Cisco Wireless :: 1242 - Roaming Between APs With No RADIUS
Feb 9, 2011
I have 3 Cisco 1242 WAPs that I have deployed at a site that has NO RADIUS/AAA devices. I have given all of them a different channel (1,6,11), but the same SSID and crypto (WPA2-PSK). The issue is when a machine boots up it associates with the closest/strongest AP, but as the device "roams" it does not which to a different AP. It stays associated with the original AP until that signal is gone. Then it quickly associates with the closest AP with no problem.
How do I get the device to associate with the strongest WAP? I have research "fast roaming and WDS" but it seems like you need EAP/LEAP and they do NOT have that at all.
I am trying to configure a 1242 or 3502 WGB with PEAP. There is not ACS server involved as Windows RADIUS is used. I can get the WGB to work with OPEN Authentication but when I attempt to add in the authentication/security piece I get "no association." Below is my current config. The WLAN is set to use WPA/WPA2 802.1x + CCKM.
Current configuration : 1812 bytes ! ! Last configuration change at 00:56:39 CST Tue Mar 2 1993 version 15.2
I can't seem to get the SSID RadiusTest to work properly.
Windows PC's show "Windows was unable to find a certificate to log you into the network". Macs don't authenticate either. Radius server isn't seeing any requests at all. Radius server is working because we are authenticating other things to it.
On my test 1231, IOS is 12.3(8) JEB1.
version 12.3 no service pad service timestamps debug datetime msec
I have 5 access points (WAP4410N) all connected to a befsr41 8 port/switch router, each AP has it's own SSID. Is it possible to to have one SSID for the entire wireless network so users do not have to change SSID's every time they change locations?
I have an issue where I have an AP in one room and another in another.When I walk from one room to the other, I lose signal but manages to see the SSID and join.But, I cannot seem to surf the Internet, I have to manually disconnect and reconnect. Normal wireless routers I reconnect seamlessly without any manual disconnect & reconnect.Currently using cisco 5508 and ap2600.
I currently have a UC540 system with 12x aironet 1130 APs. Seamless roaming does not seem to work, and the recommendation seems to be to introduce a WLAN controller.
I´m trying to find the best configuration to improve the roaming in a WLC 7.3I changed the power threshold under the TPC to -67 and in the client roaming I put in custom mode and the minimun RSSI in -78 dBm.but I was wondering if there is a specific configuration to improve the roaming.
Currently have a 5508 in the lab and testing 4 AP's with it. Eventually there will be 18 AP's spread thru out different floor in our building.
So far access is working fine using WPA, 802.1x and the client configured to use windows logon credentials..But it doesn't seem to automatically transfer between access points.
have configured Cisco IPPhone 7925G with EAP-TLS setting. (With manufacture installed and Userinstalled certificate). My issue is while roaming from 1 AccessPoint to another AccessPoint the call getting droped. I need to restart the IPPhone to reauthentiate again. In ACS am agging the authentication time-out error. (I had changed the time out value for EAP-TLS to 20 in WLC as per recommendation.)
If am using static web key there is no issue in roaming.
What is the reommended setting inorder for the EAP-TLS to work properly.
Is it possible to set up a roaming wireless network with wireless access points that are different brands from one another (i.e., D-Link, Cisco, Belkin, etc.)? If so, is there anything special that needs to be configured?
But my laptop often times changes access points as I move about in my office to try to optimize the signal strength, which causes the network to stop working and I had to do "ipconfig -renew" to continue using internet. Problem now is that the IT desk told me that the AP's are overloaded.
I'm using two cisco 1242 AG access points to configure WDS feature. I've named the accesspoints as AP1(acts as WDS) and AP2. Since I've only two accesspoints, I've configured the AP1 to act both as a WDS and as a regular accesspoints.Further I'm using the local radius server within the AP1 to authenticate both clients and infrastructure accesspoints. And both APs are connected to a router (which act as a dhcp server) via a unmanageble switch and both accesspoints are getting registered with WDS.But the issue is when I tried to connect to the configured SSID, it promts me a "authentication window" but after entering the configured username and password, i'm not getting authenticated by the AP.
I've attached the configurations of both APs to for your reference and I've used the following cisco document as a guideline to crate the WDS. [code]
I'm having a little issue with some Cisco Aironet1242ag WAP's. I receive a call at least twice a month stating that some of the WAP's are not giving out internet connection. What I always do is go to my patch panel and disconnect those WAP's not working and connect them back again so they can power cycle. These WAP's are connected to a Cisco3750g. Once the WAP's boot up, the users can connect to the WAP and connect to the internet.
I don't know if these WAP's are filling up with some information that causes the access points to not connect to the WAN.
