SSID problem as well.  I imagine they are both in the same part of the Access Connections codebase, at least from a logical standpoint.
    Thank you.

    I found that there is a setting in the Intel driver (15.9.1.2, released 8/22/2013) for the wireless card (Centrino Advanced-N 6205).  The setting adjusts the "roaming aggressiveness".  I can only guess this means how often the driver goes out and tries to find a "better" signal and/or bandwidth.  The card supports a/b/g so the calculus is complex as to what constitutes "better", and I have no idea how sophisticated the algorithm the driver uses is.
    That said, if I set the "aggressiveness" to the most aggressive setting, things work somewhat better.  They are still not as a good as other wifi managers bundled with competing products (specifically HP, Toshiba, and Apple so far), but it helps.  It does appear that more of the time now, the AP having the best signal appears to be the AP the laptop is attached to.
    Lenovo, please consider that forcing your customers to dig around in arcane driver settings and relying on the whims of driver writers and hardware companies to do things correctly and well, is a recipe for failure.  Your customers are just going to get annoyed and say to their colleagues, "My old Toshiba seemed to do a better job of WiFi connections. I think next time, I'm going to have IT get me one of those again."   And, of course, that colleague will look a lot harder at buying the Toshiba instead of the Lenovo, as well.  Wifi connectivity is a very big deal for people who have to move around - and lets not forget, this is a laptop we're talking about, which is explicitly designed to, well, be moved around.
    I apologize for being so pedantic, but it often takes such measures to get managers in these companies who control programmer time, to take these issues seriously and allocate the programmer resources to fix these problems.
    The problem I am having is still not considered "fixed."  I would very much like to hear any other solutions that work better.  I would love to hear from Lenovo on the matter.  Still waiting.
    Thanks.

  • Flex Connect Across Multiple VLANS same SSID

    I just need to find that if we have flex connect setup for differnet vlans using single controller, will roaming works when client connects to AP in a differnet VLAN but using same SSID.
    Example below:
    1) Client connects to AP on specific SSID mapped to VLAN 100, get an IP address ..all good at this point
    2) Client walks and connects to a differnet AP on same SSID but mapped to VLAN 200...at this point I observe client doesnt get a new IP address in fact it retain IP from step-1 and there is no connectivity
    3) Client walks back to first AP and connectivity is restored
    Why in step-2 client doesnt gets a new IP from VLAN 200 even when it shows connected to AP.

    Just to add to Rasika.... L3 isn't supported....I just ran into this a few days ago.... clients should request another dhcp when roaming to another FlexConnect AP that is mapped to a different VLAN.  The issue is, that some clients don't try to renew their dhcp address and gets stuck with the default 169.x.x.x.  I see this with Apple devices in general and what we are going to do is get rid of the multiple vlan setup (vlan per floor) and create a bigger vlan that the SSID will be mapped to.
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • Same SSID, different Vendors

    Hi,
    Has anybody in this forum ever deployed a wireless network with the same SSID, but using 2 different vendors.
    We have a warehouse and office space separated with concrete wall.  In the warehouse, we have one vendor
    and in office, we have another vendor.  We want to use the same SSID in order to facilitate roaming.
    Is this feasible?
    Thx

    It will not work well in some environments. Two separate systems, lightweight and autonomous does not communicate with each other to support roaming.
    If you have standalone access points using open or maybe preshared key, then it can work since each roam required a full reauth. As long as the users are in the same subnet, it can work. If your using 802.1x then the roam will be very slow due to full reauths.
    Sent from Cisco Technical Support iPhone App

  • Can 2 networks have the same SSID?

    I have myself a Cisco 340 series Aironet Access Point and a PC card. I want to
    achieve a seamless roaming scenario between 2 networks.
    I would like to know whether networks A and B, each having subnets as
    111.111.xxx.xxx and 111.112.xxx.xxx respectively, can have the same SSID? I
    want a mobile user to be able to be in all 2 networks, but only receive
    information from the one network which it is within range.

    This depends on the OS on the client devices. Win2K and higher will automatically renew IP address information if a user roams into a new IP subnet. There is a relatively significant delay, however (~5sec. until it attempts a renewal).
    If these networks are near each other (i.e. in the same building), you may be better served by building a single VLAN for your wireless network. A single wireless VLAN will offer some significant benefits related to security, mobility and manageability.
    If these networks are not near each other, or if users will likely be shutting down their machines while moving from one network to another, the IP addressing will not be an issue.

