Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

1242ag and fast roaming. Possible?

Equipment/Configuration:

Controller 4402-25 (4.0.179.8)

1242AG AP (3 currently operating)

LWAPP Transfer Mode is Layer 3

WPA2 Security

-Warehouse/Manufacturing Environment-

-Testing Phase-

We have several mobile laptop users that need to access a SQL database and it is critical that a network connection is maintained when switching between access points.

The problems we are currently having is that when roaming, connection is briefly broken and some data packets are being lost.

We have tried different config and threshold changes but still same results.

Any ideas would be appreciated.

Thanks!

Gary

17 REPLIES
New Member

Re: 1242ag and fast roaming. Possible?

What client card are you using? We have gotten this to work with the Intel cards and the Intel Proset/Wireless 10.5. We use machine certificates, which means the only catch is that all users need to have read access to c:\Documents and Settings\All Users\Application Data\Microsoft\Crypto. The reason we choose machine certs with PEAP-EAP-TLS is that we needed something that will give us wireless from boot on and we weren't able to get the transition from the machine logon to the user logon to work with User/Machine certs.

Silver

Re: 1242ag and fast roaming. Possible?

Have you enabled CCKM? CCKM usually gets you the quickest possibly roam times, but you need cards that support it. Intel 2200/2915 cards have the option in ProSet, but do not actually support CCKM and will have issues roaming if you enable it in the software.

Let us know what clients you are using and if you are using windows zero config or another supplicant such as Intel ProSet. We might be able to provide more specific info. Also include info about what authentication methods you are trying to use.

-Eric

New Member

Re: 1242ag and fast roaming. Possible?

Thanks for your response!

Currently we are in the testing phase and are starting off with the most basic security and authentication methods. But any suggestions and locations of reference would be greatly appreciated.

We are using the Intel 2915abg adapter. (driver version: 9.0.4.17 and wireless software 10.5.0.1)

Currently we are just using WPA2 Personal Security. Have not looked into Enterprise Security yet. I noticed that when enabling that, there are several different Authentication methods. Is PEAP the way to go in order to enable CCKM and is this difficult to setup?

Any suggestions on material for setting this up would be greatly appreciated.

Thanks Matt and Eric!!

New Member

Re: 1242ag and fast roaming. Possible?

You will not be able to use CCKM with the 2915abg and peap. the 2915 is CCX 3 compatilbe, and as such CCKM will only work properly with EAP-FAST. Do not worry too much though, we are using PEAP without CCKM and it is working fine with our SQL applications. Just be careful not to set CCKM to on, as it will try to use it and it won't work.

New Member

Re: 1242ag and fast roaming. Possible?

Hey everyone,

Thanks for everyone's input!

I've setup a radius server on our 2003 Server using machine certs with PEAP authentication (per Microsoft's instructions). I've disabled CCKM on our 2915 Intel cards.

Everything seems to work great! Roaming is pretty seamless. But after about 1/2 hour, the client loses total Network Connection permanently. I then have to do a REPAIR on the Wireless Network Connection, then it reauthenticates and seems to work fine again.

Any ideas?? Thanks Everyone!!

Bronze

Re: 1242ag and fast roaming. Possible?

The "1/2 hour" problem could be caused by "session timeout" at wlan level which is default at 1800 seconds.

New Member

Re: 1242ag and fast roaming. Possible?

Thanks for the input!

When that happened I was thinking the same thing.

Just to double-check. I logged into the controller and checked the Wireless Lan session timeout, and it is set at 28800 seconds.

Gary

New Member

Re: 1242ag and fast roaming. Possible?

Gary,

On the Intel 2915 there is a setting called "Roaming Aggressiveness", of which the default setting is Medium, try setting it to High if you havent already.

Also, keep in mind, for good roaming behavior it is critical that you have at least 20% overlap in AP coverage.

Hope this helps,

Brad

New Member

Re: 1242ag and fast roaming. Possible?

Hey everyone,

Thanks for everyone's input!

I've setup a radius server on our 2003 Server using machine certs with PEAP authentication (per Microsoft's instructions). I've disabled CCKM on our 2915 Intel cards.

