Roaming with Autonomous Access Points AP7522

  • 0
  • 1
  • Question
  • Updated 4 months ago
  • Answered
If we configure multiple autonomous access points with same SSID and Security settings, would roaming work between APs?
Photo of dot1x

dot1x

  • 322 Points 250 badge 2x thumb

Posted 4 months ago

  • 0
  • 1
Photo of Jian Dong Chong

Jian Dong Chong, Employee

  • 378 Points 250 badge 2x thumb
Hi Moin,

If APs are going to be in the same broadcast domain, then seamless roaming will don't have any problem.
But need to make sure there is sufficient coverage cell overlap, i.e. the worst client should hear an AP at least at -67dBm.

Regards,
JD
Photo of dot1x

dot1x

  • 322 Points 250 badge 2x thumb
Hi JD,

The APs are going to be in the same broadcast domain.
I believe worst client would hear at least -70dBm.
Photo of Jian Dong Chong

Jian Dong Chong, Employee

  • 378 Points 250 badge 2x thumb
Hi Moin,

You also can refer below best practice guide on page 43, there have few checklist to ensure seamless wireless client roaming and handoff.
https://documentation.extremenetworks.com/WiNG/Implementation_Guides/WING5X_Reference_Best_Practices...

Regards,
JD
Photo of Robert Zarzycki

Robert Zarzycki, Employee

  • 4,908 Points 4k badge 2x thumb
Seamless Roaming Checklist

For seamless wireless client roaming and handoff following items must be ensured:
  • Sufficient coverage cell overlap, i.e. the worst client should hear an AP at least at -67dBm.
  • Key Caching must be enabled on the WLAN for secure fast roaming. OKC and PMK caching is enabled by default. It is recommended to enable 802.11r (fast-bss-transition) when clients support it.
  • WNMP roaming notifications are responsible for updating wired infrastructure MAC address tables, as well as key cache exchange between the Access Points. It is important to ensure that:

For locally bridged WLANs:
DST MAC 01:A0:F8:F0:F0:04 (WNMP roam notification) is allowed on the wired switches for all user VLANs, at least on the switchports going out to the APs.

For tunneled VLANs:
DST MAC 01:A0:F8:F0:F0:04 (WNMP roam notification) is allowed on the wired switches for all user VLANs, on the switchports going out to the controllers.
In case with MiNT level 2 tunneling and controller-managed RF Domains in a campus deployment “mint inter-tunnel-bridging” should be enabled only on the controller side to allow passing WNMP roam notifications between multiple MiNT tunnels. It must not be enabled in NOC deployments.
In case with L2TPv3 tunnels from every AP back to the controllers, “l2tpv3 inter-tunnel-bridging” must be enabled on the controller side to allow passing of WNMP messages. It is not required when each remote site is tunneling via an RF Domain Manager.

  •  Wireless Firewall is enabled for client session migration to work. Additionally, for this feature to work Access Points must be able to discover each other over MiNT either at level 1 or level 2.
Photo of Ondrej Lepa

Ondrej Lepa, Employee

  • 5,638 Points 5k badge 2x thumb
Moin, 

be careful about what you call "seamless roaming"...

As Jian mentioned above, APs must be in the same broadcast domain in order to send / receive migration data.
However, we tested this only in adopted mode (valid MINT links among all APs in domain).
Without MINT links you may end up with broken VoIP sessions, no 802.11r etc.

In other words - we cannot guarantee seamless roaming using APs wihout a centralized management (including virtual controller)

Regards,
Ondrej
Photo of Daniel Mejia

Daniel Mejia, Employee

  • 1,056 Points 1k badge 2x thumb
Hi Moin,

As Ondrej pointed out, seamless roaming/handover by definition requires a controller oriented centralized deployment.

You can roam between APs in autonomous mode, but note there will be a break in the connection. The MU will have to re authenticate/associate to the next AP when the MU considers it should move to a BSSID with a stronger signal.
Photo of dot1x

dot1x

  • 322 Points 250 badge 2x thumb
That's what my understanding is.
Even if the SSID and security is same on all autonomous APs, they would have to re-authenticate.
End users are RF Guns, any idea if they would get disconnection while roaming between autonomous APs?
Also, does autonomous APs change the channel automatically?
Photo of Ondrej Lepa

Ondrej Lepa, Employee

  • 5,638 Points 5k badge 2x thumb
Moin,

this depends on security you are using. With an unprotected network it will be almost seamless form 802.11 wireless perspective, but switch forwarding data will have no idea where to send session traffic and it will eventually time out.

That is where centralized management takes place - it handles the forwarding based on roaming notifications. In shot - AP1 knows client is about to roam, broadcasts notification to other APs around and releases client's the MAC from its wired interface. New AP2, where client roams to, accepts the notification and sends out broadcast "I have this MAC now" so switches are able to seamlessly forward data. Anything buffered on AP1 is then forwarded to AP2 directly so you won't lose the session (firewall traversal)

I am not saying this is a disaster, but it will be highly inconvenient. In case you use RF Guns just to send barcode scans over i.e. HTTP (push) it will be fine. However, if you use telnet to send data, you'll see session timeouts + disconnections.

Regarding the channel selection - yes and no.

  • YES - they will change the channel automatically based on ACS (automatic channel selection) feature
  • NO - it wont be centrally driven and you will not achieve as good result as with Smart-RF
Regards,
Ondrej