Wireless Roaming

Hi,
I have the following setup:
Several autonomous Cisco APs, PEAP authentification with radius-based VLAN assignement and WPA2-AES encryption. Is it possible to provide fast roaming between my APs so that the whole process of re-authentification with radius server does not occur?
Is CCKM supported in my case (with dynamic vlan assignement)?

Hi,
When using security in IOS APs you need WDS to achieve Fast roaming.
Basically, there is a master AP (WDS AP) that controls RRM and the authentications. All other APs are infra-structure APs and report to the WDS.
This makes it possible to centralize the associated users so that when a user roams, it does not need to re-authenticate and the roaming is fast.
Please find more information here:
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml.
http://www.cisco.com/en/US/products/hw/wireless/ps458/products_configuration_example09186a008059a559.shtml.
HTH,
Tiago
If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Similar Messages

  • Best Practice for FlexConnect Wireless roaming in MediaNet environment?

    Hello!
    Current Cisco best practice recommendations for enterprise MediaNet design, specify that VLANs be local to a switch / switch stack (i.e., to limit the scope of spanning-tree). 
    In the wireless world, this causes problems if you want users while roaming to keep real-time applications up and running.  Every time they connect to a new AP on a different VLAN, then they will need to get a new IP address, which interrupts real-time apps. 
    So...best practice for LAN users causes real problems for wireless users.
    I thought I'd post here in case there's a best practice for implementing wireless roaming in a routed environment that we might have missed so far!
    We have a failover pair of FlexConnect 7510s, btw, configured for local switching for Internal users, and central switching with an anchor controller on the DMZ for Guest users.
    Thanks,
    Deb

    Thanks for your replies, Stephen and JSnyder.
    The situation here is that the original design engineer is no longer here, and the original design was not MediaNet-friendly, in that it had a very few /20 subnets bridged over entire large sites. 
    These several large sites (with a few hundred wireless users per site), are connected to an HQ location (where the 7510s in failover mode are installed) via 1G ethernet hand-offs (MPLS at the WAN provider).  The 7510s are new, and are replacing older contollers at the HQ location. 
    The internal employee wireless users use resources both local to their site, as well as centralized resources.  There are at least as many Guest wireless users per site as there are internal employee users, and the service to them consists of Internet traffic only.  (When moved to the 7510s, their traffic will continue to be centrally switched and carried to an anchor controller in the DMZ.) 
    (1) So, going local mode seems impractical due to the sheer number of users whose traffic bound for their local site would be traversing the WAN twice.  Too much bandwidth would be used.  So, that implies the need to use Flex / HREAP mode instead.
    (2) However, re-designing each site's IP environment for MediaNet would suggest to go routed to the closet.  However, this breaks seamless roaming for users....
    So, this conundrum is why I thought I'd post here, and see if there was some other cool / nifty solution I wasn't yet aware of. 
    The only other (possibly friendly to both needs) solution I'd thought of was to GRE tunnel a subnet from each closet to the collapsed Core / Disti switch at each site.  Unfortunately, GRE tunnels are not supported in the rev of IOS on the present equipment, and so it isn't possible to try this idea.
    Another "blue sky" idea I had (not for this customer, but possibly elsewhere in the future), is to use LAN switches such as 3850s that have WLC functionality built-in.  I haven't yet worked with the WLC s/w available on those, but I was thinking it looks like they could be put into a mobility group, and L3 user roaming between them might then work.  Do you happen to know if this might be a workable solution to the overall big-picture problem? 
    Thanks again for taking the time and trouble to reply!
    Deb

  • Wireless Roaming & Max connection on WAP54GP

    I have 3 WAP54GP Wireless APs in my office.
    I want to set up a wireless roaming between 3 WAPs with single SSID and PKS-TKIP encryption.
    Is it possible? Have any reference of this?
    I also want to know the max wireless connection of WAP54GP support.
    Many thanks!
    Dmok

