L2 roaming with 2 Autonomous APs ?

Answered Question
Jan 14th, 2009
User Badges:

Hi,


Is it possible for 2 1130AG in Autonomous mode to support fast layer 2 roaming ?



My clients are a mix of cisco ccx compatible and non cisco clients.


(Authentication could be either Open or WPA etc)


If so, does 1 AP have to acts as a WDS ?


I came across docs that say I need a WLSM and that an AP acting as a WDS would not work..



If I do not use WDS and simply have 2 AP's with the same SSID :-


If I only use Open Authenication, then would the roam be a bit faster ?


Would the AP's update the MAC tables of the upstream switches when a client changes AP's ?


Thanks

Correct Answer by jeff.kish about 8 years 4 months ago

Oh, I see now. You absolutely get L2 roaming out of the box. It's all part of the 802.11 protocol - the client will inform the current AP that he is leaving, which AP he's going to, and then he'll roam. With Open or PSK authentication, this will be nearly seamless to the client.


Cisco Fast Secure Roaming is an entirely different subject. In the above case, if the client is using PEAP, he'll need to the reauthenticate to the RADIUS server every time he roams to a new AP. Cisco FSR caches the credentials in the WDS AP for fast authentication, which takes the RADIUS server out of the process. This greatly speeds up a roam for EAP users, and it's especially notable (and necessary) for wireless IP phone users.


Again, I hope that helps!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
jeff.kish Thu, 01/15/2009 - 13:25
User Badges:
  • Silver, 250 points or more

Fast roaming will only increase the speed of your roam if you are using a RADIUS server for authentication of some kind. If you are using WPA-PSK or Open Authentication, it will not help.


If you're using the full WPA, including some form of EAP (PEAP, EAP-FAST, EAP-TLS), then you will benefit from Fast Secure Roaming. As you say, you'll need to configure an AP or WLSM as a WDS server, and you'll need to configure your APs as WDS clients.


I'm not sure why the doc you found said that. A WLSM can handle more APs at once than an AP can, but an AP can handle 30 WDS clients while still associating clients. If you need more than 30, an AP can support up to 60 WDS clients if you disable its radios and prevent it from associating clients.


I hope that helps! Please let me know if you have further questions.


Jeff


shahedvoicerite Thu, 01/15/2009 - 13:37
User Badges:

Thanks, that clears it somewhat.


But what if I just use 2 AP's with the same SSID and no WDS


Assuming I use WPA-PSK or Open Auth so that there is no extra overhead in association :-


Will I get L2 roaming "out-of-the-box" ?


Or will there be a loss of frames, till

the ESS learns that now the mac address,

is on AP2 as opposed to AP1 ?


i.e without WDS, will the AP inform the upstream switches of a change in MAC ? Or is that a function of WDS ?


Thanks

Correct Answer
jeff.kish Thu, 01/15/2009 - 13:43
User Badges:
  • Silver, 250 points or more

Oh, I see now. You absolutely get L2 roaming out of the box. It's all part of the 802.11 protocol - the client will inform the current AP that he is leaving, which AP he's going to, and then he'll roam. With Open or PSK authentication, this will be nearly seamless to the client.


Cisco Fast Secure Roaming is an entirely different subject. In the above case, if the client is using PEAP, he'll need to the reauthenticate to the RADIUS server every time he roams to a new AP. Cisco FSR caches the credentials in the WDS AP for fast authentication, which takes the RADIUS server out of the process. This greatly speeds up a roam for EAP users, and it's especially notable (and necessary) for wireless IP phone users.


Again, I hope that helps!

yuttana_su Sat, 01/17/2009 - 06:42
User Badges:

hi

I used WPA+TKIP with PEAP and IAS RADIUS Server. Does WDS support that?


Thanks.

KO

Actions

This Discussion