WLC/Roaming

Hello,
I have more different client networks with one ssid, when a client is in another network gets an ip it still from the old network.
How can I  to the wlc change this so he gets one right address.
I have a Cisco WLC 5508 and 1262/1252 Access point
thanks

Perhaps I'm missing the point of your post......
But we need to clarify what you are asking for.
From the few posts here, I understand that Client 1 at Site A gets an IP address from site A. When Client 1 roams to Site B, they continue to have the IP address from Site A. You don't want this?
So what is happening:
Layer 3 mobility.
When you roam from Site A to Site B, you should be anchored back to your original controller and should function with your IP address. So from client perspective, absolutely nothing should be wrong.
Now, are you trying to say that Clients that Roamed from Site A to Site B, cannot talk to Site B resources with the Site A address?   That would be the only reason I can think of where you'd "not work".
If you absolutely don't want Layer 3 roaming, then you have two options:
1) Do not allow your WLCs to be mobility aware. If they do not have each other in the mobility domain, no mobility will take place and your client will stay Layer 2.
2) (theory) Change your Virtual IP address between the two controllers. Mobility Handoff is rejected if the Virtual IP does not match. So when your client is handed off layer 3, the Site A WLC will not accept it and will remove the client instead of anchor.
The problem with that above however is that you need a client that is stupid enough to re-DHCP as soon as it roams....
If you have IP 10.10.1.10, and you roam to a new stie, with no L3 roaming, you're going to need a client that will either always re-dhcp, or will quickly learn 10.10.1.10 is not valid.....
Long Story short:
L3 Mobility is there for a reason and there is no "disable" button. Either allow your network to function with L3 clients, or configure it so L3 mobility will not happen.

Similar Messages

  • GUest WLAN with Anchor WLC - roaming problems

    Hello,
    my wireless network consists in 3 WLC 4402 which manage 40 APs.
    I have a fourth WLC which I installed on my DMZ for guest vlan anchoring and web autentication.
    Everiting works fine but I have a problem:
    If my client associates with an AP and then I authenticate I'm ready to make traffic. As soon as my client roams to an AP managed by a differnt WLC I need to authenticate again. If I roam back to the first AP i need to reauthenticate.
    In my guest WLAN I use WEB authentication provided by the internal web server of the Anchor WLC.
    Thnks everybody

    Here are the output of show mobility summary.
    The last WLC is the anchor.
    WLC1
    Symmetric Mobility Tunneling (current) .......... Disabled
    Symmetric Mobility Tunneling (after reboot) ..... Disabled
    Mobility Protocol Port........................... 16666
    Mobility Security Mode........................... Disabled
    Default Mobility Domain.......................... mob1
    Multicast Mode .................................. Disabled
    Mobility Domain ID for 802.11r................... 0x392f
    Mobility Keepalive Interval...................... 10
    Mobility Keepalive Count......................... 3
    Mobility Group Members Configured................ 2
    Mobility Control Message DSCP Value.............. 0
    Controllers configured in the Mobility Group
    MAC Address IP Address Group Name Multicast IP Sta
    tus
    00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up
    00:23:04:7d:73:20 10.20.1.21 mob1 0.0.0.0 Up
    WLC2
    Symmetric Mobility Tunneling (current) .......... Disabled
    Symmetric Mobility Tunneling (after reboot) ..... Disabled
    Mobility Protocol Port........................... 16666
    Mobility Security Mode........................... Disabled
    Default Mobility Domain.......................... mob1
    Multicast Mode .................................. Disabled
    Mobility Domain ID for 802.11r................... 0x392f
    Mobility Keepalive Interval...................... 10
    Mobility Keepalive Count......................... 3
    Mobility Group Members Configured................ 2
    Mobility Control Message DSCP Value.............. 0
    Controllers configured in the Mobility Group
    MAC Address IP Address Group Name Multicast IP Sta
    tus
    00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up
    00:23:04:7d:62:a0 10.20.1.22 mob1 0.0.0.0 Up
    WLC3
    Symmetric Mobility Tunneling (current) .......... Disabled
    Symmetric Mobility Tunneling (after reboot) ..... Disabled
    Mobility Protocol Port........................... 16666
    Mobility Security Mode........................... Disabled
    Default Mobility Domain.......................... mob1
    Multicast Mode .................................. Disabled
    Mobility Domain ID for 802.11r................... 0x392f
    Mobility Keepalive Interval...................... 10
    Mobility Keepalive Count......................... 3
    Mobility Group Members Configured................ 2
    Mobility Control Message DSCP Value.............. 0
    Controllers configured in the Mobility Group
    MAC Address IP Address Group Name Multicast IP Sta
    tus
    00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up
    00:23:04:7d:79:80 10.20.2.21 mob1 0.0.0.0 Up
    WLCAnchor
    (Cisco Controller) >show mobility summary
    Symmetric Mobility Tunneling (current) .......... Disabled
    Symmetric Mobility Tunneling (after reboot) ..... Disabled
    Mobility Protocol Port........................... 16666
    Mobility Security Mode........................... Disabled
    Default Mobility Domain.......................... mob1
    Multicast Mode .................................. Disabled
    Mobility Domain ID for 802.11r................... 0x392f
    Mobility Keepalive Interval...................... 10
    Mobility Keepalive Count......................... 3
    Mobility Group Members Configured................ 4
    Mobility Control Message DSCP Value.............. 0
    Controllers configured in the Mobility Group
    MAC Address IP Address Group Name Multicast IP Sta
    tus
    00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up
    00:23:04:7d:62:a0 10.20.1.22 mob1 0.0.0.0 Up
    00:23:04:7d:73:20 10.20.1.21 mob1 0.0.0.0 Up
    00:23:04:7d:79:80 10.20.2.21 mob1 0.0.0.0 Up

