We have a building with 3 floors (1st floor is manufacturing, 2nd floor is offices, as is the 3rd), with many laptops that frequently travel around to meetings, whiteboard sessions, and so on. We have about 175-200 clients active at any given time, all of which are using our "corporate" SSID with RADIUS authentication, handled by 2 x Aruba ClearPass Policy Manager appliances. We have 21 Meraki APs (mix of MR12, MR16, and MR24, though mostly MR16) handling all of these roaming devices. Our environment is small enough that we have a single /24 for this SSID, so we are not doing any kind of Layer 3 roaming (though you could argue we're doing Layer 2 roaming, between APs). We do not have any MX appliances on-site (I know these are popular with environments that require a concentrator, but I don't see the use for this in our case).
In the past, though it seems to be getting worse as time goes on, we've had intermittent issues with devices either being completely disconnected when roaming from one AP to another (then reconnected a few seconds later, dropping all network connections), or (even more common) sitting in a conference room or workspace and seeing their signal strength jumping from 4 bars, to 1 bar, to 4 bars, and so on. Along with these issues, we see lots of "802.1X deauthentication", along with "802.11 disassociation - unknown reason" messages in the logs. Rebooting APs and running standard packet captures (as Meraki support does) really hasn't produced anything helpful. We have some traditional Cisco WLC 5508s in service as well for some of our other locations, which are providing remote LWAPP APs with connectivity, using the same SSID and RADIUS configuration. We don't appear to have any of these random drops in signal, or trouble with roaming, when clients are using those. I should also add that we're using SAP at times, and the number of client disconnects we get using the Meraki-provided network is ridiculous (to the point where we simply advertise that our users cannot reliably use wireless to access SAP resources).
I know there have been several discussions on Spiceworks about roaming, client roaming aggressiveness, different wireless band selections, and so on. Unfortunately, we've tried many of these tweaks (that is, disabling Band Steering, setting Roaming Aggressiveness on clients to both low, medium, and high, and even reducing the number of APs in our environment to avoid over-saturating with available points our clients can associate to), and haven't had much success with any of them. Like others, Meraki support has been marginally helpful, citing knowledgebase articles and best-practices therories,.
So, my questions for anyone willing to answer/add input are:
- Is anyone else seeing similar issues, either given a similar setup (Meraki RADIUS with 3rd party [Aruba] appliances)?
- What have you discovered in your own environment, with possible fixes or workarounds?
- From some reading I've done, Meraki seems to handle "true" Layer 2 roaming in a different way than other vendors (Aerohive, Ruckus, Cisco WLC, to name a few). What behaviors/success have you seen in your environments, with true roaming, using Meraki APs?
We're heavily invested in Meraki as a platform, so changing to a different solution entirely simply isn't an option for us (though I concede that at least in terms of roaming, the older Cisco WLC platform does a far better job).
Any help or input you can provide is greatly appreciated. Many thanks in advance.