How can I set up a roaming wlan with AP only (Please help!!)

Unanswered Question
May 6th, 2010

Hi experts,

Is there a way that I can set up my office roaming Wlan network with 3 Aironet 1250 APs without a Wlan controller or WDS . If I set up my 3 AP with 3 different channels and with the same SSID, would my mobile station switch to a different AP if I am in and out of range? Please help and let me know what I need to pay attention to on the configuration. Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
amr.momtaz Sun, 05/09/2010 - 15:00

Roaming decision is usually client triggered (there are some scienarios where the AP, using CCX extensions will assist the client in the roaming decision).

When a client threshold falls below a certain level (this level is per vendor) in either the signal strenght (RSSI) or SNR (Signal to Noise Ratio), or  multiple packet losses, the client would search for a SSID with the same configuration (SSID, Security settings, ...) to roam to. it will send a de-authentication, de-association and re-associate to the new SSID (if it is in range). If both APs have the same configuration (SSIDs are mapped to the same vlan) and a decent overlap between them, you should have a successful L2 roam (the client remains connected with the same IP, little or no packet loss occur).

Hope that answers your question.

88888888rhsiu Tue, 05/11/2010 - 11:43

Thank you to your reply, it answered my question. But what's the purpose to set up wireless controller and establish WDS settings?

amr.momtaz Wed, 05/12/2010 - 01:26

From Cisco Web site

Q.    What is WDS?

A. WDS is a part of the Cisco Structured Wireless  Aware Network (SWAN).       WDS is a collection of Cisco IOS® Software features that enhance WLAN  client       mobility, and simplify WLAN deployment and management. WDS is a new  feature for       access points (APs) in Cisco IOS Software, and the basis of the Cisco  Catalyst       6500 Series Wireless LAN Services Module (WLSM). WDS is a core  function that       enables other features, such as:

Before the operation of any other  WDS-based  features, you must       establish relationships between the APs that participate in WDS and  the device       that is configured as the WDS. One of the main purposes of WDS is to  cache the       user credentials as soon as the authentication server authenticates  the client       for the first time. On subsequent attempts, WDS authenticates the  client on the       basis of the cached information.

Q.   What is a wireless LAN controller (WLC)?

A. Wireless networks have become a necessity  today. Many corporate       environments require deployment of wireless networks on a large scale.  Cisco       has come up with the concept of the Cisco Unified Wireless Network  (CUWN)       solution, which helps make it easier to manage such large scale  deployments.       WLC is a device that assumes a central role in the CUWN. Traditional  roles of       access points, such as association or authentication of wireless  clients, are       done by the WLC. Access points, called Lightweight Access Points  (LAPs) in the       unified environment, register themselves with a WLC and tunnel all the       management and data packets to the WLCs, which then switch the packets  between       wireless clients and the wired portion of the network. All the  configurations       are done on the WLC. LAPs download the entire configuration from WLCs  and act       as a wireless interface to the clients. For more information on how a  LAP       registers with a WLC, refer to the document Lightweight        AP (LAP) Registration to a Wireless LAN Controller.

In english,

WDS (and then WLC) achieve something called Fast secure roaming (of course some other features) by caching the session keys and distributing them to the APs when the client roams to them.

When a client associates with and APs via WPA/WPA2, a 4 way handshake occurs to establish the session keys (the keys that are going to be used to encrypt the traffic). A very important key is something called PMK (Pairwise Master Key) which is used to derive another set of keys. The 4 way handshake process takes sometimes as long as 1 sec to complete and if you are using WPA/WPA2 enterprise (with 802.1x dynamic key negotiation) can take even more as the requests have to be forwarded to the Radius server (which could be in a remote site).

When a client roams from AP to another AP (based on the criteria that I have mentioned earlier), it has to re-establish the connection and re-negotiate the keys. This add delay in the roaming and can cause degraded call quality if the roaming client is a wireless IP Phone. What WDS and WLC does is the cache the PMK and when a client roam from one AP to another (registered with the same WDS or WLC), it sends the PMK to that AP saving it the 4way negotiation.

Other reasons you would want to have a WLC in your wireless network

- Centralize configuration for all your AP (this inclues security settings, SSIDs, QoS, ...)

- RRM (Radio Resource Management): Dynamic Channel Assignement, Power Levels, Coverage Hole Detection, Self Healing

- Scalability, zero configuration out of the box AP addition to your network.



Hope that answers your question.


This Discussion