I've got two Cisco Aironet 1140 Access Points in my office. They're both setup as AP at opposite ends of the office with the same SSID, so employees can walk throughout the office without losing connectivity.
We recently re-started one of the AP's, but ever since the re-start, users cannot roam from one AP to another without dropping their internet connection to the outside world. In other words, if I originally connect on Side A and walk over to Side B, I lose my internet connection. Users can still access the internal network, and I can launch the web interface for both AP's. But, it seems like the DNS doesn't recover until I go back to Side A.
Any idea on what we could do to remedy this issue? Thanks for your help!
Need some more information in order to try and help you:
What mode are these AP's in? Autonomous or Lightweight?
If it's lightweight - what type of controller do you use?
It may be that the AP has failed to associate with a controller, or to get a valid IP address, logging into the console of the AP that appears not to be working would offer some more light with some debugging enabled?
The APs are running autonomously. They both have WPAv2 enabled with open authentication. It is supposedly using the AES CCMP cipher, although the web interface seems to default to WEP 128 bit each time I check it. We tried disabling the Aironet Extensions, but still continue to have issues.
Now the issues do seem to be isolated to Macbooks. PCs seem to be able to transition between the two APs, although there does appear to be spots where you can tell when the transition between the two APs is occurring.
Basically, the wireless connection holds, no problem. I can access the APs throughout the office. But, the internet drops when I walk from one end of the office to the other. If I walk back, then it is able to re-connect to the internet once it reauthenticates with the original AP.
I would not even suggest moving down the road of WDS for a 2 AP PSK configuration for sake of overcomplicating what seems to be a basic problem. The clients should be able to roam fast enough with the PSK to where the end-user would not even notice. There is a larger problem here.
Can you post the run-config from each of your APs? Are these APs on the same subnet?
You say you can reach your "internal" network resources when you have roamed, but not the "internet". If you can still reach your default g/w and internal resources; your wireless is working just fine. Access to the "internet" is in no way an indication that this roam is not working. If you roam and your client can no longer reach it's default gateway, "then" you might actually be having an issue. Are you "sure" DNS is the problem you are facing? Can you move to AP B, which doens't seem to have internet, and ping a public IP address like 22.214.171.124?
There are other debugs we can run to see what is happening, but I would start by posting both run-configs. Specify "which" AP appears to be causing the problem.
Lets be clear WDS is more over for 802.1X Auth fast romaing.
If you use PSK, then you only do a 4 way handshake between the AP and client.
If you do 802.1X you have the PEAP Auth and 4 way handshake.
I agree with David .. Lets see the config...
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...