Wireless Access

Hello guys,

Please I would need some help because I cannot understand the behavior I'm experiencing. I have a lab with two wireless controllers, 4 access points and one ClearPass server. In the WLAN controller I have two SSIDs, one of them uses EAP-TLS as auth method through CPPM and the other one MAC-Auth through CPPM.

I'm experiencing roaming issues in one of the SSIDs, but only in one of them, the other one works fine. Both SSIDs have the same RF config, are broadcasted form the same APs.... the only difference between them (I think....) is the authentication method. Could you provide me some help please, I'm lost.....

------------------------------
tech_sec
------------------------------

How is the redundancy of your controllers arranged? Are these clustered under a Mobility Conductor?

Also, what are the roaming issues that you experience? How does that look from the client, controller or clearpass perspective? What happens (or doesn't happen)?

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 24, 2022 08:40 PM
From: Abraham Lopez
Subject: Roaming issue eap-tls

Hello guys,

Please I would need some help because I cannot understand the behavior I'm experiencing. I have a lab with two wireless controllers, 4 access points and one ClearPass server. In the WLAN controller I have two SSIDs, one of them uses EAP-TLS as auth method through CPPM and the other one MAC-Auth through CPPM.

I'm experiencing roaming issues in one of the SSIDs, but only in one of them, the other one works fine. Both SSIDs have the same RF config, are broadcasted form the same APs.... the only difference between them (I think....) is the authentication method. Could you provide me some help please, I'm lost.....

------------------------------
tech_sec
------------------------------

Hi Herman,

They're under a mobility conductor. I've made the test having in service only one controller and the issue persists. 

The roaming process on the SSID with MAC-Auth is smoth, I cannot see nothing weird on the tablet and it remains connected. In the other SSID (EAP-TLS) I loose completely the signal on the tablet and it get disconnected from the network an it takes ages to connect again automatically.

------------------------------
tech_sec
------------------------------

Original Message:
Sent: Nov 25, 2022 05:48 AM
From: Herman Robers
Subject: Roaming issue eap-tls

How is the redundancy of your controllers arranged? Are these clustered under a Mobility Conductor?

Also, what are the roaming issues that you experience? How does that look from the client, controller or clearpass perspective? What happens (or doesn't happen)?

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 24, 2022 08:40 PM
From: Abraham Lopez
Subject: Roaming issue eap-tls

Hello guys,

Please I would need some help because I cannot understand the behavior I'm experiencing. I have a lab with two wireless controllers, 4 access points and one ClearPass server. In the WLAN controller I have two SSIDs, one of them uses EAP-TLS as auth method through CPPM and the other one MAC-Auth through CPPM.

I'm experiencing roaming issues in one of the SSIDs, but only in one of them, the other one works fine. Both SSIDs have the same RF config, are broadcasted form the same APs.... the only difference between them (I think....) is the authentication method. Could you provide me some help please, I'm lost.....

------------------------------
tech_sec
------------------------------

That is not as expected, especially not if you have a single controller in the cluster. Roam should be smooth if you have enough coverage (which probably is the case as PSK/Open works fine). Best would be to open a support case to get the logs analyzed.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 25, 2022 06:24 AM
From: Abraham Lopez
Subject: Roaming issue eap-tls

Hi Herman,

They're under a mobility conductor. I've made the test having in service only one controller and the issue persists.

The roaming process on the SSID with MAC-Auth is smoth, I cannot see nothing weird on the tablet and it remains connected. In the other SSID (EAP-TLS) I loose completely the signal on the tablet and it get disconnected from the network an it takes ages to connect again automatically.

------------------------------
tech_sec

Original Message:
Sent: Nov 25, 2022 05:48 AM
From: Herman Robers
Subject: Roaming issue eap-tls

How is the redundancy of your controllers arranged? Are these clustered under a Mobility Conductor?

Also, what are the roaming issues that you experience? How does that look from the client, controller or clearpass perspective? What happens (or doesn't happen)?

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 24, 2022 08:40 PM
From: Abraham Lopez
Subject: Roaming issue eap-tls

Hello guys,

Please I would need some help because I cannot understand the behavior I'm experiencing. I have a lab with two wireless controllers, 4 access points and one ClearPass server. In the WLAN controller I have two SSIDs, one of them uses EAP-TLS as auth method through CPPM and the other one MAC-Auth through CPPM.

I'm experiencing roaming issues in one of the SSIDs, but only in one of them, the other one works fine. Both SSIDs have the same RF config, are broadcasted form the same APs.... the only difference between them (I think....) is the authentication method. Could you provide me some help please, I'm lost.....

------------------------------
tech_sec
------------------------------