I have a doubt regarding wireless reconnections.
I have 2 Linksys WAP2000 access points, both configured as "access points", and a Windows XP SP2 native supplicant/client with a Ralink chipset and latest driver rt2860 version 188.8.131.52.
I set identical settings in both access points: SSID, WPA2-AES, Radius, EAP-TLS. Theoretically, this should make roaming seamless.
However, the whole roaming process takes at least 35 seconds (during which I have no connectivity; so it's lethal for real-time apps).
This 35-second time lapse also occurs when I only have 1 access point and go out of its wireless coverage and then back in. ie. it ALWAYS takes 35 seconds to authenticate, whether it's roaming or not.
What could be the root cause of this?
Is it just a Ralink driver issue?
Does anyone have experience with this driver and are there options I could tweak (haven't found any useful options yet)?
In a stand-alone Cisco Autonomous environment, the use of a WDS helps with seamless roaming, especially when you are using EAP authentication. I bet if you just use WPA/WPA2-PSK, your roam times are better. When you roam in your environment, you are basically reauthenticating every time and that is normal. I don't know if you can setup one of those AP's as a WDS or an AP that can cache credentials, but that is the only way I can see roaming to actually work.
Actually, this 35-second time lapse also occurs when the supplicant goes out of AP's coverage and then back in. Imagine just one AP and one client (no roaming) going out of wifi coverage (until I get the Win XP "hardware error" message and the nic status is "disconnected") then back in quickly (I physically move the client towards the AP).
WDS shouldn't make a difference in this case. Yet it acts the same way. It takes a long time to reauthenticate or reassociate.
Actually, I think it's an association problem because a test I performed today while looking at the radius server log showed that:
So I'm deducing that communication coming back from the Radius server to the supplicant via the access point is quick and clean. It looks like the bottleneck is when the client "sends" to the AP, ie. it doesn't "associate" quickly enough.
Now, how can I determine if this is a "wlan driver" issue or if the problem is on the WAP2000 access point?
That is very slow. one thing you may want to do is test with a different machine and see how fast or slow you are able to authenticate. That can help determine if its the device or the AP. Test it with another device that has a different wireless card.... like a PDA, iPhone, different laptop, etc. You can always update or downgrade the firmware on the AP to see if that makes a difference. What type of encryption are you running?
Thanks, I'll try with another device (if I find one...) but on Monday.
I'm using WPA2-AES, Radius, EAP-TLS but I've also tested without wifi security, ie., "open system" and with WEP alone, and WPA+TKIP and I'm still getting slow associations.
So it doesn't seem to be related to the type of security.
Thanks for the feedback.
By the way, have you ever used a WAP2000? Would you recommend it for roaming?
Earlier, you mentioned using Cisco technology with WDS. Does WDS require special ethernet switches or other hardware/software? Or does WDS simply have to be implemented on the AP alone?
The WAP2000 ad boasts "fast roaming", whatever that means... but it doesn't say anything about WDS.
Any favorite AP?
EDIT: I quote: WAP2000 "Supports wireless roaming based on 802.11F (Inter-Access Point Protocol [IAPP])"
That should do the same as WDS, I suppose.
I have not used the WAP2000, my experience is with the Cisco Enterprise equipment.... but anyways, 802.11F was really based on standardizing on multi vendor support with roaming... like mostly all ap's. The issue you have is slow association/authentication... if you have this even with no encryption, then it is most likely your wireless card/driver. On the other note... roaming between AP's and using an authentication method that requires the use of a radius server will always cause you to reauth when roaming unless the WLAN supports seamless roaming as do in a WLC environment or and Autonomous environment dedicating an AP as a WDS server. Work on the issue regarding the slow association/authentication part first then focus on the roaming. That's what I would do.
Today I tried connecting with a different laptop. This time it took only around 5 seconds to access. Huge improvement. So since this laptop has an Atheros chip and the other a Ralink then I guess it's a "faulty" driver (although there are other factors such as the OS - Win XP Home vs. Pro SP2).
Still, 5 seconds is too much for roaming.
How can I get "seamless roaming" in my setup (when auth requires a Radius server).
Do I need special equipment?
Can I still use my WAP2000 or must I replace them?
What is a "WDS server" exactly and how can I implement it?
Well initially when your wireless device searches for a signal and tries to associate and authenticate, then 5 seconds seems average... especially since you are using a radius server. Now if you have two WAP2000's and you are roaming between the two, then test to see if the connection fails during roaming. Do a TFTP, FTP, RDP or something while roaming and see if roaming works or not. Again, I have not used the WAP2000 and could not tell you if the 80.211F works or not
Here is a link about WDS in an autonomous environment.
If you want to go lightweight and you only have the need for 1-6 AP's, then look at the WLC-2106 and maybe an 1131AG or 1242AG. I know for sure you will not have any issues with roaming unless something isn't setup right.
With a remote desktop session open while roaming (RDP), I notice a temporary freeze but the connection keeps alive.
However, voice over IP would definitely sound ugly in these circumstances (did not try yet).
I still don't appreciate the difference of having 802.11F or not.
I tried with "non-802.11F" access points and they behave the same.
So if I get it right, WDS (which I first thought meant Wireless Distribution System but it's actually Wireless Domain Service) requires 2 types of devices:
* WDS-enabled access points that "communicate" with a WDS "service" (so I can't use my WAP2000... wasted money there)
* a WDS "service" which can be implemented by many types of hardware (by the way, is there a "poor man's" WDS service solution, maybe an OSS Linux project? Can HostAP be used for this?
I don't know if a poor man's solution will work or not..... and yes... voice will have an issue for sure. The WAP2000 is really for home use... my opinion. When you need more than one and are doing multiple ssid's, roaming, voice, etc. Then you need to look into the enterprise equipment.... You might be able to find some refurb or people selling some 1131AG or 1242AG online.... just a thought unless you want a brand spanking new one:)