I am having some troubles with client roaming on a 5508 controller running firmware 7.3.101.0. As soon as a client roams outside the range of an AP they lose data flow and do not seem to transition to another AP for about 1 minute.This is a small network with 6 x AIRCAP3502E-N-K9 AP's (running in H-REAP mode) on the same floor and clients are a mix of HP notebooks, Mac Books, iMacs, iPads and iPhones. There are several seperate SSID's setup and the problem occurs on all. All are WPA2/AES with either a PSK or 802.1X. Both 2.4GHz and 5GHz radios are enabled with auto power and channel selection.
I have tried changing the roaming settings from default and also playing with the AP power settings to no avail.Is this normal behaviour or is there something I can do to improve the reconnection speed?
Under the section intra controller roaming, WLC 7.0 config guide states that " When the wireless client moves its association from one access point to another, the controller simply updates the client database with the newly associated access point. If necessary, new security context and associations are established as well" URL.Within the phrase "If necessary, new security context and associations are established as well" . What is meant by the new security context ? My understanding is that only an update to the MSCB (with the AP info) is the only requirement as the client is within the same controller and subnet.I just can't think why would the security info needs to be updated.
Actually we have a 4402 controller with 1120 APs both of which are marked as EoL products, we want to jump over the new 2600 APs and 5508 Controller for increase signal coverage but we have the following deals:Last firmware for 4402 controller is 7.0.Firmware needed for 5508 to support 2600 APs is 7.3.Is it possible to configure mobility between 4402 and 5508 even with different firmware branch?
I have two 5508, no anchor, only one SSID with internal web authentication using radius server.Under "Configuring Mobility Groups", Cisco guide says: "If a client roams in web authentication state, the client is considered as a new client on another controller instead of considering it as a mobile client".
I understand that if a client that has already autheticated via web roams between two LAPs that are associated with different WLCs, it has to reathenticate.
I'm looking to deploy a 2504 controller and some AP1142s but would like to provide the client with an alternative, lower initial-cost option in my proposal. I've been researching the AP541N access points but several areas of their implementation seem unclear to me.
Clustering: For the clustering feature is it necessary for the network to have other SBCS components (500 series platforms)? All of their other features are either unapplicable to or already implemented in the network in question; if I have to add another appliance I would rather go the LWAPP route and use a true WLC.
What are the cababilities of clustering? Can I implement some form of wireless resilience by spacing APs closer together than necessary and they will lower transmit dBm and intelligently respond to attempt to cover a new cell where an AP has gone down?
What about roaming? I believe Cisco advertises this as part of a small business voice solution. A client roaming between two access points in the same mobility group (cluster?) on a wireless voip phone should be able to keep connection, as it's analogus to some critical UDP communications that are going to take place on the clients.
I am running a WiFi network built on Cisco 1262 APs and Cisco WLC 5508. My APs broadcast two SSIDs, let call them "WiFi_Pay" and "WiFi_Free". I have a problem: when users migrate from "WiFi_Pay" to "WiFi_Free" (not moving, connecting to the same AP), the connection fails. If they try for second time, it is always successful. My task is to ensure that such migrations run smoothly and be successful from the first attempt.
Is it possible to make a bridge using a 1242 and a 1310? I have been able to get them to associate together and it appears it will function as a bridge. I have the 12(4) 253 JA IOS for both devices. I would like to use the g antenna on the 1242 for the bridge and the a antenna for wireless clients. The configuration on the web management appears to support bridge root and non root for both devices.
I am trying to upgrade an autonomous IOS 1242 AP to LWAPP and I am having an issue with finding the right code to complete the upgrade. I have upgraded the AP to c1240-rcvk9w8-tar.124-21a.ja2.tar, but now I think I need a JX version of code to have it join a controller, and I can't find this anywhere on the Cisco site.
i need to change the IOS in a Ligthwiegth Access point and make it work as an Autonomus AP 1242. I have got the image but im not realy clear about the process. I got to enter the Ligthwiegth Access point true the console port but i dont know how is the upgrading process.
One of Cisco Wireless AP 1242 installed in my premises restarts itself; AP is getting power from Catalyst 2960 POE. I am using multiple SSID on this AP. I have issued the show tech-support. I have seen below in tech-support System was restarted by unknown reload cause - reason ptr 0xF, PC 0x46FEB8, address 0x0? what could be the reason of restarting of AP. AP is in production since 1 year and it restarts seldom.
When I tried to add new AP 1242 to my network I had following problem:
The Ap was constantly reloading and I was getting message
Wed Mar 20 13:32:12 2013 AP 'UBFT-E06-F0A-R09-0022.901b.a6ba', MAC: 00:23:ab:27:1f:30 disassociated previously due to AP Reset.
%CAPWAP-3-IMAGE_DOWNLOAD_ERR3: capwap_ac_platform.c:782 Refusing image download request from AP - unable to open image file /mnt/ap_bundle/ap.pri//c1240
I decidet to reinstall software on WISM 2 modul (7.2.111.3) this fix the problem and AP joined controller but during this process I have lost connection to 87 AP for 3 seconds and then they joind back again.
my hardware set-up : 2x AP 1100 series, 2x AP1131AG (not connected to a Cisco Switch)...all with the latest Cisco iOS
What i want to do is connect these APs and broadcast the same SSID (e.g Aironet and NOT Aironet1,Aironet2..etc). Doing that, a user with a laptop can roam between these APs and won't have to re-enter the password of the SSID every time he changes AP. I would also like the encryption to be with a 128bit password key. From what i have read, i need a local authenticator to do what (Something called Local Radius Server).
