12-03-2014 06:57 PM
Solved! Go to Solution.
12-03-2014 07:26 PM
- Make sure that all your clients already trust both server certificates
- Make sure that all access points in an area put users on the same VLAN(s)
- On the Aruba Controller in the SSID profile, turn on "Advertise QBSS Load IE". Cisco access points have this on, and devices will prefer the Cisco access point over the Aruba access points, if the Aruba access points are not broadcasting this element. http://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/wlan_ssid_profile.htm?
You will have your most issues when VOIP devices are roaming between Cisco and Aruba access points. Try your best to do an entire building at one time, if you can, to minimize that. If you can, have your both of your infrastructures point at the same radius server, so that roaming will result in a radius resumption vs a complete reauthentication.
If you have not done so already, I want to say hire a professional who can ask the tough questions and make sure that you are doing everything you can to make this a success. There is plenty to keep in mind, but we do not have access to that infomation here.
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
12-04-2014 08:57 PM
I don't know your environment but I would suggest you get both your aruba and cisco gear using same radius server. I would set-up a access point of each in your office and test it. We have both cisco and aruba infrastructure in same building. Since we are using same subnets our clients don't know the difference. I've replced APs in live environment if there are lots of wireless users around I have a temp AP on the cart I use. I just plug that in to a live connection wait for it to load. Then when I remove the old cisco ap app clients roam to the temp ap. the I mound new ap and once it loads I unplug the temp ap. and move to next access point. Best thing about wireless it's self healing. We normally have enough coverage to where most of the time I don't need the Temp AP.
I would reccomend getting same radius server set especially if you use machine and user authentication setting for windows domain devices.