Wireless Access

Okay I have an issue where I'm in a room with two APs and a client which will switch APs and ask the user to authenticate again.  I'm on a Macbook Air 2012 model with 10.8.x on it.

I've seen this issue when I roam around from room to room with the notebook open it will ask me for my credentials again when I get to the new AP.   I simply cancel and then go choose the network again.

How can I get a client to stick to one of the 2 APs in the room instead of hopping between the two?

Is this what "client match" will help with?

ClientMatch will not necessarily help to resolve this issue. When the user moves from one AP to another, the user is forced to reauthenticate. The purpose of ClientMatch is to help solve the sticky client problem. Traditionally, user devices decided when to hand off to another AP based on factors such as signal strength. With ClientMatch, it allows the APs to decide when to hand off a device to another AP removing the sticky client effect.

I know this doesn't solve your problem, but it will at least save you the trouble of upgrading to early release code and still having the same problem.

I'm curious, how big is the room that 2 APs are located in? Is the room device dense? Typically positioning 2 APs in the same room causes interference and channel conflicts, although ARM will make adjustments, it still isn't considered best practice.

Thanks and good luck!

Hi,

Thank you very much for the response.  

The room is a Media Center in our High School so it has the potential to be dense for sure.  It isn't the biggest room.  I have two AP-105s in the room right now.  If I wanted to deal with the density issue should I upgrade to a better AP?  Maybe an 802.11ac AP?

What controller model are you using in your environment? Are the APs that the device is roaming from and to in the same AP group?

another thing to check Authentication->L2 Authentication->802.1x Authentication Profile->"The users dot1x profile". Is "reauthentication" checked?

Yes they are in the same AP group and no reauthentication is not checked.  Should it be?

No you don't want it checked. So does this only happen when moving from specific rooms or it happens throughout the whole network?

You may want to open up a case with Aruba TAC and have them do a web session with you.

Aruba TAC: 1-800-WiFi-LAN (1-800-943-4526)

So this isn't something that you thing should be happening?  oh and we are using a 3600 controller.

A user should only have to authenticate once. Something isn't carrying over from AP to AP when a device re-associates.

Did you ever think about using MAC authentication as well as 802.1x authentication? I'm not sure if that would fix the issue, but MAC authentication won't prompt a user, it will verify the MAC address is "known".

I would recommend contacting TAC, especially if this has become an inconvenience. They should be able to troubleshoot more efficiently.