Wireless Access

I manage the wireless networks in 6 private schools or varying sizes.  All campuses are separate with no mobility controller peering so they are all standalone wireless sites.

 

I have 5 sites with MSM765zl controllers and one with a MSM710 appliance.  They all have MSM460 APs with a three sites having  a mix but have more MSM422 than MSM460 APs.

 

Have recently upgrade to Firmware 5.7.0.3-11516 at three sites (two with a mix or APs and the other with only MSM460 APs) to try and resolve the wireless roaming issues that clients are experiencing but to no avail.

 

Setup:

Running all HP switches and routers.  Core is 5406zl and majority of edge switches 2610 and some 2810

1 x VSC using 802.1x RADIUS authentication over WPA2 Enterprise - have two RADIUS/DHCP servers.  Each RADIUS server caters for half of each VLAN scope in DHCP.  The RADIUS profiles have security groups assigned which determine which VLAN a from which a client machine receives their DHCP.

1 x VSC using WPA2 Personal authentication only for guest

1 x VLAN for staff/teachers

1 x VLAN for primary students

2 x VLANs for middle school students

2 x VLANs for senior school students

1 x VLAN for guest users

The controller's internet port and all the APs are on the same management VLAN 1 and IP's assigned via DHCP

Have configured VLANs under the VLANs settings of the controller

Have added the VLANs to the IP Interfaces settings and have them assigning IPs via external DHCP

Have configured Local Networks (with the respective VLANs for the different user groups) under the Configuration settings for Controlled APs and have defined the VLAN IP ranges in the List of home subnets

All APs are on the same VLAN, have the same VSC assigned, and all have the same home networks/profiles configured

WPA2 opportunistic key caching is enabled

Wireless security filters is disabled

Radios have been configured for Radio 1 802.11n/a with small distance between APs and using maximum power.  Radio 2 802.11n/b/g with channel width set to 20MHz (default) not Auto 20/40MHz with all other settings same as Radio 1

Think I have covered most of the settings.

 

The issue as it stands....

 

A client machine can authenticate, connect to the wifi network and receive their appropriate DHCP assigned IP for their respective RADIUS profile.  They don't have any issues and have excellent connection speeds to the internet, shared network resources, printers etc while connected to the initial AP.  The issue arises when the client moves away to a different section of the building or another building with AP points that provide a better stronger signal.  The client 95% of the time loses network connectivity - unable to ping any LAN devices whether it is the controller, DNS, core switch.

 

Observations:

1. Client machines (all Windows 7 Pro or Ent), displays their network connection as connected but the wifi tray icon shows a yellow exclamation mark indicating no network connection.

2. A ipconfig /all reveals the client machine has an APIPA (169.254.X.X)

3. To establish a network connection again the client needs to manually toggle the SSID to disconnect and connect, then it will receive the appropriate DHCP IP for their respective RADIUS profile - an typically the same IP lease they previously had from the previous connection via the other AP.

4. Further testing shows that if the client moves back to the first AP, the connection is not re-established again until a forced disconnect and connect is done.  Also if the client moved from the first AP to another AP but did not join by forcing a disconnect and connect then move back to the original AP, the client still did not re-establish a network connection.

5. A continuous ping test on the client machine reveals that when the client moves away from an AP where they enjoyed a network connection to another AP, the client machine remains "connected" but the network connection is lost and ping fails.  The client reverts to a 169.254.X.X IP.

 

It seems authentication succeeds as the wifi connection remains connected between APs however the client fails to retain it's DHCP address or fails to request or renew it's DHCP lease via another AP it has "connected" to.  While the continuous ping is still on, can visibly see when the client disconnects and connects the SSID the ping returns a reply because the client receives the correct DHCP IP.

 

Why doesn't the client maintain it's IP and roam between APs?  Or why can't the client automatically request or renew a DHCP lease when roaming between APs?

 

Have been tackling this issue for a while.  Very frustrating and time consuming.  Xirrus might be an option for the next round of upgrades if can't get this resolved.

 

Sorry it's long winded, however, the more background/info there is, the better chance of a resolution.

 

If any one has experienced similar issues and have a resolution, would be much appreciated.

#wireless

Hi Leighton Please check in vsc profiles authentication and access controller box.If you clear two box in vsc profile please click and re test

Thanks Cenk for your response.

 

Just to clarify what you are saying in your first response regarding the VSC profile.  Do you mean uncheck the second box (Access Control) only.  To enable RADIUS authentication via remote RADIUS server and Wireless Mobility, I need to have the first box (Authentication) checked.

 

I have attached a Word docx with a couple of screen captures of the VSC profile.  If I enable Wireless Mobility, all clients drop wifi connections and cannot reconnect.

 

Thanks

Leighton

Hi l see don't check access control box in vsc profile Access controller check box must have check your configuration And l see ap between short distance in radio configuration Plase make medium distance between access point and re test

Hi Cenk

 

Sorry haven't replied.  Have not had a chance to get to the site to test.  Will do that in the next week or so and post the results.

 

cheers

Mmmm Chocolate!! :)

Hey Guys,

We run a MSM765 Controller mounted in a 8212zl Chasis and have a mixture of MSM422s and MSM460s. We had similar issues to this several months ago when we swapped from our 5412zl chasis to our new 8212zl.

Our issue lay in the reconfiguration of the MSM765 and 8212zl chasis relating to the time server. Wondering if yours could be the same issue.

After having manually setting the time server on the MSM765, we resynchronised the APs and haven't had these issues since, not sure if this is exactly your issue.

What wireless standards are you using across the locations that are experiencing the issues? (802.11b/g/n?)

Hi Leighton,

Did you ever resolve this issue?

I have exactly the same situation using MSM760 controllers with MSM460 APs.

Thanks,

Craig.

Small distance between access point no for more power If you need more power you must select large distance between access point option If Your radius client is msm controller must have check authentication and access controller box If your radius your client access point not need check this box My advice your radius client must be msm controller for one point authentication

Thans again Cenk for your reply.

 

The wireless controll has been joined to the AD domain and forwards any RADIUS requests to two external RADIUS servers so we can't use the conroller as the RADIUS client.

 

I have attached a Word docx showing the settings for the E-MSM460 RADIOS.

 

 

Cheers

Leighton