  • Access points same SSID, Radius, Help plz

    Greetings, 
    I need help and advice please configuring the following scenario...
    3 floors building, 2 AP on first floor, 1 on second floor, 1 on 3rd floor.
    i want them all to share same SSID, for user roaming around the building without being disconnected and reconnected to another AP
    currently working on window servers 2012.
    trying to read about Radius server implementation, but the thing is, i also need guests in the building to have access via their cellphones or personal computers sometimes, when told so ( non domain users)
    Can someone plz point me to a solution ? how to get domain users access ? how to have random guests access the AP internet access
    thanks

    Can u enlighten me plz on what the wireless controller task is here exactly ? i have 3 hp 2920-24G switches on all floor, and from the datasheet, supposedly it supports IEEE
    802.1X, can it be used as a wireless controller if configured properly ? also have a fortigate 60D router but only support fortinet AP for management.

  • Cisco ISE 1.2 AD Auth and Internal Auth on Same SSID?

    Hello everyone... I'm fairly new to Cisco ISE 1.2 and am looking to try and setup a certain configuration.  I'm trying to figure out how to create what amounts to a BYOD dmz'd wireless network that is PEAP based (or tls) but authenticates known users (employees from AD groups) but for users not found in those AD groups uses the internal user database and/or Web Auth?  Make sense?
    So, I of course can get the Authentication/Authorization policies configured for PEAPTLS  and make to AD based on group and provide a VLAN number.  No problem... I'm having trouble wrapping my head around how to combine the internal users or web auth users in this mix on the same ssid?  I know by reading the ISE statement that the authentication policy if PEAP/TLS, ect is used, then a user not found is rejected and does not continue...  Can someone provide an example as to how to accomplish this?  
    As a side note in 1.2, is there the ability to limit the number of consective logins as in ACS, outside of guess access only? What about in 1.3, which makes me nervous to upgrade in reading the instructions and the 'newness' of it.
    Thank you for any help, it's greatly appreciated.

    I'd like to confirm if the required changes in the VM server were
    made, as there are a few changes in the ISE OS. The changes required are
    listed in the release notes, under "VMware Operating System to be
    Changed to RHEL 5 (64-bit)". Here's a direct link to the relevant section:
    http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp384531
    Other causes can be :-
    certificate issue on ISE or not enough disk space.

  • Using two routers for the same SSID

    So here's my story. I have a standard Actiontec router in my basment, connected straight to the coax outlet, and connected by LAN Ethernet to a crappy computer nobody uses. It gives off a WPA2 wifi network, let's call it MyNetwork. For the longest time it's been the only router in the house. The coax outlet is on a splitter, splitting the coax outlet into one wire that goes to the Actiontec modem/router and the other to my TV STB. Recently we installed a new coax outlet on the other side of my house and next to it we have a brand new desktop computer that we use often. It has no wifi so and we can't run an ethernet cable throughout the entire house so we got a new Actiontec modem/router from our neighbor who just moved out. It's the exact same Actiontec device.
    What we want to do is make it so that both routers give off signal on the same MyNetwork we have to make it a wider reaching signal, and so that I can connect the new desktop computer to the new router with an ethernet cable. I've read so many guides and they're all so confusing and it's such a mess that I almost completely screwed over my network. it seems like the two routers are completely independent of one another, not even aware of the others' existence. The new router is definitely in range of the old one. I've logged into 192.168.1.1 on the new computer and the new router seems to think it IS the old router (or so I think). It showed me all the same devices that have connected to MyNetwork and such, but then again it's always hard to be certain exactly which device is which. After messing around I must have changed some IP address or something, but it seems that 192.168.1.1 doesn't take me to the Verizon login screen, but 192.168.2.1 does. Can I reset those IP addresses?
    And of course, can somone please provide a clean, easy to follow course of action as to how to set up two routers on one network?