    You can't do "seamless" roaming with these APs as they are controller-less.  However what you could do is set the same SSID on each AP and manually configure the channel that each uses instead of auto.  This will still require the client devices to reauthenticate however to each AP they connect to, so not good for Real Time traffic but usually ok for typical data.  Another option with these APs is for you to set them up in reapeater mode if possible and have one act as the "main" AP and allow it's signal to be repeated to the others as long as they could all "see" each other wireless signal.  As far as number of clients this AP supports up to 32 client devices.
    Best Regards,

  • Cisco Wireless Roaming - Redundancy

    Hi,
    I'm looking for 2 types of solution:
    1. Wireless Roaming without a controller
    2. Access Point redundancy - Two Access Point with the same coverage but in a Active/Standby scheme. Is this posible?
    Thanks.
    Ivan

    Roaming is going to work so long as your configuration matches on the AP. i.e the PSK and SSID are the same.
    If you are doing 802.1X then you would want to configure one of the AP as a WDS master so that you aren't having to authenticate all the way back to AAA on a roam.
    WDS Configuration:
    http://www.cisco.com/c/en/us/support/docs/wireless/aironet-1100-series/44720-WDS.html
    You can also configure Hot Standby on an AP: http://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/RolesHotStandby.html#wp1037487
    HTH,
    Steve

  • Wireless roaming in different networks

    Hello,
    In Wireless networks if we have two different networks with the same SSID when we pass from one network to another network, the client will change the ip network automatically or we need to disconnect and connect again to request another ip?
    I would like to know this information to Flexconnect and local. 
    Thank you.
    Best Regards
    Cristiano Nunes.

    Hello Cristiano,
    You don't need to disconnect and connect again if you have Layer-3 Roaming enabled.
    To configure Layer 3 Mobility, following requisites should be considered.
    SSID and security policies should be same across MAs.
    Client VLAN ID should be different for Layer 3 roaming.
    Either one or both of the bridge domain ID and client VLAN ID should be different for Layer 3 Roaming.
    Please find the attached topology for better understanding.
    Regards,
    Moin Ilyas.

  • Wireless roaming best practice

    When setting up standalone access points on the same SSID is it best to use multiple channels that do not overlap (ie 1,6 and 11) or use the same channel for every access point?
    We have 1 SSID in our office spread over 3 access points and currently I have it set to use channels 1, 6 and 11 on each. Is this correct or should I use the same channel on each?
    Devices seem to operate and roam correctly I was just querying the best practice.
    We cannot justify the cost of WDS.

    Hi Scott,
    Thanks buddy! Much appreciated. We are extremely cautious when it comes to changing "working" deployments. The move to new versions of code (for both Voice and Wireless) is always well researched to the point of being almost paranoid ;-)
    The "better safe than sorry" mantra, is a great rule of thumb when working with these products. Too many bugs for my liking.
    Cheers!
    Rob

  • Wireless Roaming with more than one access point

    Dear All,
    I am trying to set up roaming access points around my home. My main router is the Hub 3 and what I am doing is setting the SSID and channel i want on the hub 3 then setting the same SSID on the additional access point (WNR1000v3) and disabling DHCP on the additional access point and setting a static IP and a different channel to the one  on the hub 3. 
    The problem I am getting is that my devices (android smartphone and tablet) will either only connect to one of the access points when I am near it and then when I go to the area that the hub 3 is in it drops the connection.
    I want to know why this is happening because at another house where I work I have additional access points broadcasting the same SSID as the home hub 2! which works. 
    Please could someone tell me why this is happening and what I can do to prevent it.
    Many Thanks,
    Dominic
    Solved!
    Go to Solution.

    dombullion wrote:
    Thanks for the reply Keith, 
    But why does it not allow for Roaming?
    There is an internal Ethernet switch which routes the Ethernet frames to a specific device MAC address, via the wireless module, or the LAN ports, but not both.
    Once a device MAC address appears on the LAN side, all frames are routed to that interface, until the physical interface is disconnected.
    That prevents the same MAC address connecting to the wireless interface.
    Universal wireless repeaters do not have that problem, as all connections take place on the wireless interface.
    There are some useful help pages here, for BT Broadband customers only, on my personal website.
    BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

  • Enabling Wireless Roam

    I've installed iwlwifi-4965-code. How do I enable roaming mode? I'm in Gnome.

    At the moment, wicd. After tweaking with it a bit and with help from the wiki, I got it to work. But if I enable that, my sonata/mpd thing won't connect.
    Here's my rc.conf
    # /etc/rc.conf - Main Configuration for Arch Linux
    # LOCALIZATION
    # LOCALE: available languages can be listed with the 'locale -a' command
    # HARDWARECLOCK: set to "UTC" or "localtime"
    # USEDIRECTISA: use direct I/O requests instead of /dev/rtc for hwclock
    # TIMEZONE: timezones are found in /usr/share/zoneinfo
    # KEYMAP: keymaps are found in /usr/share/kbd/keymaps
    # CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
    # CONSOLEMAP: found in /usr/share/kbd/consoletrans
    # USECOLOR: use ANSI color sequences in startup messages
    LOCALE="en_AU.utf8"
    HARDWARECLOCK="UTC"
    USEDIRECTISA="no"
    TIMEZONE="Australia/Adelaide"
    KEYMAP="dvorak"
    CONSOLEFONT=
    CONSOLEMAP=
    USECOLOR="yes"
    # HARDWARE
    # MOD_AUTOLOAD: Allow autoloading of modules at boot and when needed
    # MOD_BLACKLIST: Prevent udev from loading these modules
    # MODULES: Modules to load at boot-up. Prefix with a ! to blacklist.
    # NOTE: Use of 'MOD_BLACKLIST' is deprecated. Please use ! in the MODULES array.
    MOD_AUTOLOAD="yes"
    #MOD_BLACKLIST=() #deprecated
    MODULES=(ac battery button dock processor thermal video wmi cdrom intel-agp nvram hid usbhid i2c-i801 i2c-core evdev ff-memless joydev pcspkr psmouse serio_raw led-class thinkpad_acpi mmc_core ricoh_mmc sdhci-pci sdhci pci_hotplug shpchp rtc-cmos rtc-core rtc-lib nvidia output iTCO_vendor_support iTCO_wdt !snd-mixer-oss !snd-pcm-oss !snd-hwdep !snd-page-alloc !snd-pcm !snd-timer !snd !snd-pcsp snd-hda-intel !soundcore pata_acpi ata_generic scsi_mod ahci ata_piix e1000e mac80211 rfkill iwlagn iwlcore iwl4965 cfg80211 pcmcia_core rsrc_nonstatic yenta_socket usbhid usbcore ehci-hcd uhci-hcd ieee1394 ohci1394 sd_mod sr_mod)
    # Scan for LVM volume groups at startup, required if you use LVM
    USELVM="no"
    # NETWORKING
    # HOSTNAME: Hostname of machine. Should also be put in /etc/hosts
    HOSTNAME="Arkainia_Prime"
    # Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available interfaces.
    # Interfaces to start at boot-up (in this order)
    # Declare each interface then list in INTERFACES
    # - prefix an entry in INTERFACES with a ! to disable it
    # - no hyphens in your interface names - Bash doesn't like it
    # DHCP: Set your interface to "dhcp" (eth0="dhcp")
    # Wireless: See network profiles below
    #eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
    eth0="dhcp"
    INTERFACES=(lo eth0 !wlan0)
    # Routes to start at boot-up (in this order)
    # Declare each route then list in ROUTES
    # - prefix an entry in ROUTES with a ! to disable it
    gateway="default gw 192.168.0.1"
    ROUTES=(!gateway)
    # Enable these network profiles at boot-up. These are only useful
    # if you happen to need multiple network configurations (ie, laptop users)
    # - set to 'menu' to present a menu during boot-up (dialog package required)
    # - prefix an entry with a ! to disable it
    # Network profiles are found in /etc/network.d
    # This now requires the netcfg package
    #NETWORKS=(main)
    # DAEMONS
    # Daemons to start at boot-up (in this order)
    # - prefix a daemon with a ! to disable it
    # - prefix a daemon with a @ to start it up in the background
    DAEMONS=(syslog-ng @laptop-mode @acpid !network @netfs crond hal @fam @adsl @wicd @alsa @transmissiond @mpd @gdm)

  • Wireless roaming problem (WAP4410n)

    Hello, I have two WAP4410n and I want to use it in roaming mode. All two points configured to use same SSID, psk-key, but used different channels (5 and 9). The problem is that sometime second point is not accessible until I restart it. I connect to the wlan using first point than move to the room with second and there is no roamig. Is this a point problem or bad settings?

    Hi llya, I assume you mean to say using as a repeater.
    The AP has a couple known issues
    CSCts76476—The access point may periodically experience loss of
    connectivity when configured in bridge mode. Workaround: Unplug the
    power adaptor or PoE cable, and then plug it back in.
    • CSCtx62203—In certain environments and traffic model, the WAP4410N
    may lockup after some undetermined time. Workaround: Reboot the
    device.
    -Tom
    Please mark answered for helpful posts

  • Net-auto-wireless roaming with suspend

    I didn't really know how to name this thread, but I think the gist of it is up there.
    I bring my laptop to school and back every day, and use different wireless networks in each place.
    I use net-auto-wireless (n-a-w) to connect on boot, but after suspending, and resuming in the new location I have to manually restart the daemon to get a connection back. I'm not sure if n-a-w is supposed to handle this use case, or if there is a better way to handle it.
    Any tips?

    Those of you have net-auto-wireless, please stop saying "me too" and provide relevant logs from wpa_* stuff. When you suspend, wpa_supplicant deauthenticates -- what is the reaction of wpa_actiond? For example:
    dhcpcd[852]: wlan0: removing interface
    wpa_actiond[674]: Interface 'wlan0' disconnected from network 'lsusecure'
    After you wakeup the machine in a different location, is there a profile corresponding to your previous network in /run/network/profiles/?
    @tomk:
    I used net-profiles until very recently (when switched to net-auto-wireless) and suspend worked out of the box... you should probably investigate your problem further.
    Also, putting a script into /etc/pm/sleep.d which stops net-auto-wireless will cure the suspend problem...

  • Routing issues roaming wireless clients?

    Hello,
    I have a site with wireless roaming printers that have static ip addresses and can roam throughout the building. Several times an hour the print server (in another building / subnet) cannot ping the printer therefore cannot send its print job. Whats odd is that they can ping the printer from the associated AP and can ping from a laptop associated to the same AP. Communication can go down from the server to the printer(s) for several minutes and then just reconnect. I see syn packets leaving the printer but not getting any syn/ack back. I also cannot ping the printer from a different subnet / my vpn connection. Is there any issues with roaming wireless clients and routing protocols / spanning tree that could cause a problem? I can only imagine with mac addresses moving from one AP to another that something could break. The AP's are 1210's with b radios running 12.3(2)JA2.
    Thanks in advance.

