Header Only - DO NOT REMOVE - Extreme Networks

Roaming issue inter-wlan


Userlevel 2
HI

I have a customer with 700 aps on a campus, and when the customer move from one building to other and lose the conection with ap and when move to another build reconnect, and stop the traffic... Its necessary manually reconect.
The time between move from one site to another is 2,3 minutes and connection is lost. ANy idea??

The Inter-wlan is enabled..

11 replies

Userlevel 4
Can you post a few more details? Do you have the 700 aps split between 2 controllers? If so do you have session availability configured or mobility? Is the topology bridged at ap or bridged at controller? What kind of authentication must the client do?
Userlevel 2
Raffi wrote:

Can you post a few more details? Do you have the 700 aps split between 2 controllers? If so do you have session availability configured or mobility? Is the topology bridged at ap or bridged at controller? What kind of authentication must the client do?

We have 758 aps split between 2 controllers

Controller I - 384 aps
Controller II - 374 aps

We not have mobility configured

Topology Bridge at controller

Authentication mode: External Portal / Enable MAC-based authentication / RADIUS only the MAC box is checked

FW Version: 09.21.07.0004
Userlevel 4
Hi Luis,

are specific clients affected or almost all wireless clients.
If roaming between Aps which is connected on different Controller then to configure Mobility should get some improvement.

What FW Version on AP Types has this issue?
If Radius enabled try different key caching settings..like OKC or pre-auth
Regards

Umut
Userlevel 2
Umut Aydin wrote:

Hi Luis,

are specific clients affected or almost all wireless clients.
If roaming between Aps which is connected on different Controller then to configure Mobility should get some improvement.

What FW Version on AP Types has this issue?
If Radius enabled try different key caching settings..like OKC or pre-auth
Regards

Umut

Is almost of wireless clients, roaming when ap at the same controller occur the same problem.

I

t

I think on this possiblity... But not encountered nothing about it on help.
what "on inter-ap roam" and "on "inter-area roam" option
Userlevel 4
Are the wireless users dropped onto the same subnet when they go from building A to building B ? If you use the same subnet then it should work. Is the problem that when the client goes from building A to B, that they have to hit a portal page and enter their username / password again?

Probably don't need mobility enabled, could use availability instead, since you only have 2 controlers. Mobility is if you have more than 2 controllers, or if you are using routed topologies. In your case you have 2 controllers and you are using bridge at controller.

Are you using nac?

inter-area - you can draw the Area on the OneView map. When the client enters there it will send VSA back to NAC, so different Role can be applied.

Default setting is none by the way for mac-based authorization on roam. You would enalble for the visibility.
Userlevel 2
Raffi wrote:

Are the wireless users dropped onto the same subnet when they go from building A to building B ? If you use the same subnet then it should work. Is the problem that when the client goes from building A to B, that they have to hit a portal page and enter their username / password again?

Probably don't need mobility enabled, could use availability instead, since you only have 2 controlers. Mobility is if you have more than 2 controllers, or if you are using routed topologies. In your case you have 2 controllers and you are using bridge at controller.

Are you using nac?

inter-area - you can draw the Area on the OneView map. When the client enters there it will send VSA back to NAC, so different Role can be applied.

Default setting is none by the way for mac-based authorization on roam. You would enalble for the visibility.

When user in on building A(VLAN 10), going to building B(vlan20) the controller recognize the user but the user don´t traffic.. The subnet has different..... The portal not appear to customer again..

I have this solution on other customer and when authenticate on building A(vlan 10) and move to building B(vlan 20) the VLAN "follow" the user and keep authenticate on this vlan.
On this case, the customer when move from another building haven´t signal (the connection lost and reconect because the distance) and on another case have functional the customer always connect with any ap
Userlevel 4
can you use the same subnet in both buildings...so the user will be on vlan10 always? that is the simplest.
Userlevel 2
Raffi wrote:

can you use the same subnet in both buildings...so the user will be on vlan10 always? that is the simplest.

No.. I have the many users >12k, because the number of users I need configure vlans, but all the traffic is b@ewc. And the student walk in the campus... and on every build has a different vlan
Userlevel 4
Topology groups might help you in this situation.

https://gtacknowledge.extremenetworks.com/articles/How_To/IdentiFi-Wireless-How-to-Create-Topology-G...

You could create many bridge at controller topologies. Then make one group out of them. Your student vns could use the topology group as the topology. Then the users would be assigned to one of the topologies in the group based on the last 4 digits of their mac address. That way, a student would keep his ip address regardless of which building they were in.
Userlevel 4
Could you please check during the issue if the signal strength jump up and down? Look in the client report if the decrease from normal value to something to - 90dBm. if yes enable probe supression on the radio advance settings and test it.Regards Umut
Userlevel 2
Umut Aydin wrote:

Could you please check during the issue if the signal strength jump up and down? Look in the client report if the decrease from normal value to something to - 90dBm. if yes enable probe supression on the radio advance settings and test it.Regards Umut

Hi
The problem was resolved when on VNS-ROLES have configured acces-control with CONTAIN VLAN.. and the old rule was configured with ALLOW only. All tests sucessfull with this configuration

Reply