How to get Symbol WT4090 scanners to roam quickly???

Unanswered Question
May 27th, 2010

Hello,

I'm struggling with a bunch of Symbol (Motorola) WT4090 scanners that don't seem to roam properly.  WiSM shows them as CCX not supported.  Cisco shows this dvice as CCX compliant but Motorola says they chose not to become CCX compliant but rather hardcode the EAP key index value at 3 from default 0.

"There is a known issue (to Cisco support engineering); Motorola (Symbol) marketing chose not to become CCX compliant and instead decided to reengineer the radio driver supplicant code to support EAP key index 3; this code value became standard within the supplicant portion of the driver. When these terminals were integrated to the latest Cisco WLC operating on firmware version 4.x.xxx, the controller configuration was required for change to the EAP key index value from 0 (default) to 3."

If I understand this correctly, clients must re-authenticate each time they associate to a different LWAP.  Is this true?

WiSM 6.0.196.0

802.1x+CCKM AES only.

Clients are configured to use PEAP MS-CHAP v2.

Is there any way to get these things to do fast, secure, seamless roaming?  They're riding around on forklifts in a warehouse.

TIA!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Elliott Shawd Fri, 06/18/2010 - 19:07

I would put these devices on a wpa2 aes wlan with peap. WPA2 includes slightly better key caching and considering your devices don't support CCX this is most likely your problem. You are trying to use CCKM, a Cisco proprietary key caching mechanism, when you're devices don't support it. Try WPA2 and it will use a different key caching mechanism that your devices should support.

Then, if you get that working, I would test with 802.11a which the 4090's seem to support. I would also look at the channel/power settings of your access points. If you're running auto/auto, you could consider going to statically set channel/power, or vice versa. I've heard of designing both ways depending on the environment and application.

janf Mon, 06/21/2010 - 12:53

I am having a similar issue with Intermec CK31 devices. When they roam to a different AP on the same 6.x WLC the ACS (AAA) server always shows a reauthentication. Using L2 WPA2+802.1X for the WLAN. On the Intermecs using WPA2+AES+PEAP. I tried WPA+TKIP+PEAP+CCKM on the WLAN and devices but all roams still reauth to ACS. CCX version on Intermecs is only 2 so I suspect that is the issue with CCKM. Any help would be appreciated.

Elliott Shawd Mon, 06/21/2010 - 15:34

I grabbed this from the specs sheet really quick and I suspect you are right about CCKM, but notice the text "WPA2 Cisco Compatible logo

indicates compatibility with a Cisco infrastructure." From this, it seems like your device should work with WPA2 no problem. And your Cisco infrastructure should handle the key management for this WLAN without configuration. Do other devices roam okay on this WLAN?

Integrated Radio

Data Rates:

Up to 54 Mbps per 802.11g;

11 Mbps per 802.11b

Antenna:

Internal

Standards Compliant:

IEEE 802.11g (2.4 GHz - OFDM),

IEEE 802.11b (2.4 GHz - DSSS)

Radio Power:

50 mW Security: WEP, WPA2, 802.1x

(EAP-TLS, TTLS, LEAP, PEAP), Microsoft VPN*

Certifications:

Wi-Fi, WPA2 Cisco Compatible logo

indicates compatibility with a Cisco infrastructure

mscherting Mon, 06/21/2010 - 16:14

Other CCX compliant devices do roam.  I dumbed down the WLAN today, allowing WPA/TKIP, 802.1x+CCKM.  I found a setting in the scanners for CCKM-WPA, but not for WPA2.  Not all the scanners even have this option though.  They were Mfg'd in '07.  I'll need to beat on the owners of the scanners to get them all up to date!

After dumbing down, I was able to roam with one while running a constant 1024 byte ping with 100% of the packets going at 54Mbps.  Dropped one ping when I walked under a loading dock.  Roams do appear to go all the way back to ACS.

I'm going to let this run for a while & see what happens.

Thanks for your help!

janf Tue, 06/22/2010 - 09:22

Elliot,

Thank you for pointing out something I did not think of! The firmware. I grabbed a unit with newer firmware and the roaming worked as it should with PEAP/802.1x/WPA2. I read release notes on the firmware and saw the following: "Roaming has been enhanced significantly". Sometimes you just don't think of the simple thinks like this.

Thanks again!

JF

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode