05-29-2020 10:57 AM
Hi.
I deploy the AP7532 in the warehouse. We are using totally 52 Access Point.
Sometimes the roaming is not working properly, specially when the operators with Zebra MC9190 terminal in telnet is moving from one AP to another when the AP’s are connected to different switches (Dell N2048P) the telnet is delayed for some 3-4 seconds.
I have no Idea what is going on. Could you help me?
!
! Configuration of AP7532 version 5.9.8.0-002R
!
!
version 2.7
!
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos smurf
no ip dos twinge
no ip dos invalid-protocol
no ip dos router-advt
no ip dos router-solicit
no ip dos option-route
no ip dos ascend
no ip dos chargen
no ip dos fraggle
no ip dos snork
no ip dos ftp-bounce
no ip dos tcp-intercept
no ip dos broadcast-multicast-icmp
no ip dos land
no ip dos tcp-xmas-scan
no ip dos tcp-null-scan
no ip dos winnuke
no ip dos tcp-fin-scan
no ip dos udp-short-hdr
no ip dos tcp-post-syn
no ip dos tcphdrfrag
no ip dos ip-ttl-zero
no ip dos ipspoof
no ip dos tcp-bad-sequence
no ip dos tcp-sequence-past-window
no ip-mac conflict
no ip-mac routing conflict
no ipv6 strict-ext-hdr-check
no ipv6 unknown-options
no ipv6 duplicate-options
no ipv6 option strict-hao-opt-check
no ipv6 option strict-padding
no ipv6 dos multicast-icmpv6
no ipv6 dos hop-limit-zero
no ipv6 dos tcp-intercept-mobility
no stateful-packet-inspection-l2
no ipv6-mac conflict
no ipv6-mac routing conflict
!
!
mint-policy global-default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
wlan Stampanti
ssid MAGAZZINO2
vlan 524
bridging-mode local
encryption-type tkip-ccmp
authentication-type none
no broadcast-ssid
no answer-broadcast-probes
wpa-wpa2 psk 0 xxxxxxxxx
wpa-wpa2 exclude-wpa2-tkip
wpa-wpa2 tkip-countermeasures hold-time 0
no service wpa-wpa2 group-replay
data-rates 2.4GHz custom basic-2 1 5.5 6 9 11 12 18 24 36 48 54
wireless-client count-per-radio 200
use ip-access-list out BROADCAST-MULTICAST-CONTROL
!
wlan "Terminali nuovi"
ssid MAGAZZINO
vlan 523
bridging-mode local
encryption-type ccmp
authentication-type none
fast-bss-transition
no fast-bss-transition over-ds
wpa-wpa2 psk 0 xxxxxxxx
wpa-wpa2 exclude-wpa2-tkip
wpa-wpa2 tkip-countermeasures hold-time 0
no service wpa-wpa2 group-replay
wireless-client count-per-radio 200
use ip-access-list out BROADCAST-MULTICAST-CONTROL
!
smart-rf-policy Noventa
group-by area
assignable-power 5GHz max 20
assignable-power 5GHz min 10
assignable-power 2.4GHz max 20
assignable-power 2.4GHz min 14
channel-list 5GHz 36,40,44,48
no select-shutdown
no coverage-hole-recovery
neighbor-recovery dynamic-sampling
!
!
management-policy default
no telnet
no http server
https server
rest-server
no ftp
ssh
user admin password 1 xxxxxxxxxx role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
idle-session-timeout 4320
!
profile ap7532 AP7532-Noventa
use enterprise-ui
ip default-gateway 10.10.22.254
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
data-rates custom basic-2 5.5 6 9 11 12 18 24 36 48 54
wlan "Terminali nuovi" bss 1 primary
wlan Stampanti bss 2 primary
antenna-gain 3.0
aggregation ampdu max-aggr-size tx 2000
probe-response rssi-threshold -70
no adaptivity recovery
interface radio2
shutdown
no dfs-rehome
no adaptivity recovery
interface ge1
switchport mode trunk
switchport trunk allowed vlan 522-524
switchport trunk native vlan 522
interface vlan522
description Management
ip address dhcp
interface pppoe1
use firewall-policy default
ntp server 10.10.10.100
rf-domain-manager capable
logging on
logging buffered debugging
logging forward debugging
service pm sys-restart
router ospf
adoption-mode controller
!
rf-domain default
timezone Europe/Rome
country-code it
use smart-rf-policy Noventa
control-vlan 522
!
ap7532 74-67-F7-A4-F6-18
use profile AP7532-Noventa
use rf-domain default
hostname AP41
area Gelo
interface radio1
shutdown
interface vlan522
ip address 10.10.22.41/24
interface vlan523
ip address 10.10.23.190/24
!
!
end
05-29-2020 08:40 PM
Hi,
Is it mainly when originating and destination APs are connected to different switches?
For roaming, APs talk to each other over user’s data VLAN with WNMP messages (L2 multicast frames) to exchange session information. I’m not sure, but I’d check how “far” on the wired side it is for such two APs to exchange WNMP frames?
You could also try to run:
remote-debug wireless rf-domain default clients A0-B0-C0-D0-E0-F0 events all (or maybe ‘events management wpa-wpa2’)
And see how events occur on the APs as the client decides to move and moves.
Is it possible to be a cell overlap (design, TxP) or roaming agressiveness (client settings) issue? Does it happen with only particular client devices among entire group of them of one kind? Does it happen only with particular APs-on-a-different-switch pair?
Hope that helps,
Tomasz