I'm configuring a WLAN with no layer2 security, and I have configured the web-policy layer 3 security method with a preauth acl to allow connections to a couple of vpn concentrators for unauthenticated users.
Everything works fine, but I have observed a few things that worry me
a. When a client disassociates from my wlan, the wireless controller takes about 5 minutes to discover that this has happened. It looks as if it doesn't get the disassociation event.
b. if the client has not authenticated through the web-auth page, every about 5 minutes the client seems to be briefly disconnected from the WLAN and connect again immediately. This displays an annoying popup to the user and one-two packets are lost (I see this from a continuous ping I run concurrently)
The client statistics on the PC show that a roaming event has occurred but since the only AP with adequate signal is next to the PC I don't see any reasons for roaming.
Does the roam event occur every 5 minutes or every 10? If it is 10 I bet you have your RRM refresh set to 600 seconds (default). When a RRM refresh occurs if there is a change of channel selection on the APs or power for that matter, there is a brief disconnection to the client to allow for reassociation under the new channel/power assignment configuration. This could be your problem. To test turn RRM off for about 30 minutes. If you have no disconnect, you have your answer. You can then set RRM refreshes to occur less frequently.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...