  • WLC roaming debug assistance

    I'm in a position where I need to prove that a suppliers device doesn't truly roam between APs on a WLC. The device will eventually drop the AP when the signal is low enough and then re-authenticate to a new AP, but it doesn't seamlessly roam.
    As far as proving it, on the WLC Client Detail page, the device doesn't support CCX extensions, which, as far as I understand, is probably evidence enough in itself.
    I've also logged the device and have only ever seen
    xx:xx:xx:xx:xx Association received from mobile on BSSID aa:aa:aa:aa:aa
    I've never seen a
    xx:xx:xx:xx:xx Reassociation received from mobile on BSSID aa:aa:aa:aa:aa
    Is that evidence enough that that device doesn't actually roam?
    Is there a more elegant way, in layman's terms, to prove the point?

    Hi
    I can see multiple time given client authentication failed. So it is look like given client unable to connect to the network.  See the reference time interval & Access-Reject message for this client.
    *Dot1x_NW_MsgTask_5: Sep 22 10:43:20.536: 00:80:48:78:50:65 Processing Access-Reject for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:43:20.536: 00:80:48:78:50:65 apfMsPeapSimReqCntInc
    *Dot1x_NW_MsgTask_5: Sep 22 10:43:20.536: 00:80:48:78:50:65 apfMsPeapSimReqFailureCntInc
    *Dot1x_NW_MsgTask_5: Sep 22 10:43:20.536: 00:80:48:78:50:65 PMK: Sending cache delete
    *Dot1x_NW_MsgTask_5: Sep 22 10:43:20.536: 00:80:48:78:50:65 Removing PMK cache entry for station 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:43:20.536: 00:80:48:78:50:65 1 PMK-remove groupcast messages sent 
    *Dot1x_NW_MsgTask_5: Sep 22 10:43:20.536: 00:80:48:78:50:65 Removing PMK cache due to EAP-Failure for mobile 00:80:48:78:50:65 (EAP Id 167)
    *Dot1x_NW_MsgTask_5: Sep 22 10:43:20.536: 00:80:48:78:50:65 Sending EAP-Failure to mobile 00:80:48:78:50:65 (EAP Id 167)
    *Dot1x_NW_MsgTask_5: Sep 22 10:43:20.536: 00:80:48:78:50:65 Entering Backend Auth Failure state (id=167) for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:43:20.537: 00:80:48:78:50:65 Setting quiet timer for 5 seconds for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:43:20.537: 00:80:48:78:50:65 dot1x - moving mobile 00:80:48:78:50:65 into Unknown state
    *osapiBsnTimer: Sep 22 10:44:31.404: 00:80:48:78:50:65 802.1x 'timeoutEvt' Timer expired for station 00:80:48:78:50:65 and for message = M0
    *dot1xMsgTask: Sep 22 10:44:31.404: 00:80:48:78:50:65 Retransmit 1 of EAP-Request (length 95) for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.418: 00:80:48:78:50:65 Received EAPOL EAPPKT from mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.419: 00:80:48:78:50:65 Received EAP Response from mobile 00:80:48:78:50:65 (EAP Id 231, EAP Type 25)
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.419: 00:80:48:78:50:65 Resetting reauth count 0 to 0 for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.419: 00:80:48:78:50:65 Entering Backend Auth Response state for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.423: 00:80:48:78:50:65 Processing Access-Reject for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.423: 00:80:48:78:50:65 apfMsPeapSimReqCntInc
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.423: 00:80:48:78:50:65 apfMsPeapSimReqFailureCntInc
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.423: 00:80:48:78:50:65 1 PMK-remove groupcast messages sent 
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.423: 00:80:48:78:50:65 Removing PMK cache due to EAP-Failure for mobile 00:80:48:78:50:65 (EAP Id 231)
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.423: 00:80:48:78:50:65 Sending EAP-Failure to mobile 00:80:48:78:50:65 (EAP Id 231)
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.423: 00:80:48:78:50:65 Entering Backend Auth Failure state (id=231) for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.423: 00:80:48:78:50:65 Setting quiet timer for 5 seconds for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:44:31.423: 00:80:48:78:50:65 dot1x - moving mobile 00:80:48:78:50:65 into Unknown state
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.319: 00:80:48:78:50:65 Resetting reauth count 0 to 0 for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.320: 00:80:48:78:50:65 Entering Backend Auth Response state for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 Processing Access-Reject for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 apfMsPeapSimReqCntInc
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 apfMsPeapSimReqFailureCntInc
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 1 PMK-remove groupcast messages sent 
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 Removing PMK cache due to EAP-Failure for mobile 00:80:48:78:50:65 (EAP Id 140)
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 Sending EAP-Failure to mobile 00:80:48:78:50:65 (EAP Id 140)
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 Entering Backend Auth Failure state (id=140) for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 apfBlacklistMobileStationEntry2 (apf_ms.c:6172) Changing state for mobile 00:80:48:78:50:65 on AP 6c:99:89:77:41:e0 from Associated to Exclusion-list (1)
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 Scheduling deletion of Mobile Station:  (callerId: 44) in 10 seconds
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 10.0.45.201 8021X_REQD (3) Change state to START (0) last state 8021X_REQD (3)
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 10.0.45.201 START (0) Reached FAILURE: from line 5620
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 Scheduling deletion of Mobile Station:  (callerId: 9) in 10 seconds
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 Max AAA failure for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 Setting quiet timer for 5 seconds for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:47:28.327: 00:80:48:78:50:65 dot1x - moving mobile 00:80:48:78:50:65 into Unknown state
    *osapiBsnTimer: Sep 22 10:47:33.204: 00:80:48:78:50:65 802.1x 'quiteWhile' Timer expired for station 00:80:48:78:50:65 and for message = M0
    *osapiBsnTimer: Sep 22 10:47:38.204: 00:80:48:78:50:65 apfMsExpireCallback (apf_ms.c:632) Expiring Mobile!
    *apfReceiveTask: Sep 22 10:47:38.204: 00:80:48:78:50:65 Freeing EAP Retransmit Bufer for mobile 00:80:48:78:50:65
    *apfReceiveTask: Sep 22 10:47:38.204: 00:80:48:78:50:65 Sent Deauthenticate to mobile on BSSID 6c:99:89:77:41:e0 slot 0(caller apf_ms.c:7065)
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.223: 00:80:48:78:50:65 Sending EAP Request from AAA to mobile 00:80:48:78:50:65 (EAP Id 31)
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.223: 00:80:48:78:50:65 Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.233: 00:80:48:78:50:65 Received EAPOL EAPPKT from mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.233: 00:80:48:78:50:65 Received EAP Response from mobile 00:80:48:78:50:65 (EAP Id 31, EAP Type 25)
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.233: 00:80:48:78:50:65 Resetting reauth count 0 to 0 for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.233: 00:80:48:78:50:65 Entering Backend Auth Response state for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.240: 00:80:48:78:50:65 Processing Access-Reject for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.240: 00:80:48:78:50:65 apfMsPeapSimReqCntInc
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.240: 00:80:48:78:50:65 apfMsPeapSimReqFailureCntInc
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.241: 00:80:48:78:50:65 1 PMK-remove groupcast messages sent 
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.241: 00:80:48:78:50:65 Removing PMK cache due to EAP-Failure for mobile 00:80:48:78:50:65 (EAP Id 31)
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.241: 00:80:48:78:50:65 Sending EAP-Failure to mobile 00:80:48:78:50:65 (EAP Id 31)
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.241: 00:80:48:78:50:65 Entering Backend Auth Failure state (id=31) for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.241: 00:80:48:78:50:65 Setting quiet timer for 5 seconds for mobile 00:80:48:78:50:65
    *Dot1x_NW_MsgTask_5: Sep 22 10:52:47.241: 00:80:48:78:50:65 dot1x - moving mobile 00:80:48:78:50:65 into Unknown state
    Also few times client forced to go to START status from RUN status with below reasoning. Make sure you disable management frame protection (802.11w) on this WLAN. Also if this is FlexConnect deployment, make sure you use FlexConnect Group if you required to support Opportunistic Key Caching (kind of fast roaming)
    *apfMsConnTask_7: Sep 22 11:02:23.723: 00:80:48:78:50:65 apfValidateDot11wGroupMgmtCipher:1552, Received NULL 11w Group Mgmt Cipher Suite for STA, hence returning
    *apfMsConnTask_7: Sep 22 11:02:23.723: 00:80:48:78:50:65 AID 1 in Assoc Req from flex AP 68:86:a7:29:cf:60 is same as in mscb 00:80:48:78:50:65
    *apfMsConnTask_7: Sep 22 11:02:23.723: 00:80:48:78:50:65 apfMsRunStateDec
    *apfMsConnTask_7: Sep 22 11:02:23.723: 00:80:48:78:50:65 apfMs1xStateDec
    *apfMsConnTask_7: Sep 22 11:02:23.723: 00:80:48:78:50:65 10.0.45.201 RUN (20) Change state to START (0) last state RUN (20)
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Load Balance 2 Wireless Controllers?