    Hi
    Thanks for ur reply the problem has been taken care of by configuring the smartports as others and getting the arp inspection disabled

  • Need help configuring Cisco/Linksys wireless router to extend wi-fi signal to living room

    My U-verse wireless gateway is in the back of our house. We live in an old 1920's home with solid wood walls. For our macbooks, we get a pretty decent signal, but my wife's iPad 2 get's poor wi-fi speeds. I bought a Cisco/Linksys WRT160N wireless N broadband router. I have a wired connection in my living room (going to a 4 port switch) then connected to my DVR. I tried hooking up the new router but ended up getting no signal on the iPad. In fact, it caused other issues. I ended up disconnecting it and re-booting my gateway. All came back fine. This wireless router replaces a similar unit that went out in after a power failure, so I know this can be done, but I forget exactly how I confiured the old one. I would like it to "extend" my signal to the living room, but I am also willing to create a new network (different SSID). Do I need to turn of DHCP? Are there any web sites that can assist me in configuring the router? I wish I didn't have to deal with this. The signal from the RG is great when you are in the back room (20+ down). But my wife gets about 3 down on her iPad in the living room. Thanks in advance.

    Hi ,
    I was doing some research on how this can be done. It does not appear there is an option in the Cisco router to set it up as an access point, but there are several options you can do to extend your network. 
    The first thing you can do is just set it up as a router behind router setup, and you will just have two separate networks. Make sure the DHCP pool does not conflict with the U-verse's gateway of 192.168.1.x. 
    The second thing you can do is connect the Ethernet cable to one of the LAN ports on your Cisco router instead of using the internet port. This should make it work like a smart switch. 
    With both setups, you want to probably change the SSID, network key, and wireless security settings to the same thing for wireless roaming abilities. That way, anyone that configures their wireless connection will be connected to both networks. Just make sure the wireless channels are not the same, and I would suggest having them at least 5 apart.
    Hope this helps.
    -ATTU-verseCare

  • How to add a second wireless network in my house..

    Hello,
    I have Verizon FIOS with the supplied Actiontec wireless modem/router M1424WR. This current setup works perfectly and has since I got it about 5 months ago.
    Note that all of my computers connect wirelessly.
    Here is what I would like to do and why:
    I have some weak reception spots upstairs (the Actiontec is located downstairs). I want to run cat5 from the Actiontec to an upstairs location and plug it into a WRT54G I just bought for this purpose. I want to have this upstairs WRT54G have it's own SSID so that I have two separate networks. I have no need for devices on the two networks to be able to communicate with each other.
    There is another reason I think I need the separate network; the Actiontec M1424WR has a known problem connecting with Xbox 360 wireless adapters. It can not connect to them with the current firmware. They are working on correcting it, but it may be a while and by installing an Xbox compatible wireless router (the WRT54G) upstairs, I am fixing two problems at once, the Xbox issue and the weak signal areas.
    I am not too experienced in this stuff, and it is my guess that extending my wireless network upstairs with the same SSID as the downstairs router would not work because the Xbox adapters can't connect to the downstairs located Actiontec.
    If anyone can tell me if my plan will work and tell me how to configure the router settings, it would be much appreciated. I am familiar with accessing and changing the router settings, I just don't know what settings to use!
    I am willing to change gears and buy something different if necessary.
    Thank you,
    Alan
    Edit: I know that I could use other wireless adapters on the Xboxes, but I really like the units made specifically for the 360's and want to stick with them.
    Another thought I had was to buy another WRT54G and place it next to the Actiontec downstairs and set up a roaming network using just the two WRT54G's. This way the Xboxes could connect throughout the network range. Again, I just don't know how to configure the devices. 
    Message Edited by acehog on 11-01-2007 12:57 PM
    Message Edited by acehog on 11-01-2007 01:10 PM

    It all works, and quite well at that. I decided on the WRT54G to be wired to the M1424WR downstairs. I bought a WAP54G and cabled it up to the M1424WR as well. The WAP went into an upstairs closet.
    My laptop and PC's worked perfectly. I checked former dead spots and they were gone. I unplugged the WRT and the WAP one at a time and sure enough, the computers stayed connected.
    I struggled with the "Moderate NAT" problem for quite a while. The trick to get the "Open NAT" out of the M1424WR is to check the "Allow Other Network Users to Control Wireless Broadband Router's Network Features" box.
    Our two 360's connect to Xbox live perfectly, every time. We played "system link" connected H3 through the home network; my son in one room and me in another. He played H3 on Xbox Live a lot.
    We can not even see a perceptible difference in Halo3 performance on our new and improved wireless roaming network vs. wired. I get all green bars in every room in the house. I didn't even know about the ability for the 360 to access a PC on your network. I was playing music on my upstairs TV from my downstairs PC.
    Needless to say, it all works thanks to your help, gv!
    I do have one more question; since the M1424WR regretably must remain my main router due to it's proprietary television functions, I have to use it's webpage to check connection status, etc. Why does everything connected on my network show up there except the WAP54G? Wireless devices connecting through the WAP54G do show up, just not the WAP. The WRT does show up.
    Thank you,
    Alan