    maxbirch wrote:
    ... I have a standard Actiontec router in my basement ... connected by LAN Ethernet to a computer ... It gives off a WPA2 wifi network, let's call it MyNetwork ... The coax outlet is on a splitter ... one wire that goes to the Actiontec ... other to my TV STB ...
    ... installed a new coax outlet on the other side of my house ...
    ... What we want to do is make it so that both routers give off signal on the same MyNetwork we have to make it a wider reaching signal, and so that I can connect the new desktop computer to the new router with an ethernet cable ...
    ... can somone please provide a clean, easy to follow course of action ... ?
    I suspect it might be a good idea to step back reconsider your ultimate layout.  Essentially you now have two (or if the STB is also included, three) coax drops connected to the ONT.  It seems that you desire that one of these service the STB, and the other two each service a desktop and a wireless access point.  If this is the case, continue reading.
    There is no need to consider the original Actiontec router as the primary router, wireless or otherwise.  Use the new coax location to connect to the primary Actiontec router (you can use either router).  For starters, reset both routers to their factory defaults using the reset switch on the back of each device (for details, do a search).
    Once the primary router has been located (or relocated) to the new coax drop, just connect the new desktop there using an Ethernet cable connected to one of the LAN ports on the back of the router.  Then set up your primary wireless network based on this router (once again, do a search on these forums for specifics on setting up a basic wireless home network).
    Now use the original coax outlet where the first router was located to set up another access point.  This access point will provide Ethernet connections plus an additional wireless network (if it's still needed).  However you cannot have two wireless devices on a single home network with the same SSID (i.e., network name).  Here are details on some methods to do this:
    http://www.dslreports.com/faq/12506
    For additional details, here's the complete FAQ:
    http://www.google.com/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&cad=rja&sqi=2&ved=0CCwQFjAA&url...
    Take a careful look at these suggestions and references to decide if this is what you want.  Then report back if there are remaining questions.  Good luck.

  • Same SSID different MAC address

    Ok... This is the best place for me to post this I think...
    I am sharing an internet connection and am relatively close to the router (linksys) but because of the materials my building is constructed with I get a **** poor connection. So, there is a closer range extender that I can connect to, the range extender is also a linksys range extender, and I have no problems when I connect to it. The only problem is actually getting connected to it in the first place. My computer will automatically connect to the router rather than the base station. They both have the same SSID, and obviously different MAC addresses. Is there a way to force my computer to only connect to the range extender and ignore the signal from the router?

    I have no problems with the range extender itself. It works great. The problem is that my airport card cannot tell the difference between the range extender and the router. Sometimes it will connect to the router, and sometimes to the range extender. I want to force it to connect to a specific MAC address rather than using only the SSID. Is there a way to do this?

  • Same SSID, different vlans

    I currently have a 4402 in place, with my main office building working fine.
    We are looking at bringing in the wireless at 4 other sites, but we want to use the same SSID.
    How would I go about assigning different vlans (networks) to the same SSID.

    You can use the "AAA Override" feature on controller. You need to have different dynamic interfaces for different vlans configured on the controller. After sucessful authentication, radius server could pass the dynamic interface information to the controller and controller can put users to different vlans according to the feedback from radius server:
    http://www.cisco.com/univercd/cc/td/doc/product/wireless/control/c44/ccfig40/c40sol.htm#wp1086421
    Zhenning

  • Error fetching network with same SSID, different floors

    Dear,
    I would like help from you, because I have a problem and I can not detect.
    I have six devices installed in the WAP model 4410N on two different floors, and a third on each floor.
    Both are with the same SSID, but when I'm walking him on a quest equipment that is in another floor, which causes the machine to drop the connection due to fluctuations and barriers such as walls, doors, windows, elevators, etc. .. .
    I wonder how to detect only the AP network of walking even with the same SSID.
    VLAN use one at each andaar.
    If you have any suggestions thank you.
    thank you
    Anderson

    Hi Anderson,
    It sounds like you have 5 access point in standalone and 5 SSID broadcasting but you can't know the difference between which SSID is good depending where you are at.
    If you can use any of the AP as a repeater (you may repeat 2 additional ap), when the signal strength of the original connection is low enough, it should fall to the more powerful strength of the repeated SSID.
    Additionally, if you'd like to use more than 3 AP in a repeater group, you may want to look in to something like the AP541N. These devices support clustering, up to 10 units.
    -Tom
    Please rate helpful posts

Maybe you are looking for