    Hi Guys,
    We are running 2 Cisco wireless controllers here..I believe a 4400 and a 5500..
    All our WAPS and Clients are going to the one Individual Controller..Is it possible to load balance all waps/clients between these?
    Thanks
    James

    I support this answer. If you plugged your WLC with all ports on LAG, what are you exactly load balancing ? Nothing will be faster by splitting APs between the 2 WLCs.
    In case you anyway split the APs between the 2 WLCs, don't go salt 'n pepper (i.e. if you have 2 APs in a corridor, having them on a different wlc) because that means that every roaming between APs will be inter-WLC roaming. Overhead for nothing. It's best to cut your building in 2 and one are is on wlc1 and the other on wlc2.
    While inter-WLC roaming usually works fine and should not cause trouble, it's overhead to go for that while you can have all APs on 1 WLC.
    Nicolas
    ===
    Don't forget to rate answers that you find useful

  • Wireless Client associated to 2 APs

    I searched for my mac address in WCS and I recieved three results. See the attached screenshot. I am just curious why the second entry show I am associated to AP 00:00:00:00:00:00?
    I do not have an AP named that.
    Running 4.2.130 on all my WLC. Have a mis of WiSM and 4400 Controllers totaling about 10 WLCs.

    As Jeff mentioned, this is due to your client roaming and most likely due to wlc roaming. The information you see is not real time accurate, especially the wlc information of clients. You can see that 10.92.0.111 shows the client as still being authenticated which is not the case. So most likely what happens is the wlc is cached until flushed or cleared, but ap's keep the real time information, so the all zero's just mean that the wlc knows of the client but not yet flushed the old info and when it tries to detect which ap that user is on, there isn't one.... so it produces the all zero's.