  • Can i do this? (wired and wireless at the same time?)

    Hi all
    My first time on these boards, Iam hopefully setting up a wireless network at home very soon. At the moment I have a cable modem that is 'hard wired' directly into my G5 imac that has no wireless cards installed. simple (so far)
    Now... Iam getting a laptop very soon and wish to go wireless roaming the house etc so i will purchase an airport extreme at the same time.. is it possible to have my laptop on wireless and the G5 'hard wired' from the airport station providing 2 connections at the same time one wireless, one hard wired?
    If not, what kit do i need to make this happen? apart from a wireless card for the G5 which id rather not do as id like that connection 100% stable and as fast as the 10mb will go..
    Any help and advice would be appreciated.
    iMac G5   Mac OS X (10.4.7)  

    The default settings of the AEBS works with most cable modems without any configuration changes needed.
    The AEBS is a NAT router, meaning that it will be "seen" by your ISP as a single device. In turn, the AEBS will distribute private IP addresses, on the local network, to all of the computers connected to it (wired or wirelessly) because it has a built-in DHCP server. So in this case, each of your computers would be assigned an unique IP address.

  • Can I force my phone to make calls using WiFi, even when wireless is available?

    When I was in the UK a couple years ago I could make calls back to USA using WiFi, because the wireless service was incompatible with my phone.
    When I was in the Dominican Republic last year, even though I used GrooveIP and Google Voice, I came home to a $400+ wireless roaming bill, I think because the wireless service there IS compatible.  So how do I force my phone to make calls using WiFi, even when wireless is available?

        Hey there FredW,
    A $400 bill would certainly cause my jaw to drop so I absolutely want to provide you steps to prevent this from happening going forward.
    To avoid data charges you are going to want to make sure that Data roaming is turned off,http://vz.to/18oRFuS.
    You'll also want to disable mobile data,http://vz.to/1hCPg4Q.
    When using services such as GrooveIP, Google Voice, Skype you are going to want to make sure that you are connected to WiFi. Here is how to set up a WiFi connection,http://vz.to/II1jP6.
    Let us know if you have any additional questions.
    NicholasB_VZW
    Follow us on Twitter @VZWSupport

Maybe you are looking for

  • Migration.  Just some comments.

    Ok, this is a dupe post.  Admins, if you want to pull this go ahead.  But, some things have to be out in the open before someone thinks this is the mother of all short cuts to EP6 SP9. I ranted: Swell, Everyone read the docs on this? Hold on, it's go

  • How to prevent the printed page from displaying when printing to pdf

    I have Acrobat 7.0 Pro running on XP Pro. Immediately after I print an Excel, Word or text file to pdf, the pdf output automatically opens on my screen. Is there a way to turn this off? Thanks!

  • Ipad screen goes black with white letters

    what is the problem? start reading in book and screen suddenly go to black back ground and white letters

  • BG and LC configuration

    Hi all, Could anyone give me completer configuration for BG (Bank Guarantee) and LC (Letter of Credit). i was trying but it is not working, it's an immediate requirement plz thank you Moderator: Please, read the rules of SDN

  • Execute Process Chain Using ABAP

    Hi All, Is there any standard ABAP Code or Function Module through which we can execute the Process Chain Manually. Regards, Anuja