Cisco Wireless :: Inter Subnet Roaming With No Layer Device 3825
Mar 29, 2012
The following picture is from a network in a hotel:
- Cisco 3825 is managed by AT&T. No access to this.
- There is no Layer 3 device in this network.
- Access Gateway at 100.1 operates at Layer 2. It receives tagged traffic in order to keep track of billings and user accounts so we can't add a Router in internal network. (Please verify)
- WLC's Management Interface lives in VLAN 100 at 100.2 with Default Gateway of 100.1
- Another WLC with Management Interface different VLAN than above, will be connected to the "Core Switch" to have Mobility.
- With Mobility Groups, IP connectivity must exist between the management interfaces of all controllers.
- Routing between VLANs need a Layer 3 device.
Any possible solutions to establish IP connectivity about the following:
- Changing Management Interface VLAN on one side and match it with the other side to eliminate Routing Requirements and having Inter-Controller Roaming instead of Inter-Subnet Roaming. (Reboot required?)
- Adding a NAT device between two WLCs and use Proxy ARP. (Haven't done this before, does this work?)
- Do you have better solution(s) in mind?
Setting up a multi floor WLAN using a 6500 WISM Controller. Each floor has an AP group with the floor WAPs assigned. Each floor has a VLAN and the WLC has an interface configured. Each floor has a WLAN configured with the same SSID and the only change is the interface on the WLAN per floor.DHCP is remote on AD servers and each floor as a scope configured.Each floor works fine - we can get connected and get assigned to correct IP address. The issue we had with this setup was moving between floors. When we move up a floor the client loses connection to the inital floor (coverage - as expected). if we disconnect and reconnect it connects to the new floor SSID and gets an IP from DHCP.When looking into this - I then created an interface group and added all the floor interfaces into the group. I then applied the interface group to each floor WLAN and did soem testing - it worked as expected. I could now move between floors.The issue with this is though. When I was testing I already had an IP address assigned from DHCP - before I changed to interface groups. The issue is that the intial DHCP assignment no longer works and we cant connect to the WLAN anymore,
LAN subnet conflicts with WAN subnet. My router is d-link 825 and my cable modem is Cisco EPC-3825. Op system is W7. Everything worked great with an older cable modem (Cisco 3000).
I am working with a device that does not have a physical reset button on it, and have mistakenly typed in 127.x.x.127 for it's IP. I was trying to use 172, but mistyped and didn't catch it until after I had rebooted the unit. Is there anyway that I might be able to gain access to the device. My PC is running Windows 7, but I am familiar with linux as well. I have attempted to change the loopback adapter IP to 128 on a ubuntu live disc and set my ethernet port to the subnet the device is on with no avail. (I am also using vlans on the device, but believe I have them set up correctly)the device is set to IP: 127.x.x.127 netmask 255.255.255.128. [code] I know that the last octet of 127 is the broadcast IP for the range, but have been able to address similar blunders before by forcing myself to a /24 subnet to correct that.
I have 5 access points (WAP4410N) all connected to a befsr41 8 port/switch router, each AP has it's own SSID. Is it possible to to have one SSID for the entire wireless network so users do not have to change SSID's every time they change locations?
I have an issue where I have an AP in one room and another in another.When I walk from one room to the other, I lose signal but manages to see the SSID and join.But, I cannot seem to surf the Internet, I have to manually disconnect and reconnect. Normal wireless routers I reconnect seamlessly without any manual disconnect & reconnect.Currently using cisco 5508 and ap2600.
I currently have a UC540 system with 12x aironet 1130 APs. Seamless roaming does not seem to work, and the recommendation seems to be to introduce a WLAN controller.
I´m trying to find the best configuration to improve the roaming in a WLC 7.3I changed the power threshold under the TPC to -67 and in the client roaming I put in custom mode and the minimun RSSI in -78 dBm.but I was wondering if there is a specific configuration to improve the roaming.
