Access Points

Reply
Occasional Contributor I

Roaming Issues with Instant AP

Yes, when I Telenet is does ask me for a user Name and then password... but it's all in plain text. Yikes!

I do use https for the basic configuration stuff, but since my IAP-105's are not handing off signals to each other I thought there may be some CLI-based configuration changes I could implement to make hand-off work.
Guru Elite

Re: Roaming Issues with Instant AP

When you say handing off signals, do you mean users roaming to one, and then the other? Did you configure the IAPs individually? You need to configure one and add the second one to that so that roaming is seamless...


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

IAP-105 roaming not working - possible resolution

Yes, roaming (aka WDS, wireless distribution system, to some). This is a bit long, but I believe I resolved the problem, and this describes what I found and what I did.

And yes, I had completely setup the first and thoroughly tested it with my RADIUS server before introducing any other units; It worked flawlessly.

On introducing the second, the virtual controller immediately pushed out the configuration. There was NO way of configuring or managing it separately, it was assimilated immediately. I observed this with the 3rd and 4th units I introduced.

There were two issues I believe contributed to the roaming issue, but because I was constantly rebooting I cannot be certain which one, or if both, contributed to resolving the hand-off issue.

After failing to authenticate to the RADIUS server from the second IAP, and after hand-off failed, I went into the CLI, compared 'show configuration' output and noticed their times were not sycn'd, despite the second correctly displaying the NTP server provided by the shared config. Simply rebooting did not resolve this; I reset the NTP server to a UNC and re-booted, without success, then re-set it back the the IP I'd originally used and rebooted. That worked in getting the units' times sync'd.
The authentication problem remained, which I have repeated with the 3rd and 4th IAPs when I brought them online; the second IAP would accept wireless clients, but authentication through the RADIUS* server would not work. After much experimenting I've found that until the 'new' IAP is allowed to "take it's turn" hosting the virtual controller, it will not authenticate to the RADIUS server.

As you can imagine, this is a HUGE pain, the more IAPs you add to your mesh, because you have to successively turn down existing units to ensure the new IAP is the only one left to host the VC. I have repeated this issue with IAPs 3 and 4 in my setup.

The gotcha is, signal hand-off (in roaming) doesn't 'always occur' seamlessly, sometimes you have to update or request a new page, i.e., you have to have your browser request information and then the hand-off takes place. This is easily observed by monitoring the signal strength in the network connection status (Windows 7).

One the plus side, the signals on these units is incredibly strong; I measured a decent wireless signal just around a corner and 120' away from the unit when I was first testing a single unit. I thought maybe this was contributing to the hand-off when I introduced the second unit.

I hope this info helps you folks iron out some of the deployment issues with this product.

Chris

*RADIUS server is Windows 2008 R2 Standard Network Policy Server, with Windows 2008 R2 Standard Certificate Authority using self-signed certificates.
Guru Elite

Re: Roaming Issues with Instant AP

Questions:

1. Is an IP address configured in the "Settings > Basic" dialog?
2. Is "dynamic radius proxy" enabled in the "Settings > Advanced" dialog?
3. Is the IP address configured in step #1 set as the NAS client IP on the RADIUS server?

We need all three for this to work properly.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Roaming Issues with Instant AP

Setting 1 & 3. Yup.
Could not find any documentation of info on the 'dynamic RADIUS Proxy' in the documentation, except a very brief statement about it also being known as OneRADIUS, which also has no documentation. Without any documentation or explanation, didn't bother with it.

What is it, what does it do and how does it work?
How will turning it on affect an already functioning implementation?
Guru Elite

Re: Roaming Issues with Instant AP

dynamic radius proxy allows all radius authentication to come from one ip address.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Roaming Issues with Instant AP

Meaning NPS requires only one client to be setup?

Does Dynamic RADIUS Proxy do anything for AP connectivity for the wireless client? I have an access point 10 feet from me over my desk, yet both my Mac and PCs connections continually flap between that one, and one over 90 feet away.

If not, any way of resolving this? Signal goes from 300Mbps or so on the nearby AP to 45 Mbps on the one far away.
Guru Elite

Re: Roaming Issues with Instant AP

The client device ultimately determines what access point they connect or roam to; not the access point. Clients can also negotiate their rates down based on interference or contention based on interference or other reasons on that band, independent of access point configuration.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Roaming Issues with Instant AP

Thanks for your help on this. I enabled Dynamic RADIUS Proxy and it didn't work; two of the four IAPs would no longer accept wireless clients, despite numerous attempts. I've reverted back to no Dynamic RADIUS Proxy, and I'm still having problems with my wireless clients (Windows 7 and Mac OS X 10.4.6) flapping between the AP 15' from me and the one 75 feet beyond that one.

Maybe these things just aren't ready fro prime time.

I spoke to tech support about this last week, they were following up on my original ticket of a month ago, and I have not head anything back.
Guru Elite

Re: Roaming Issues with Instant AP

When you enable dynamic radius proxy, do you see the radius requests in the security log in NPS? Did you already have all of the APs as radius clients in NPS? Do you see any dropped requests? Can you install wireshark on your Radius server and filter just the radius packets to see what is going back and forth?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: