Voice gaps when roaming with 7921

Answered Question
Mar 5th, 2009
User Badges:

Hi all,

I have a setup with 3 ap1242 and UC520, no WLC. When moving around with a CP7921 there is a voice gap (about 2-3 seconds) when the 7921 switches from AP. The call does not get disconnected.

IOS running on AP:


Phone version:


Can anyone help me figure out what causes this problem?

Correct Answer by migilles about 8 years 2 months ago

There is an issue with the autonomous AP (CSCsx07150), where CCKM is failing. This appears to be handing the TSPEC that we send for SCCP traffic (UP4).

The workaround here is to enable "admit-traffic" under the ssid config. In the AP webpage, it is listed as "Call Admission Control", which will add the admit-traffic command.

Below is an example:

dot11 ssid voice

vlan 21

authentication open eap eap_methods

authentication network-eap eap_methods

authentication key-management wpa cckm


This will go into the next 7921/7925 Deployment Guide to ensure that admit-traffic is always enabled.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
migilles Thu, 03/05/2009 - 18:07
User Badges:
  • Cisco Employee,

You are trying to roam between a UC520 and an AP1240?

The gap is on the receive side of the 7921 correct?

The UC520 does not support any roaming protocols (i.e. IAPP, LWAPP), so this is not a supported design.

p-vincent Thu, 03/05/2009 - 23:26
User Badges:

No not exactly.. The UC520 does not have wifi enabled. there are 3 ap1240's and they do the roaming and wifi part. So when someone is on the move with his phone, the phone is roaming from AP to AP.

When i run the show dot11 adjacent-ap I can see all three Access-points in the feedback.

But i'm new to this voice roaming part so don't know what to do next.

migilles Mon, 03/09/2009 - 18:05
User Badges:
  • Cisco Employee,

Ok that design is supported, but all 3 APs need to be in the same native VLAN.

Also they need to have the same authentication/encryption config. Basically all APs should have the same config, except for hostname, IP address and radio channl & power config.

If you want to attach your configs excluding any password info, will try to assist you further.

p-vincent Tue, 03/10/2009 - 09:48
User Badges:

That's exactly what I thought, same config except that channels, ip addresses and hostnames are different. I 've configured them so that there's a channel 1 AP, a channel 6 AP and a channel 11 AP.

In the logging of the AP's i can see the following messages:

*Mar 6 07:43:56.301: %DOT11-6-ASSOC: Interface Dot11Radio0, Station SEP002255D4

XXXX 0022.55d4.b48d Reassociated KEY_MGMT[NONE]

*Mar 6 07:43:56.361: %DOT11-6-ROAMED: Station 0022.55d4.xxxx Roamed to 0023.ea0


*Mar 6 07:43:56.361: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating

Station 0022.55d4.xxxx

*Mar 6 07:43:56.365: %DOT11-4-MAXRETRIES: Packet to client 0022.55d4.xxxx reach

ed max retries, removing the client

In attach you can find the configs.

Thx for your help


bayj Tue, 03/10/2009 - 10:22
User Badges:

I see that you do not have dot11 arp-cache enabled on all AP's, I would recommend to enable that on all. Also, I do not see any QoS in your configuration in giving priority to Voice.

What does your switchport configuration look like that is connected to each access point?

p-vincent Tue, 03/10/2009 - 14:04
User Badges:

Hi bayj,

I have enabled the dot11 arp-cache on all access points. I'm not in the office now but I can test tomorrow. True about the QoS part, but the Data SSID is used only for rdp connections from a few laptops.

The switchports are configured like this:

interface FastEthernet0/21

switchport voice vlan 100

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

spanning-tree bpduguard enable

p-vincent Fri, 03/13/2009 - 07:29
User Badges:

Hi all,

I've set dot11 arp-cache on all APs, have changed every switchport connected to AP into trunk.