Currently have a 5508 in the lab and testing 4 AP's with it. Eventually there will be 18 AP's spread thru out different floor in our building.
So far access is working fine using WPA, 802.1x and the client configured to use windows logon credentials..But it doesn't seem to automatically transfer between access points.
I have 3 Cisco 1242 WAPs that I have deployed at a site that has NO RADIUS/AAA devices. I have given all of them a different channel (1,6,11), but the same SSID and crypto (WPA2-PSK). The issue is when a machine boots up it associates with the closest/strongest AP, but as the device "roams" it does not which to a different AP. It stays associated with the original AP until that signal is gone. Then it quickly associates with the closest AP with no problem.
How do I get the device to associate with the strongest WAP? I have research "fast roaming and WDS" but it seems like you need EAP/LEAP and they do NOT have that at all.
have configured Cisco IPPhone 7925G with EAP-TLS setting. (With manufacture installed and Userinstalled certificate). My issue is while roaming from 1 AccessPoint to another AccessPoint the call getting droped. I need to restart the IPPhone to reauthentiate again. In ACS am agging the authentication time-out error. (I had changed the time out value for EAP-TLS to 20 in WLC as per recommendation.)
If am using static web key there is no issue in roaming.
What is the reommended setting inorder for the EAP-TLS to work properly.
Is it possible to set up a roaming wireless network with wireless access points that are different brands from one another (i.e., D-Link, Cisco, Belkin, etc.)? If so, is there anything special that needs to be configured?
But my laptop often times changes access points as I move about in my office to try to optimize the signal strength, which causes the network to stop working and I had to do "ipconfig -renew" to continue using internet. Problem now is that the IT desk told me that the AP's are overloaded.
I am having some troubles with client roaming on a 5508 controller running firmware 7.3.101.0. As soon as a client roams outside the range of an AP they lose data flow and do not seem to transition to another AP for about 1 minute.This is a small network with 6 x AIRCAP3502E-N-K9 AP's (running in H-REAP mode) on the same floor and clients are a mix of HP notebooks, Mac Books, iMacs, iPads and iPhones. There are several seperate SSID's setup and the problem occurs on all. All are WPA2/AES with either a PSK or 802.1X. Both 2.4GHz and 5GHz radios are enabled with auto power and channel selection.
I have tried changing the roaming settings from default and also playing with the AP power settings to no avail.Is this normal behaviour or is there something I can do to improve the reconnection speed?
Under the section intra controller roaming, WLC 7.0 config guide states that " When the wireless client moves its association from one access point to another, the controller simply updates the client database with the newly associated access point. If necessary, new security context and associations are established as well" URL.Within the phrase "If necessary, new security context and associations are established as well" . What is meant by the new security context ? My understanding is that only an update to the MSCB (with the AP info) is the only requirement as the client is within the same controller and subnet.I just can't think why would the security info needs to be updated.
Actually we have a 4402 controller with 1120 APs both of which are marked as EoL products, we want to jump over the new 2600 APs and 5508 Controller for increase signal coverage but we have the following deals:Last firmware for 4402 controller is 7.0.Firmware needed for 5508 to support 2600 APs is 7.3.Is it possible to configure mobility between 4402 and 5508 even with different firmware branch?
I have two 5508, no anchor, only one SSID with internal web authentication using radius server.Under "Configuring Mobility Groups", Cisco guide says: "If a client roams in web authentication state, the client is considered as a new client on another controller instead of considering it as a mobile client".
I understand that if a client that has already autheticated via web roams between two LAPs that are associated with different WLCs, it has to reathenticate.
I'm looking to deploy a 2504 controller and some AP1142s but would like to provide the client with an alternative, lower initial-cost option in my proposal. I've been researching the AP541N access points but several areas of their implementation seem unclear to me.
Clustering: For the clustering feature is it necessary for the network to have other SBCS components (500 series platforms)? All of their other features are either unapplicable to or already implemented in the network in question; if I have to add another appliance I would rather go the LWAPP route and use a true WLC.
What are the cababilities of clustering? Can I implement some form of wireless resilience by spacing APs closer together than necessary and they will lower transmit dBm and intelligently respond to attempt to cover a new cell where an AP has gone down?
What about roaming? I believe Cisco advertises this as part of a small business voice solution. A client roaming between two access points in the same mobility group (cluster?) on a wireless voip phone should be able to keep connection, as it's analogus to some critical UDP communications that are going to take place on the clients.
I am running a WiFi network built on Cisco 1262 APs and Cisco WLC 5508. My APs broadcast two SSIDs, let call them "WiFi_Pay" and "WiFi_Free". I have a problem: when users migrate from "WiFi_Pay" to "WiFi_Free" (not moving, connecting to the same AP), the connection fails. If they try for second time, it is always successful. My task is to ensure that such migrations run smoothly and be successful from the first attempt.
my hardware set-up : 2x AP 1100 series, 2x AP1131AG (not connected to a Cisco Switch)...all with the latest Cisco iOS
What i want to do is connect these APs and broadcast the same SSID (e.g Aironet and NOT Aironet1,Aironet2..etc). Doing that, a user with a laptop can roam between these APs and won't have to re-enter the password of the SSID every time he changes AP. I would also like the encryption to be with a 128bit password key. From what i have read, i need a local authenticator to do what (Something called Local Radius Server).
I have three Autonomous AP´s in a small office running voice applications, all of them are connected to the same infrastructure switch and they have same configuration, voice Vlan is configure to open authentication. I have two models of AP 1252 and 1262 and I paste Radio configuration below.
First issue: During calls users are facing problems when roaming between AP´s, and eventually calls are dropped. Second issue: Sometimes one of these AP´s(1252) lose all transmit signal and when return I got authentication error on log.
I'm about to purchase 2 Aironet APs, either 1140 or 1160 Series for a small Business. I know too little about the AP installation. How to let both APs works in Roaming Mode so that users can move freely within the site without having to drop and connect from one AP to the other.
Since two months they work full time with the new Dutch Electronic Patient Dossier.We installed 3 Cisco 5508 controllers, version 7.0.230.0 last year on a HP-switched network on a layer 2 mobility domain.Cisco 1041 AP are
The personnel works woth thin clients url... The one with the double antenna.This client has a Broadcom BCM943228HM4L 802.11 a.b.g.n (2x2) adapter.
On the client they have a connected RDP session to a server with the documents.Now they are walking from one patient to another patient. The problem they experience is a very late roaming. At the beginning of the corridor, the client will associate, but is going to roam at the end of the corridor. We installed 4 AP's on each corridor, so they signal is very well, maybe to well?
I disabled client loadbalancing and band select.The lowest data rates are also disabled. Mandatory begins at 12 Mbps. I can increase this to 18 Mbps.These clients work with PSK, with both methods (WPA-TKIP and WPA2-AES) enabled.We did this because of many old and new clients.
The customer tried to find out the problem with a smartphone, same issue. Very late roaming.I can upgrade the WLC to 7.0.240.0. The only problem I have is the WCS. When upgrading to 7.2 and higher I need to have NCS.
We have standart wireless deployment with 24 APs (1240G model) and wireless controller 4402-25 placed on same site.Most of clients (WMS RF terminals ) works with one WLAN (WPA2-PSK) and constantly roam over warehouse , and that works great.
But for better survivability(when controller dies) we are trying to configure HREAP on our APs with local swicthed local auth WLAN. And that also work , but client roaming occur much more slowly and RDP connection to WMS APP server sometimes stuck for 2-5 sec.Disabling "local switching" checkbox for WLAN make roaming almost momental.
