Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

roaming between cisco and Aruba same SSIDs different Auth sources

This thread has been viewed 2 times

  • 1.  roaming between cisco and Aruba same SSIDs different Auth sources

    Posted Dec 03, 2014 09:57 PM
    Gang, Im planning to replace a Cisco wireless infrastructure with Aruba. Im using an Aruba mobility controller and Clearpass. The coverage are is large, maintenance windows are tight, and we will need to stagger the rollout. This will result in periods of time when the Aruba APs will live amongst the Cisco AP and both are broadcasting the same SSIDs (hidden SSIDs) 2 separate auth sources ACS and CPPM. Im trying to visualize what the roaming experience will be like for the users (handhelds and IP phones) when they roam in/out of the cisco and Aruba APs. Im assuming there will be a short drop, then re-auth. Subnets I’m sure come into play. So 2 questions: Can someone comment on what the user experience will be like in that environment? 2nd: what are my options to make the roaming process work or at least less problematic?


  • 2.  RE: roaming between cisco and Aruba same SSIDs different Auth sources
    Best Answer

    EMPLOYEE
    Posted Dec 03, 2014 10:26 PM

    rockbird,

     

    - Make sure that all your clients already trust both server certificates

    - Make sure that all access points in an area put users on the same VLAN(s)

    - On the Aruba Controller in the SSID profile, turn on "Advertise QBSS Load IE".  Cisco access points have this on, and devices will prefer the Cisco access point over the Aruba access points, if the Aruba access points are not broadcasting this element.  http://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/wlan_ssid_profile.htm?

     

    You will have your most issues when VOIP devices are roaming between Cisco and Aruba access points.  Try your best to do an entire building at one time, if you can, to minimize that.  If you can, have your both of your infrastructures point at the same radius server, so that roaming will result in a radius resumption vs a complete reauthentication.

     

    If you have not done so already, I want to say hire a professional who can ask the tough questions and make sure that you are doing everything you can to make this a success.  There is plenty to keep in mind, but we do not have access to that infomation here.

     

     



  • 3.  RE: roaming between cisco and Aruba same SSIDs different Auth sources
    Best Answer

    Posted Dec 04, 2014 11:58 PM
    Rockbird,

    I don't know your environment but I would suggest you get both your aruba and cisco gear using same radius server. I would set-up a access point of each in your office and test it. We have both cisco and aruba infrastructure in same building. Since we are using same subnets our clients don't know the difference. I've replced APs in live environment if there are lots of wireless users around I have a temp AP on the cart I use. I just plug that in to a live connection wait for it to load. Then when I remove the old cisco ap app clients roam to the temp ap. the I mound new ap and once it loads I unplug the temp ap. and move to next access point. Best thing about wireless it's self healing. We normally have enough coverage to where most of the time I don't need the Temp AP.

    I would reccomend getting same radius server set especially if you use machine and user authentication setting for windows domain devices.