Hi
Being new to an Aruba focussed company I have been getting the same request from majority of all our Aruba clients and all mostly relate to Roaming and client handover between APs. With a bit of research ad testing I came up with the below guidelines/tutorial (PDF attached).
Improving client Handover and roaming between APs
There are a few standards and methodologies available to use to improve handover of clients between APs. Most are focussed on VOIP technologies, but it must always be remembered that we cannot control the client Handover (especially with legacy clients) we can only encourage them. Some Standards and methods work well for some environments and some do not - test the recommendations extensively before implementing in a live Production environment. It must also be noted that all settings take effect immediately once applied, however from a client perspective it might need to re-associate for the changes to take effect client side.
As with everything else in IT, if a perfect method/solution existed there would only be one - try them all and keep the best.
The Standards and Definitions
802.11k
IEEE 802.11k allows a device to quickly identify nearby APs that are available for roaming. When the signal strength of the current AP weakens and the device needs to roam to a new AP, it will already know the best candidate AP with which to connect to.
802.11r
IEEE 802.11r specifies fast Basic Service Set (BSS) transitions between access points by redefining the security key negotiation protocol, allowing both the negotiation and requests for wireless resources to occur in parallel.
When a device roams from one AP to another on the same network, 802.11r streamlines the authentication process. BSS allows a devices to associate with APs more quickly. Coupled with 802.11k's ability to quickly identify the target AP, BSS's faster association method may enhance application performance.
Handoff Assist
The AP monitors the RSSI for every associated client. If the RSSI for a specific client falls below "low-rssi-threshold" and continues to fall for the "rssi-falloff-wait-time", then the AP will send a de-auth to the client.
The de-auth is meant to kick the client away from the current AP and get it to re-authenticate to a nearby AP. This will have the effect of helping a client handover between 2 APs.
BUT (Big But), if the client gets de-authed and takes a while to re-authenticate (if it even does re-authenticate automatically after a de-auth), then this will have the effect of destroying communication instead of helping it -- mostly found with legacy clients.
Remove Lower Transmit Rates
Removing lower transmit rates is a way to promote better roaming, BUT not all clients respond well, or even respond to it.
The practice is that the basic rates are a subset of the transmit rates. If you only want to allow speeds 9 and up, you would select only the transmit rates of 9 and up, and the basic rates of 9 and 11. If a legacy client expects the rates of 1 and 2 it will not connect.
Local Probe Threshold
Local probe Threshold prevents a client from connecting to an AP with a too low a signal - helps more with initial connection than roaming.
The local probe threshold parameter is not supposed to force clients to roam as soon as they pass near an access point with a good signal, but rather to NOT hold on to an access point with a weak signal (avoiding sticky clients).
PMK Caching
Defined by 802.11i and is a technique available for authentication between a single AP and a station. If a station has authenticated to an AP, roams away from that AP, and comes back, it does not need to perform a full authentication exchange. Only the 802.11i 4-way handshake is performed to establish transient encryption keys.
Opportunistic Key Caching (OKC)
Is a similar technique to PMK, but not defined by 802.11i, for authentication between multiple APs in a network where those APs are under common administrative control. An Aruba deployment with multiple APs under the control of a single controller is one such example. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys
Implementation and Configuration
802.11k
802.11k is configured in your VAP profile. Tick the option to “Advertise 802.11k”. There after set the Handover Trigger Feature Settings.
Tick the “Enable Handover Trigger feature” and then set RSSI threshold by specifying the -dBm level at what the hand over trigger should be sent to the client
802.11r
802.11r is configured under SSID of your VAP profile. Tick the option to “Advertise 802.11r”
HandofF Assist
Station Handoff Assist is enabled in RF Optimization under the RF Management section of AP configuration.
Tick the “Station Handoff Assist” option to enable it, next set the Low RSSI Threshold – the threshold determines above what level no deauth gets sent
Lower Transmit Rates
Transmit rates can be adjusted in the Advanced tab of SSID under your VAP profile.
Remember that the basic rates are a subset of the transmit rates. If you only want to allow speeds 9 and up, you would select only the transmit rates of 9 and up, and the basic rates of 9 and 11
Local Probe threshold
Local Probe threshold can be adjusted in the advanced tab of SSID under your VAP profile.
Depending on the density of your APs consider values between 20 and 40 -- 40 being aggressive in an AP dense area.
Deny Broadcast Probes
Denying Broadcast Probes can cause problems with Roaming especially if the SSID is hidden – leave option disabled.
Kind Regards :)
-if you found the post useful give Kudos by clicking the star