  • Client Roaming Within Single WLC with Different AP Groups

    I am trying to setup a 4400 WLC with 2 different AP Groups mapped to its respective Dynamic Interfaces / Vlans. AP's are equally mapped to both the AP groups by Floor wise ex: First floor AP's connect to one AP group and the Second Floor AP's connecting to other AP group.
    Goal is to create separate Network policy for each Floor using ACL's and apply to their respective Vlans on Layer 3 Switch. Wireless Raoming should happen seamlessly between these Ap groups making the DHCP changes by not disconnecting and connecting every time user roam across the Floors.
    Problem is When Clients Roam between Floors i,e moving between AP Groups, they still maintain their old DHCP IP addresses when moved to new AP group even after Client re-authetication. This defies our goal of creating a Wireless Network Policy using single WLC.
    Knobs i have tuned in WLC to acheive our goal includes....
    1. WLAN Session Timeout - No use
    2. DHCP Proxy Disable - No Use
    3. ARP Time out - No use
    Looks like WLC is storing the IP address and MAC information of the Client unconditonally during roaming and clearing out untill a manual or forced disconnect or disassociation is done.
    Did anyone tried to implement this setup and made it running? Any help or suggestion would be higly appreciated.
    Thanks
    Guru

    abit late for a reply but....try going to the SSID>Advanced and ticking the "DHCP Addr. Assignment" Required checkbox and test again.
    What does the DHCP Required field under a WLAN signify?
    A. DHCP Required is an option that can be enabled for a WLAN. It       necessitates that all clients that associate to that particular WLAN obtain IP       addresses through DHCP. Clients with static IP addresses are not allowed to       associate to the WLAN. This option is found under the Advanced tab of a WLAN.       WLC allows the traffic to/from a client only if its IP address is present in       the MSCB table of the WLC. WLC records the IP address of a client during its       DHCP Request or DHCP Renew. This requires that a client renews its IP address       every time it re-associates to the WLC because every time the client       disassociates as a part of its roam process or session timeout, its entry is       erased from the MSCB table. The client must again re-authenticate and       reassociate to the WLC, which again makes the client entry in the table.

  • Slow roaming for WGB-client (mobile) on AP/WLC!

    A customer of mine have previously had 2 AP1242 set up as root-AP and then an additional AP1252 set up as WGB onboard a (very slow) moving vehicle. This has worked very good.
    On the vehicle there is 1 "real" PC and 3-4 additional PLCs or such "dumb" equipments with an static IP-address each. All equipment on the vehicle is connected to an unmanaged Layer2-switch.
    Now they have extended the WLAN-installation, and replacing the 2 old and added 5 new APs (all lightweight) and a WLC. The vehicle-WGB is also replaced. All new APs and the new WGB is AP2602 and the WLC is a 2504.
    After installing the new CAP2602, the WLC2504 ande the new WGB AP2602 on the vehicle they report that the roaming is too slow for the application that controls the vehicle.....  TYhis results in a "Full Stop". Which is rather undesirable!!
    I have looked at the configuration of the WGB-AP which is (in principle) unchanged from the AP1252 and also the WLC, But do not see any peculiarities. We also tried to set the channel on all tyhe APs to the same (Meru-style...) but that did not help. The environment of the APs and the vehicle is absolutely guaranteed free from any other interfering WLANs/networks.
    Any iseas? I attach the config of the WLC and the WGB.
    Best Regards
    Göran Blomqvist
    Sweden

    Hi
    I can see your WLAN configured for both WPA/TKIP & WPA2/AES as authentication suites. I would stick only one (WPA2/AES).
    Also to test, I would first check it in open authentication & see if that make any difference.
    I think in your WGB configuration you have most recommended settings. Here are some useful notes on WGB configuration
    http://mrncciew.com/2013/07/24/wgb-roaming-part-1/
    http://mrncciew.com/2013/06/16/unified-ap-wgb-with-multiple-vlan/
    HTH
    Rasika
    *** Pls rate all useful responses ****

  • What settings need to be set for the fastest roaming on my wlc 4404

    Hi all
    I notice that on my WLC 4404 when walking around with my laptop, I am dropping pings when it roams to another access point, Is there anything on the controller I need to check, and can I optimize these settings for roaming?
    cheers
    carl

    Hello Carl,
    to have romaing working fine you need to be sure of following:
    1) RF designed correctly , and enough overlapping is availble between the AP's.
    in addition for environment to be free from external noise..
    this can be confirmed with spectrum expert site survey
    2) what authentication and encryption used ( WEP , or WPA-PSK no need to check this point ->> skip :-) )
    if you are using any authentication like 802.1x ->> then enable CCKM on the WLAN to make more seamless roaming.
    3) if more than one WLC availble on site , configure mobility group between them,
    so if client roam from one AP in WLC 1 to AP on WLC 2 ->> no disocnnection observed....
    Kind regards
    Talal
    ===========
    please rate answers that you find useful , and mark as answered - when it is :-) - so others can find it easily

  • EAP-TLS with WLC 5.2.178 Improve Performance and Roams?

