×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

roaming problem

Unanswered Question
Dec 28th, 2006
User Badges:

i have

1230 ap (120.3.8)

7920 (4.0.0-01-08)

one SSID

authent: open

encryp: none


the two access point was configured and ( 30% overlap and more) when i tried to connect to the first access point (using wireless ip phone 7920 )its connect but when moving to the other AP its disconnect and having this message (authentication failed)

please advice and what must do

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Rob Huffman Sun, 12/31/2006 - 06:22
User Badges:
  • Super Red, 40000 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Ahmed,


To support roaming for the 7920, you should probably look into setting up WDS. Have a look at the following;


Wireless Domain Services (WDS) act as a central authentication entity that supports a fast client rekey, rather than requiring a full RADIUS reauthentication each time the client roams. All access points and clients in a L2 domain 802.1X authenticate to a RADIUS server via the WDS that performs the role of 802.1X authenticator. Because all clients and access points authenticate via the WDS, the WDS is able to establish shared keys between itself and every other entity in the L2 domain. These shared keys enable CCKM fast secure roaming.One of the main purposes of WDS is to cache the user credentials as soon as the authentication server authenticates the client for the first time. On subsequent attempts, WDS authenticates the client on the basis of the cached information.



From this doc;


http://www.cisco.com/en/US/products/hw/wireless/ps4570/prod_technical_reference09186a00801c5223.html#wp39351


The WDS device performs these tasks on your WLAN:


Registers all client devices in the subnetwork, establishes session keys for the client devices, and caches the client security credentials. When a client roams to another AP, the WDS device forwards the client security credentials to the new AP.


From this excellent doc;


Wireless Domain Services FAQ


http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00804d4421.shtml#intro


Wireless Domain Services Configuration


http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml#step1


Hope this helps!

Rob


Please remember to rate helpful posts.....

Richard Atkin Sat, 01/20/2007 - 05:43
User Badges:
  • Silver, 250 points or more

If everything is open, then you don't need WDS. Most likely problem is that there is a configuration mismatch between the APs.


Check that;


- SSID / VLAN mappings are same on both APs

- Authentication / Encryption settings are same on both APs and the 7920

- Channel settings are different (ie, use 1 & 11)


HTH,


RA

migilles Sat, 01/20/2007 - 12:13
User Badges:
  • Cisco Employee,

There was an issue in 1.08 firmware where the phone would send a null BSSID in reassociation packets. This was fixed in 1.09 (CSCeg33605). Encourage to use 3.01 firmware. It is mentioned in the firmware release notes to use 1.09 or higher when using AP fw version 12.3(4)JA or higher.


"Note 1: Firmware version 1.0(9) or higher is required to interoperate with the 12.3(4)JA or later IOS releases for the Cisco Aironet access points as well as for the Cisco Airespace and some 3rd party access points."


http://ftp-sj.cisco.com/cisco/crypto/3DES/voice/ip-7900ser/cmterm-7920-sccp.3-0-1-Readme.htm

Actions

This Discussion