And slow roaming are price for controllerless HREAP design ? And for fast roaming and survivability we must use N+1 wlc?
recently we have deployed a Two APs in branch office warehouse and I have one wifi phone 7925 used over there. the problem is every time when phone roaming from one AP to another, 2 or 3 packets dropped, following is result of the 'debug client ':
--More or (q)uit current module or <ctrl-z> to abort*apfMsConnTask_7: Jun 27 09:52:25.496: 88:43:e1:4f:ab:39 Association received from mobile on AP a0:cf:5b:c3:a8:90*apfMsConnTask_7: Jun 27 09:52:25.497: 88:43:e1:4f:ab:39 10.107.38.121 RUN (20) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1621)*apfMsConnTask_7: Jun 27 09:52:25.497: 88:43:e1:4f:ab:39 Applying site-specific IPv6 override for station 88:43:e1:4f:ab:39 - vapId 14, site 'AKL-AP-GP', interface 'management'*apfMsConnTask_7: Jun 27 09:52:25.497: 88:43:e1:4f:ab:39 Applying IPv6 Interface Policy for station 88:43:e1:4f:ab:39 - vlan 38, interface id 0, interface 'management'*apfMsConnTask_7: Jun 27 09:52:25.497: 88:43:e1:4f:ab:39
The old configuration was a Linksys/Cisco WRT120N plugged into a NETGEAR ProSafe VPN Firewall FV336GV2. I will list the settings below, but the short of it is that the WiFi router was in charge of getting the wireless clients but the Firewall was the one that assigned IP addresses and all that. This setup worked out just fine except that the WiFi router was in the basement and clients could only connect to it while still in the basement. They wanted to be able to connect to the network wirelessly while on the third floor, but couldn't even see the basement router from there. We shipped out an identical router configured beforehand exactly the same way, save for its MAC address and local IP address (those having premonitions, during troubleshooting I try setting different radio channels as well). The client plugged an Ethernet cable from the wall to port #2, and a desktop to port #3.
The desktop has internet access. Wirelessly, however, had issues The client only had a single laptop to test with, an XP SP3 machine. Unfortunately I couldn't pull specs from it as of this post, so I don't know if it connected by G or N. This laptop, which worked fine in the basement, wouldn't connect upstairs (it would sit trying to get an IP address forever) until I had him "forget" the basement network. At this point, he was able to connect to the upstairs router and access the internet. However, he could then no longer use the access point in the basement. I tried the same troubleshooting steps, like having him delete the wireless profiles from his network card and rebooting the router, but he couldn't even see the basement router while down there anymore.
Occasionally, it would show up for a moment, then disappear before he could connect to it. To make sure it was the basement router that was briefly appearing, I renamed the upstairs router to something else; this confirmed that indeed it was the basement router that was doing the "now you see me, now you don't" act. I then tried setting the basement router to Channel 1 while leaving the upstairs one at Channel 6. Still nothing, even though the laptop was about 25 feet away from the basement router and I had him wipe the wireless profile again. Rebooting the computer didn't solve the issue either. After this, I named the upstairs router back to the same as the downstairs one and had him go upstairs to test; he could connect to it right away.
I figure this is either a configuration issue on the laptop or routers (or firewall). Unfortunately, there weren't any other wireless clients to test with, and I'm not sure there will be when I continue troubleshooting on Monday. By the way, I looked for a "bridge mode" option on the WRT120N and couldn't find one; I'm told that the firmware doesn't support it. I don't feel comfortable putting on alternative firmware unless it's literally the only thing that will solve this. The configurations for the networking equipment are listed below.
NETGEAR ProSafe Firewall: IP Address: 192.168.50.1 Subnet Mask: 255.255.255.0 DHCP Server: Enabled Starting IP address: 192.168.50.50
We have cisco wireless network throught the whole 8-floor building on Cisco WLC 4402 and Cisco LAP-1242 AP. There are no coverage holes, but sometimes clients are flapping between two access points at different floors with serious loss in throughput. Is there any method to limit roaming between different floors in the building?
I have studied many guides but I can't find out if there is a down-side to setting the timeout this high.Could it result in slow roaming or re-authentication if there is a connection error? The customer have large areas with high client density and some outdoor areas with low client density.