    Good Morning...
    I've been working on moving our clients over to EAP-TLS with Machine Auth for sometime. I had moved the IT Department over a couple of months ago as a test with no issues reported and have tested on a few of our Medical Carts (CoWs) as well with no issues reported. However, upon deploying to a larger population of Carts (Specifically using Atheros 5006x 7.x Driver {No Client}) I've been getting some client drop complaints. If I look at the client history I do see a lot of "Client Associations" or Roams that occure anywhere from ever 2minutes, to every 10minutes to every 5 hours. These carts do move around ALOT as they are pushed from one Patient Room to another so I'm guessing the drops are occuring during a re-authentication phase as the device roams. Looking at the device you might not be able to tell it's dropping but the software we use (Meditech) is very connection sensitive in doing a simple ping you may see a couple of dropped packets until the client is fully connected again. So I'm guessing the roaming is the issue. What can we do to fight this or make it more effecient? It was mentioned to me by a colleague (who doesn't know where he saw it) that he thought it was possible to configure the WLC's to not reauthenticate on the roam? I'm guessing something must be able to be tweaked if the 7921's and 25's support EAP-TLS as this type of latency would never work. By the way I'm using an ACS 4.2 as my authentication platform mapped back to AD.

    You will always reauth with a roam. That is part of the 802.11 spec. How you reauth will depend on the type of security you have setup. If you are using WPA2/AES or CCKM the reauths can be done with a PMK instead of needing to go through the entire reauthentication process. Try running "debug client " for a client having the issue and see if it gives you an idea of where the authentication is failing.

  • IP Phone 7921 / 7925 roaming issues after WLC upgrade from Version 7.2 to 7.3 and / or 7.4

    Hi,
    We have a customer which is using a Cisco WLC 5508 and 3502I APs. As he used the 7.2.103 release, There were no issues with VoWLAN. Now he needed new APs and ordered the 2602I. To use them he needed to upgrade the WLC to a 7.3 or later release. After the upgrade, he now encounters problems while roaming with the phones. The phones were tested with FW 1.4.1, 1.4.2 and 1.4.3.
    Configuration is set according to wireless voice design guides (VoWLAN DG 4.1, 7921 Deployment Guide). A Cisco TAC is also in progress, but they seem to be uncertain whether it is a wireless or CUCM issue, but I don't see a reason why it should be the CUCM when the only thing changed is the WLC Software Version.
    Is there anybody who is aware of such issues and can offer help?
    Thank you in advance.
    Best regards,
    Patrick

    Hi,
    we had a TAC ticket open with this customer and after some time, the TAC gave us the advise to use this release and the problems are now solved.
    So for others having the same issue: If you only need to support the 2600 APs, stay with the latest 7.2 release as there are some issues with the 7.3 and 7.4 release. If the customer requires HA, AVC or any of the new features + wireless voice, be very careful as it seems that the newer releases are having problems with that. I hope that Cisco will fix this very soon.
    regards,
    Patrick

  • EAP-FAST - WLC 7.4 Roaming between different FlexConnect (FC) Group

    Dear all,
    WLC 7.4 Release Notes states that with both Local/Central Switching:
    - Mobility in the same Flex Group with CCKM is Fast Roaming if WLAN is mapped to same VLAN
    - Mobility between different Flex Group with CCKM cause a Full Auth
    Using CCK with EAP-Fast during a call with Cisco IP Phone 7921G and 7925G we notice a gap when roaming from an AP belonging to FC GroupA to an AP belonging to FC Group B...so the only solution to do Fast Romaing is to use PMK(OKC) since CCKM will do a complete authentication each time moving from FC Group.
    Where do we enable OKC for a specific WLAN? In the FlexConnect Group Menu?
    Thanks a lot for sharing answer and suggestion
    BR
    O.G.