Problem stays the same. Voice gap for about 2-3 seconds. When walking around with the 7921 i can see that the phones displays the following message "leaving service area".

I think that mobility groups are not supported on APs without WLC, correct?

can you configure something special so that roaming can occur earlier or faster? Or can it be that the gaps occur due to authentication? there is a mac-address filter configured, can this slow the roaming down? don't know actually.. is my first voip roaming nasty problem.

migilles Sat, 03/14/2009 - 10:07
User Badges:
  • Cisco Employee,

I see you are using static WEP, so need to ensure they key is identical in all APs. You could try to remove WEP and just use open to see if that helps.

There was an issue a long while back that would cause a long gap if the phone was deauthenticated while using WEP, but if using 1.2(1) then should be fine.

encryption vlan 100 key 1 size 40bit 7 transmit-key

Also could try to remove the MAC authentication and re-test. Appears that you are doing local MAC authentication here and the list looks the same.

Can you also try to remove the guest mode from the voice ssid and see if that helps?

Remove the following:


mbssid guest-mode

Also is not advised to use VLAN 1 as the native VLAN for autonomous APs as the IAPP roaming protocol uses the native VLAN. Recommend to deploy a dedicated VLAN.

Some other comments on your config below:

I would suggest to enable "dot11 arp-cache optional". ARP-cache mandatory was only enabled in AP03 config, but shouldn't really trigger this roaming delay.

Would also recommend to reset the beacon period to 100ms. You have it currently set to 20ms.

Reset packet retries to the default 32. You currently have 100.

You also are using the max power. Is recommended to configure this statically.

Below is an example:

Interface Dot11radio0

power client local

power local cck 30

power local ofdm 30

Can use the following QoS policy and apply to the radio interface for each vlan.

class-map match-all RTP

match ip dscp ef

class-map match-all SCCP

match ip dscp cs3


policy-map data

class class-default

set cos 0

policy-map voice

class RTP

set cos 6

class SCCP

set cos 4

dromer Mon, 03/16/2009 - 08:08
User Badges:

We are having exactly the same issue. Authentication here is wpa with cckm and the problem occours with phone load 1.2.1 or 1.3.2 (CP-7921). Phones with load 1.1.1 do not have this problem at all.

migilles Mon, 03/16/2009 - 11:25
User Badges:
  • Cisco Employee,

Would advise you to open a TAC case then. There are known issues in this regard. Will need to provide a wireless sniffer trace with your wlc/ap config.

dromer Mon, 03/16/2009 - 11:45
User Badges:

Thank you for your reply. I have opened a SR and got some advice what to reconfigure on the APs. As soon as there are results I will post it here. The engineer seems not to know about any issues in this regard.

p-vincent Tue, 03/17/2009 - 00:28
User Badges:

Thanks for your reply.

The static WEP key is identical in all APs. I've tried to use open and allso removed the MAC authentication. But that didn't solved the problem.

I need to test removing Guest mode and the mbssid and will do that asap.

dot11 arp-cache is enabled on all APs now, and like you said this doesn't solve the roaming delay.

The beacon period and packet retries are adjusted to test other settings after the roaming delay was noticed. So that are some testing values. I will reset them to default.

Power and QOS will be adjusted asap. I will let you know if anything changes.

dromer Tue, 03/17/2009 - 00:48
User Badges:

I made all these recommended changes and there is no difference for me. About 150 packets always get lost when roaming. The only solution at the moment is to use load 1.1.1.

If you are opening a SR you can refer to mine: 610980291

Correct Answer
migilles Thu, 03/26/2009 - 16:51
User Badges:
  • Cisco Employee,

There is an issue with the autonomous AP (CSCsx07150), where CCKM is failing. This appears to be handing the TSPEC that we send for SCCP traffic (UP4).

The workaround here is to enable "admit-traffic" under the ssid config. In the AP webpage, it is listed as "Call Admission Control", which will add the admit-traffic command.

Below is an example:

dot11 ssid voice

vlan 21

authentication open eap eap_methods

authentication network-eap eap_methods

authentication key-management wpa cckm


This will go into the next 7921/7925 Deployment Guide to ensure that admit-traffic is always enabled.

Leo Laohoo Thu, 03/26/2009 - 17:05
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Thanks for this Michael. +5

JON O'NAN Sat, 03/28/2009 - 15:04
User Badges:

Does this bug apply to Autonomous AP's in general or just when using CCKM. I have a customer experiencing the same loss of speech during a roam although initially we were using PSK with TKIP and then tried WEP. The issue was less apparent with WEP but still unacceptable.

migilles Sat, 03/28/2009 - 20:46
User Badges:
  • Cisco Employee,

It is only with autonomous APs. If admit-traffic is not enabled, the CCKM IE is missing from the reassociation response, which will then cause about a 1.5 second voice gap will occur.

For WPA-PSK, there is an issue with the WLAN controller and 7921/7925, where in some cases the keys during the WPA handshake can come a little early and must wait for the retry which is 1 second later (1 second is the lowest allowed value currently). This doesn't apply to autonomous APs as it has a default WPA timeout of 200ms and can be adjusted as necesary.

p-vincent Sat, 03/28/2009 - 23:40
User Badges:

Hi Migilles,

I've implemented the commands remotely in their AP's, have to go there on monday so will have feedback by then. Will keep you posted!

Thanks for your help.

p-vincent Tue, 04/14/2009 - 05:17
User Badges:

Hi Migilles,

Sorry for my late post. Problem solved with your solution!

Thanks for the professional help.

guilhem.perez Tue, 04/14/2009 - 13:07
User Badges:


I'm meeting the same issue with autonomous APs (voice gap when roaming).

I've tried using WPA-PSK TKIP, using Wep key.

Could you tell me what is your last config (Wep, wpa-psk, or WPA2 with a WDS AP?). Could you post your AP config?

Best regards



migilles Tue, 04/14/2009 - 17:23
User Badges:
  • Cisco Employee,

Try adding admit traffic to the ssid like below.

But below is a config for using WPA+CCKM not WPA-PSK.

dot11 ssid voice

vlan 21

authentication open eap eap_methods

authentication network-eap eap_methods

authentication key-management wpa cckm


guilhem.perez Wed, 04/15/2009 - 15:50
User Badges:


Thanks for your response, I've add admit-traffic using remote access.

I'm waiting wy customer feedback Wednesday.

I'll let you know, at the moment it's looking better.

Thank you for your help.

ivarnhagen Thu, 04/30/2009 - 00:01
User Badges:

Hi p-vincent!

What commands endet up doing the trick?

I also have this issue with 7921 phones, 17 Aironet 1230b AP's, and WPA-PSK. The "roaming-gap" seems to be larger with the 7921 phones than with 7920 phones.


p-vincent Thu, 04/30/2009 - 00:40
User Badges:


Actually the admit-traffic solved my problem completely.

Added this command under the ssid config for my Voice SSID, rebooted all AP's and after that no more voice gaps.

alessandro.dona Wed, 12/15/2010 - 04:09
User Badges:

Hi to all,

i can confirm command admit-traffic under dot11 ssid "voice" works also foe WPA-PSK

I have Ap1242 with 12.4-10b-JDA3 and 7921 21 with load 1.3.4



gbonivento Fri, 04/17/2009 - 00:33
User Badges:

Hi Michael,

thanks a lot for your help: your suggestion solved the roaming problem I was encountering by one of my customers.

Rated +5 :-)

My setup is a little bit different from cases already mentioned on this discussion. I'll therefore post my setup here below, it could be helpful for other guys experiencing same problems.

IOS version : 12.3(8)JEC2

7921 Firmware : 1.3.2

Roaming : WDS/CCKM

Authentication : LEAP

When the IP-Phone roams between two AP the customer encounters a voice gap of about 1 second. On the AP log following errors appear:

Apr 10 10:36:03: %DOT11-6-ASSOC: Interface Dot11Radio0, Station aaaa.bbbb.cccc Reassociated KEY_MGMT[CCKM FastRoaming]

Apr 10 10:36:03: %DOT11-4-MAXRETRIES: Packet to client aaaa.bbbb.cccc reached max retries, removing the client

Apr 10 10:36:03: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station aaaa.bbbb.cccc Reason: Previous authentication no longer valid

Apr 10 10:36:09: %DOT11-6-ASSOC: Interface Dot11Radio0, Station aaaa.bbbb.cccc Associated KEY_MGMT[CCKM]

Regards, Gio.

migilles Fri, 04/17/2009 - 19:48
User Badges:
  • Cisco Employee,

Glad that worked for you.

I will be adding this into the next 7921/7925 Deployment Guides.

But also we are requesting to have this admit-traffic enabled by default and non-configurable as it is on the WLAN controllers, which help avoid running into such an issue.


gbressanin Thu, 06/25/2009 - 00:46
User Badges:

Hi ,

I have the issue of the message " Leaving Service Area" with ip phone 7921 and autonomous Ap . That issue appears also if the phone is under the AP , without roaming, and if it is in standby or the person is talking. I read all your conversations and my current config is below, the AP firmware is c1130-k9w7-tar.124-10b.JDA3.tar and the ip phone firmware is 1.2.1.

dot11 ssid SPRBV030

vlan 30

authentication open eap XXX_Voice

authentication network-eap XXX_Voice

authentication key-management cckm



dot11 phone

power inline negotiation prestandard source



interface Dot11Radio0

no ip address

no ip route-cache


encryption vlan 30 mode ciphers tkip



ssid SPRBV030


speed 5.5 basic-11.0 18.0 36.0 54.0

channel 2412

station-role root

rts threshold 2312

world-mode dot11d country IT both

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled


interface Dot11Radio0.30

encapsulation dot1Q 30

no ip route-cache

bridge-group 30

bridge-group 30 subscriber-loop-control

bridge-group 30 block-unknown-source

no bridge-group 30 source-learning

no bridge-group 30 unicast-flooding

bridge-group 30 spanning-disabled


Any help is appreciate .



migilles Sun, 06/28/2009 - 23:31
User Badges:
  • Cisco Employee,

I see you have "admit-traffic", which is good even though CAC is not enabled.

This is necessary since in 1.2(1), the 792xG sends TSPEC for SCCP (UP4).

The default PHY rate for TSPEC on the 792xG is 12 Mbps, which should be enabled on the AP. I see you don't have this date rate enabled. Please enable 12 Mbps.

Also see that you are using 2.4 GHz with an AP1130. If this is only happening in certain areas, it could be due to an inteferer, which the 2.4 GHz frequency has many devices that can interfere with 802.11b/g. You can also try 5 GHz, which is the preferred band as it has less inteferers and more channels to work with.

Also would suggest to upgrade to 1.3(2) or if you like you can wait for 1.3(3), which will be posted this week.

gbressanin Wed, 07/08/2009 - 09:08
User Badges:

Thank you for your response and sorry for the my late.

I found the cause of my issue, it was a missing parameter in local-radius for WDS authentication.

However I will enable the 12 Mbps on the AP as you suggest.



G.Korakis_2 Wed, 05/05/2010 - 11:45
User Badges:

Hi all!

Very useful thread.

gbressanin could you please post the missing parameter of the local-radius configuration, or better the whole of your WDS configuration?

I am facing the same problem.

Thank you very much in advance!


G.Korakis_2 Thu, 05/06/2010 - 00:38
User Badges:

Hello Giovanni,

Thank you very much for the files!

Just being curious... which was the missing command?

The radius-server attribute 32?

Thank you again.

Best regards,



This Discussion