Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Roaming in between Aruba and Cisco

This thread has been viewed 1 times

  • 1.  Roaming in between Aruba and Cisco

    Posted Jul 11, 2015 05:22 PM

    We are in the process of converting from Cisco Wireless to Aruba wireless.  We put up our first building and noticed something unusal.  We are using the same ssid on both systems, Cisco and Aruba.  If a windows laptop moves between the Aruba system and the Cisco system, They get prompted for thier username and password.  This happens even if they have a profile with a stored username and password.  If they move from Cisco to Aruba, they do not get prompted (just re-connect).  If they start up in either system they do not get prompted (just re-connect). They only get prompted if they are already connected and move from Aruba to Cisco.

     

    Any idea why the prompt is only forced in one direction?  It does not seem to happen on all devices but we have seen it on several windopws laptops.



  • 2.  RE: Roaming in between Aruba and Cisco

    EMPLOYEE
    Posted Jul 11, 2015 05:31 PM
    Are you using an external radius server? If so, is it the same one for both environments?


    Thanks,
    Tim


  • 3.  RE: Roaming in between Aruba and Cisco

    Posted Jul 11, 2015 06:31 PM

    Yes, we have external radius servers and the clients are doing PEAP/MSCHAPV2.  The servers are different for each system.  One is a juniper steel belted radius, the other is clearpass.   They both have the same radius cert, so the cert should not be the issue.   The odd part is it only happens one way.  So once system is doing something the client dislikes more than the other.



  • 4.  RE: Roaming in between Aruba and Cisco

    EMPLOYEE
    Posted Jul 11, 2015 06:33 PM
    Is there an error in the Authentication log of the system it is trying to roam to? That would narrow it down.


  • 5.  RE: Roaming in between Aruba and Cisco

    Posted Jul 11, 2015 06:43 PM

    I don't think there will be an error.  Since the client is prompting for username/password it did not send the request yet.  Once you type in username/password the authentication is succesful, so no error. 

     

    Or, do you think the request fails x number of times and therefore the client reprompts for username/password because of the failure?  That would be odd as once you type in username and password it passes first try.

     

    I wonder if it is a roaming thing and not a radius thing.  Maybe the client tries to roam several times and fails, thus prompting for username and password.  Maybe the aruba side is more open to the roaming event and thus it is just a re-auth instead of a failure?

     

    In that case I owuld have to look at the cisco controller logs.



  • 6.  RE: Roaming in between Aruba and Cisco

    EMPLOYEE
    Posted Jul 11, 2015 06:48 PM
    If a client has been on the Aruba system and supports opportunistic key caching it could be it is using a key from before to authenticate and that is why it succeeds without issue. I think the cache is 8 hours. If a client fails when roaming to Cisco, you might have to get logs of that client from the Cisco device to see what is going on.


  • 7.  RE: Roaming in between Aruba and Cisco

    Posted Jul 13, 2015 08:53 PM

    Also you are proably best off disabling any DHCP enforcement until you are done with the transition; some clients will not do a DHCP transaction during certain flavors of roaming.