    Hello Scott,
    thanks for the explanation...
    So if in 7.4.121 OKC is enabled by default I don't understand why I'm having a full Authentication when roaming from AP of FC Group A to AP to FC Group B instead of Fast-Roaming...and this is happening in all FC Group configured (6x).
    Should I disable CCKM flag in the WLAN definition?!?!
    FC Groups and Mobility
    http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-product-00.html#anc13
    O.G

  • Roaming between WLC and vWLC on different code versions

    Hi,
    I have the following setup in our environment, a HA 5508 pair running 7.4.100 and a vWLC running 7.6.130.  I have mobility setup between the two with the control and data path up and running.  All the access points are setup for FlexConnect.
    When I join an SSID using PSK on an AP associated with the vWLC and then roam to an AP on the 5508, I drop a few pings but stay connected no problem.  However when I join an SSID using PEAP (both WLC's using Radius to Cisco ISE 1.2 for this) and repeat the test, my client actually drops my wireless connection and then rejoins.
    Is this expected behaviour when running controllers on different versions?  This is only temporary until I upgrade the 5508 pair.
    Cheers
    Brian

    Oh... Forgot.  With FlexConnect, you also want to create FlexConnect Groups.  See this link:
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010001111.html
    -Scott

  • Roaming problem with WLC 5508 with Phone 7921

    Hi to all,
    i have one WLC with several AP1231 2.4 GHz. Everything works fine with PC and 7921 in normal condition (last firmware release 1.4.3.4).
    But with 7921 there is a little problem: if i walk quicky along the warehouse and along lanes while i'm at the phone everything works well.
    But the operator often have a phone call while he is on a forklift and he moves fast with this during the conversation.
    In this case of fast moving, during the call, the call doesn't fall but often i do not hear 2/3 words consecutively so i can't understand the phrase.
    I have already done a study of radio environment but there aren't interference, and roaming works good with walk speed, so i think that the problem is the operator's speed  in forklift (i think at the max about 10-12 Km/h)
    The question is that in this case it is possible to modify parameters of Client Roaming in WLC, to reduce this issue?
    If yes, somone knows what are the best values in this environment for
    Hysteresis
    Minimum RSSI
    Transition time
    Scan threshold
    Or someone knows other parameters to modify or any ideas?
    Thanks a lot.

    The 1.4.3.4 firmware scans nicely - it will typically scan each channel every 5 seconds.
    How big are your cells?  What power level are you using?  With very small cells, it is certainly possible that the forklift can drive out of and into cells faster than the phone can scan for them.
    You may want to increase your cell size (increase power.)  Of course this also means that you will run the risk of co-channel interference.  In which case you may need to disable some 2.4GHz radios.
    Also - be sure that your APs are placed where the forklift can hear an AP that it needs to roam to well before it has to roam to it.  For example, if the forklift is rolling straight down a corridor like this:
              |  x |            |    |
    __________|    |____________|    |_____
    a              >>> forklift >>>                   b
    ----------|    |------------|    |-----
              |    |            |  y |
    then make sure that the APs that the forklift needs to use are at locations a and b, not x and y (assuming metal partitions where the lines are.)
    Aaron

  • WLC L3 Roaming Using FlexConnect

    Hi everyone.
    A customer has a network with several buildings (each with a different VLAN/subnet), and a single WLC.
    The Access Points are grouped by AP groups, and on each building the clients are assigned to different VLANs.
    There is one single SSID with the users connect to on the entire campus, and it assigns (as expected) different ip address segments depending on which building the users are connecting into.
    The problem comes whenever a user is in a building and walks to another, since the buildings are not that far from each other, and the client machine is still connected to the network, it tries to roam but it doesn't know that it has to refresh its IP address.
    I know there's something that is not working here, but I can't find documentation about this. Is this a supported configuration? Is this an expected behaviour? How can I fix this?
    Thanks in advance for your help