Everything seems to work great! Roaming is pretty seamless. But after about 1/2 hour, the client loses total Network Connection permanently. I then have to do a REPAIR on the Wireless Network Connection, then it reauthenticates and seems to work fine again.

Any ideas?? Thanks Everyone!!

Silver

Re: 1242ag and fast roaming. Possible?

Did you confirm that you disabled CCKM in the cisco options page for the client? 2915s have a known issue where that option is available but not supported. It causes issues exactly as you describe. Also, do you have MFP enabled on the APs? That is another issue I have seen with Intel cards. I have had to disable MFP (which is ok since no clients support it yet anyways).

-Eric

New Member

Re: 1242ag and fast roaming. Possible?

I checked and I have CCKM disabled on the client. I logged into the controller and checked the WLAN settings and noticed that MFP frame validation is checked, but right next to it says (Global MFP disabled).

So is it or isn't it?

Thanks Eric!

Silver

Re: 1242ag and fast roaming. Possible?

Ok, that means MFP globally disabled for the controller. That's good.

I think at this point you have 2 options that may help, but neither is very pretty. We had almost identical issues, and after a lot of work with Intel and Cisco this is what it came down to:

- Use Windows to manage the connection (or a third party supplicant such as Meetinghouse/Cisco client). This is ok for you since you are using PEAP, but it is not ideal if you like the Proset functionality.

- Work with Intel (this may take weeks of pressuring your hardware vendor to get Intel engaged depending on your company size) and try to get some of their pre-release driver/proset bundles.

We opted for using Windows to manage the wireless, and we have been pretty much rock solid. I cannot speak for the beta drivers, except to say we did still see some odd behavior for the few days we tried them.

I think it is worth you testing one with windows managing it to see if your problem goes away.

As a side note, if you do that I suggest adding the WPA2 hotfix so you get the latest WPA support. The link is below:

http://support.microsoft.com/kb/893357

-Eric

New Member

Re: 1242ag and fast roaming. Possible?

Would it be at least worth a try using a Cisco Wireless Adapter?

The only thing is that the Intel Proset had more settings as far as roaming is concerned.

But can most of those settings be configured on the Controller?? (RSSI, etc.)

I also noticed in the Radius settings under Seccurity on the controller, there is an option to enable credential caching. Would that be worth enabling?

Thanks for all your help Eric!

Silver

Re: 1242ag and fast roaming. Possible?

It's absolutely worth trying a Cisco adapter. The problems I am talking about are specific to Intel cards. If my suspicion is correct, you should be able to work fine with a Cisco card with CCKM, or for that matter any other CCX card such as Broadcom or Linksys. I might be wrong, but I did battle with similar issues for months and the only way we are working right now is without Proset with the 2200 and 2915 cards.

As for the settings on the Intel, all of the roaming and power settings are accessible through the driver page (under NIC properties there is an advanced tab).

The "Credentials caching" option is for use with one-time use passwords, so that should not help you here.

- Eric

New Member

Re: 1242ag and fast roaming. Possible?

Ok, I'll give it a go and let you know how our testing goes. Also, I'll uncheck "Credentials Caching". You've helped clarify that option.

Eric, Thanks again for all your help and feedback!

Gary

New Member

Re: 1242ag and fast roaming. Possible?

Eric,

The wireless connection and PEAP authentication seems to work fine, but the controller keeps reporting WEP decryption errors(one after another) yet clients never seems to have a problem maintaining a connection now. I have the WLAN set for WPA1/WPA2 encryption.

Is it possible I have something configured wrong?

Thanks!

Gary

New Member

Re: 1242ag and fast roaming. Possible?

Eric,

The wireless connection and PEAP authentication seems to work fine, but the controller keeps reporting WEP decryption errors(one after another) yet clients never seems to have a problem maintaining a connection now. I have the WLAN set for WPA1/WPA2 encryption.

Is it possible I have something configured wrong?

Thanks!

Gary

469
Views
41
Helpful
17
Replies