Solved: Re: Phone Roaming issue with TLS

ciscoroyzhang · ‎01-24-2012

Hi all

after we move from PEAP to EAP-TLS authentication on the wireless phone, user starts to complain some time the call is cut off. I check on the phone, it will not assoicated with a next LAP. I believe this is somehow to do with the TLS authentication. any one has experienced similar issue and any solution? Thanks Roy.

Scott Fella · ‎01-24-2012

Cisco recommended code for the phones is 1.4.2. Its suppose to provide for better roaming. Now will it fix your issue... don't know. You said you had no issue with peap only when you changed the authentication to eap-tls... no other changes were made correct?

-Scott
*** Please rate helpful posts ***

View solution in original post

Stephen Rodriguez · ‎01-24-2012

what encryption is the WLAN configured for? What firmware is the phone running?

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

ciscoroyzhang · ‎01-24-2012

Hi Steve

We use the cisco ACS as radius server, the authentication method is EAP-TLS, all other method has been disabled.

on the phone: AppLoad ID CP7921G-1.2.1 Loads WLAN firmware ID 4.3.4.22 WLANdriver ID 5.3.1.15

Cheers

Roy

Scott Fella · ‎01-24-2012

Cisco recommended code for the phones is 1.4.2. Its suppose to provide for better roaming. Now will it fix your issue... don't know. You said you had no issue with peap only when you changed the authentication to eap-tls... no other changes were made correct?

-Scott
*** Please rate helpful posts ***

ciscoroyzhang · ‎01-24-2012

H Scott thanks for reply.

I will try to upload the new firmware and update you later,

Yes the when we are running on the PEAP is OK, no roaming issue. someone mentioned to me the CCK setting, but I don't see much information on that topic. need a bit research and test.

Scott Fella · ‎01-24-2012

On the WLAN SSID setting you have two options, 802.1x and 802.1x + CCKM. CCKM might help.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎01-24-2012

•CCKM—Cisco Centralized Key Management (CCKM) uses a fast rekeying technique that enables clients to roam from one access point to another without going through the controller, typically in under 150 milliseconds (ms). CCKM reduces the time required by the client to mutually authenticate with the new access point and derive a new session key during reassociation. CCKM fast secure roaming ensures that there is no perceptible delay in time-sensitive applications such as wireless Voice over IP (VoIP), enterprise resource planning (ERP), or Citrix-based solutions. CCKM is a CCXv4-compliant feature. If CCKM is selected, only CCKM clients are supported.

-Scott
*** Please rate helpful posts ***

ciscoroyzhang · ‎01-25-2012

Hi Scott, just quick update, upgrading the firmware to 1.4 has fixed the is problem. many thanks. cheers Roy

Scott Fella · ‎01-26-2012

Well that is good news and a quick fix:)

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***