    If you are using FlexConnect Local switching, then L3 roaming is unsupported feature.
    Here is some reference in the 7.6 configuration guide (see configuring FlexConnect section or page 926)
    http://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/7-6/configuration/guide/b_cg76.pdf
    Here is another good reference about FlexConnect Design from a CiscoLive presentation.
    BRKEWN-2016 - Architecting Network for Branch Offices with CUWN
    As you can see on page 9, these are the advantages you get if you have a local WLC at your branch. L3 roaming is one
    * Cookie cutter configuration for every branch site 
    * Layer-3 roaming within the branch 
    * WGB support 
    * Reliable Multicast (filtering) 
    * IPv6 L3 Mobility 
    HTH
    Rasika
    **** Pls rate all useful responses. Each time you rate a response Cisco will donate $1 to Kiva ****

  • 5508 WLC HA pair and layer 3 roaming

    Hey,
    We have a pair of 5508 WLC's configured in HA (primary/standby). We have a single SSID that we're broadcasting across each floor of our head office. The AP's are in flexconnect mode so users pickup an IP address from the DHCP range for that building level and that's all working well. 
    The problem I have is that users cannot roam between floors without losing access to the network. They roam to the AP's on the different floors, and maintain wireless connection throughout the building, but they cannot connect to anything on the network when outside of the floor that contains an IP range that matches the client's IP. I was told by a number of technical consultants that this sort of layer 3 roaming should work in this configuration. When users go to a different floor, they retain their original IP and the traffic is tunneled (EOIP) back to the controller to maintain network connectivity, however this does not appear to be happening. 
    Firstly I'm wondering if this is possible with a HA pair configured in active/standby. All of the documentation around layer 3 roaming seems to involve at least 2 controllers, the foreign and the anchor. In this case as they're a HA pair their is technically only a single controller. 
    If it is possible to do layer 3 roaming on a single controller (intra-controller), if anyone can provide some guidance on things I should be checking or looking out for that would be appreciated. 
    Thanks. 

    Still though, I had a number of technical consultants from a very large system integrator design this setup and despite my asking a number of times how this roaming could work I was simply told it would.
    ROFL!
    We contracted a consulting company/implementors to do a wireless job (back in 2011) for a particular project (politics dictate I keep stay away from it).  They had one "wireless expert".  
    Then one day, I got a call from the "wireless expert" and the phone conversation went like this, "It's me.  I am doing another wireless project for another agency.  But I would like to know how do you convert an autonomous AP to controller-based IOS".   <FACEPALM>
    Long story short:  They won't know.  Not all of them know.  Their main concern is YOUR MONEY in their hands.  That's all.  But I can tell you this:  I am the end user.  I configure stuff.  Roaming works if you get the basics correct.  Roaming works if you know what you want and you get it done right.   Scott Fella and Steve Rodriguez, two regular in this forum, (and works for CDW) and they are good.  There's another "mad Texan" by the name of George Stefanick is another one.    An Aussie by the name of Rasika is also around.  
    The most basic item is roaming is how you space your APs.  Unless you've got wireless antennas coming out of your ears, you need to organize a wireless site survey.  And when you want to do the a "good" wireless site survey, you "future proof" your requirements.  Right now,  my wireless site survey is aimed at "wireless VoIP" requirement. 

Maybe you are looking for

  • Issue in Posting Vendor down payment

    Hi I have an issue in which I am posting a debit to vendor account with a special GL. How can i get to display the Profit center field while posting the vendor account part of the entry. Regards Sanil Bhandari

  • Problem with iWeb 1.1 photos solved... for me, at least

    After updating, some of my photo pages were broken. Slideshow wouldn't work and clicking on a photo would not open a larger version. Some pages, however, did work. After hours of trying to figure this all out, I finally narrowed the problem down. If

  • Viewing an MBean on the administration console

    I have registered an MBean on a WebLogic 6.0 server. Now I need to know how to view this MBean and run the methods of the class represented by this MBean possibly from the Administration Console. I want some way to run the methods as I could on the H

  • Youtube videos prevent computer from going to sleep. any way to fix this?

    even if they aren't actually playing anymore, even if they are paused, even if they are in a background tab or window. I hate this. is there ANY way to fix this? i tried this in camino, safari 2.

  • Logitech mouse  pref pane not working

    I have early 2009 mac pro - osx 10.8.5 and logitech control center pref pane 3.9 0 60 installed along with a m100 logitech mouse - the pref pane does not see it ... Q: how do I get the right clicker to = double click?