I have three Autonomous AP´s in a small office running voice applications, all of them are connected to the same infrastructure switch and they have same configuration, voice Vlan is configure to open authentication. I have two models of AP 1252 and 1262 and I paste Radio configuration below.
First issue: During calls users are facing problems when roaming between AP´s, and eventually calls are dropped. Second issue: Sometimes one of these AP´s(1252) lose all transmit signal and when return I got authentication error on log.
Setting up a multi floor WLAN using a 6500 WISM Controller. Each floor has an AP group with the floor WAPs assigned. Each floor has a VLAN and the WLC has an interface configured. Each floor has a WLAN configured with the same SSID and the only change is the interface on the WLAN per floor.DHCP is remote on AD servers and each floor as a scope configured.Each floor works fine - we can get connected and get assigned to correct IP address. The issue we had with this setup was moving between floors. When we move up a floor the client loses connection to the inital floor (coverage - as expected). if we disconnect and reconnect it connects to the new floor SSID and gets an IP from DHCP.When looking into this - I then created an interface group and added all the floor interfaces into the group. I then applied the interface group to each floor WLAN and did soem testing - it worked as expected. I could now move between floors.The issue with this is though. When I was testing I already had an IP address assigned from DHCP - before I changed to interface groups. The issue is that the intial DHCP assignment no longer works and we cant connect to the WLAN anymore,
I'm about to purchase 2 Aironet APs, either 1140 or 1160 Series for a small Business. I know too little about the AP installation. How to let both APs works in Roaming Mode so that users can move freely within the site without having to drop and connect from one AP to the other.
Since two months they work full time with the new Dutch Electronic Patient Dossier.We installed 3 Cisco 5508 controllers, version 7.0.230.0 last year on a HP-switched network on a layer 2 mobility domain.Cisco 1041 AP are
The personnel works woth thin clients url... The one with the double antenna.This client has a Broadcom BCM943228HM4L 802.11 a.b.g.n (2x2) adapter.
On the client they have a connected RDP session to a server with the documents.Now they are walking from one patient to another patient. The problem they experience is a very late roaming. At the beginning of the corridor, the client will associate, but is going to roam at the end of the corridor. We installed 4 AP's on each corridor, so they signal is very well, maybe to well?
I disabled client loadbalancing and band select.The lowest data rates are also disabled. Mandatory begins at 12 Mbps. I can increase this to 18 Mbps.These clients work with PSK, with both methods (WPA-TKIP and WPA2-AES) enabled.We did this because of many old and new clients.
The customer tried to find out the problem with a smartphone, same issue. Very late roaming.I can upgrade the WLC to 7.0.240.0. The only problem I have is the WCS. When upgrading to 7.2 and higher I need to have NCS.
We have standart wireless deployment with 24 APs (1240G model) and wireless controller 4402-25 placed on same site.Most of clients (WMS RF terminals ) works with one WLAN (WPA2-PSK) and constantly roam over warehouse , and that works great.
But for better survivability(when controller dies) we are trying to configure HREAP on our APs with local swicthed local auth WLAN. And that also work , but client roaming occur much more slowly and RDP connection to WMS APP server sometimes stuck for 2-5 sec.Disabling "local switching" checkbox for WLAN make roaming almost momental.
And slow roaming are price for controllerless HREAP design ? And for fast roaming and survivability we must use N+1 wlc?
recently we have deployed a Two APs in branch office warehouse and I have one wifi phone 7925 used over there. the problem is every time when phone roaming from one AP to another, 2 or 3 packets dropped, following is result of the 'debug client ':
--More or (q)uit current module or <ctrl-z> to abort*apfMsConnTask_7: Jun 27 09:52:25.496: 88:43:e1:4f:ab:39 Association received from mobile on AP a0:cf:5b:c3:a8:90*apfMsConnTask_7: Jun 27 09:52:25.497: 88:43:e1:4f:ab:39 10.107.38.121 RUN (20) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1621)*apfMsConnTask_7: Jun 27 09:52:25.497: 88:43:e1:4f:ab:39 Applying site-specific IPv6 override for station 88:43:e1:4f:ab:39 - vapId 14, site 'AKL-AP-GP', interface 'management'*apfMsConnTask_7: Jun 27 09:52:25.497: 88:43:e1:4f:ab:39 Applying IPv6 Interface Policy for station 88:43:e1:4f:ab:39 - vlan 38, interface id 0, interface 'management'*apfMsConnTask_7: Jun 27 09:52:25.497: 88:43:e1:4f:ab:39