There is a conference room where AP-a is closer, but AP-b is still within range.
Clients associate with WPA and authenticate with Radius secure ID. Everything is great. Signal strengh is about -70db.
Then after a while (time is never the same), with the user still sitting in the same seat, AP-b prompts the client for authentication via secure ID. Of course this drops the connection. The signal strengh is -90db to -95db so it doesn't stay connected long. When it drops the user has to auth back to AP-a.
Per the specs the client decides when and where to roam. There are a couple things you can try to do to help. First thing is depending on the supplicant you are using you may be able to adjust how sensitive its roaming is. The other is to adjust the power levels on the AP's so that the other AP isn't as good of a roam candidate.
By all means always regulate your power settings as stated before, but if you are using any radius authentication you need something to act as the go between between the radius and the client. Otherwise, no matter how well you get your infrastructure tweaked, any roam at all will present the same way.
If you are LWAPP, there is a tick box that must be checked to allow roaming.
The following sections describe WDS even though the Cisco wireless mobile interface card (WMIC) cannot be configured as a WDS server even when it is configured as an access point. However, when configured as an access point, the WMIC can use a WDS server and can act as a WDS authenticator (client).
When you configure an access point to provide WDS, other access points (such as your WMIC, if it is configured as an access point) on your wireless LAN use the WDS access point to provide fast, secure roaming for client devices and to participate in radio management.
Fast, secure roaming provides rapid reauthentication when a client device roams from one access point to another, preventing delays in voice and other time-sensitive applications.
Access points participating in radio management forward information about the radio environment (such as possible rogue access points and client associations and disassociations) to the WDS access point. The WDS access point aggregates the information and forwards it to a wireless LAN solution engine (WLSE) device on your network.
I have one site that has a mix of AP1200s with B radios and 1242s with G radios.
One particular area of the site has users experiencing authentication breaks and causes loss of connectivity. The two APs in their area are 1242s, but directly above them on the 2nd floor is a 1200. I have seen a log this morning on one of the 1242s showing the 1200 above them as a rogue (this is the first time i have seen it):
Mar 27 09:07:13: %DOT11-6-ROGUE_AP: Rogue AP 000f.f858.889f reported. Reason: Authentication timed out.
I have checked configurations and firmware and we are standard, but the users still are having issues. I adjusted the power settings and verified that there is no channel interference within this area last week and the users said that it worked great for two days, then this week has been poor.
I am stumped a bit, and wonder if it is a user configuration(but they use a standard client config with a standard wireless utility) or an authentication issue with our ACS. I did see this log this morning as well...
Mar 27 08:55:39: %RADIUS-4-RADIUS_DEAD: RADIUS server x.x.x.x:1645,1646 is not responding.
We swapped ACS servers a couple weeks ago so the new ones should be working correctly as the network team worked with Cisco to get it right.
Do you have any ideas? Should i attempt a WDS scenario? We have not implemented the LAN controller yet as we are still in testing phases
Hmmm...the very first thing I see that you either are or will have issues with is the mix of B only and BG AP's. The client wants to go as fast as it can, which means a G client will look for the ability to transmit and recieve at the faster data rates...even though the B only AP is closer. This will cause much pain and I have spent the night upgrading AP's before so please take this into consideration.
You need WDS (autonomous)or something that will cache the client credentials during roaming. Cisco should be bringing that up...If these are going to be converted to LWAPP there's a whole other process - much less painless then autonomous
Dead radius sounds like a whole other problem that I wouldn't know enough about.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...