Wireless Access

Reply
Occasional Contributor II
Posts: 19
Registered: ‎06-01-2015

Roaming in between Aruba and Cisco

We are in the process of converting from Cisco Wireless to Aruba wireless.  We put up our first building and noticed something unusal.  We are using the same ssid on both systems, Cisco and Aruba.  If a windows laptop moves between the Aruba system and the Cisco system, They get prompted for thier username and password.  This happens even if they have a profile with a stored username and password.  If they move from Cisco to Aruba, they do not get prompted (just re-connect).  If they start up in either system they do not get prompted (just re-connect). They only get prompted if they are already connected and move from Aruba to Cisco.

 

Any idea why the prompt is only forced in one direction?  It does not seem to happen on all devices but we have seen it on several windopws laptops.

Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: Roaming in between Aruba and Cisco

Are you using an external radius server? If so, is it the same one for both environments?


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 19
Registered: ‎06-01-2015

Re: Roaming in between Aruba and Cisco

Yes, we have external radius servers and the clients are doing PEAP/MSCHAPV2.  The servers are different for each system.  One is a juniper steel belted radius, the other is clearpass.   They both have the same radius cert, so the cert should not be the issue.   The odd part is it only happens one way.  So once system is doing something the client dislikes more than the other.

Guru Elite
Posts: 21,539
Registered: ‎03-29-2007

Re: Roaming in between Aruba and Cisco

Is there an error in the Authentication log of the system it is trying to roam to? That would narrow it down.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 19
Registered: ‎06-01-2015

Re: Roaming in between Aruba and Cisco

I don't think there will be an error.  Since the client is prompting for username/password it did not send the request yet.  Once you type in username/password the authentication is succesful, so no error. 

 

Or, do you think the request fails x number of times and therefore the client reprompts for username/password because of the failure?  That would be odd as once you type in username and password it passes first try.

 

I wonder if it is a roaming thing and not a radius thing.  Maybe the client tries to roam several times and fails, thus prompting for username and password.  Maybe the aruba side is more open to the roaming event and thus it is just a re-auth instead of a failure?

 

In that case I owuld have to look at the cisco controller logs.

Guru Elite
Posts: 21,539
Registered: ‎03-29-2007

Re: Roaming in between Aruba and Cisco

If a client has been on the Aruba system and supports opportunistic key caching it could be it is using a key from before to authenticate and that is why it succeeds without issue. I think the cache is 8 hours. If a client fails when roaming to Cisco, you might have to get logs of that client from the Cisco device to see what is going on.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Super Contributor I
Posts: 274
Registered: ‎04-04-2014

Re: Roaming in between Aruba and Cisco

Also you are proably best off disabling any DHCP enforcement until you are done with the transition; some clients will not do a DHCP transaction during certain flavors of roaming.

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: