Roaming between Cisco and Aruba APs

Manish Mathur · ‎10-30-2017

Hi Guys ,

This is not an issue in my network but a general question.

Is it possible to achieve seamless roaming between an Aruba and Cisco AP ? Given the conditions that I have the same WLAN name configured and same VLAN mapped to the WLAN . I read on a forum that it is possible provided that :

1. The authentication server (in the case of Dot1x) is the same for both the infrastructure (Aruba and Cisco)

2. Enable Aironet IE on the Cisco WLAN.

But I would like to have your views on this. I have some doubts regarding this kind of a setup.

Thanks,

Manish

Leo Laohoo · ‎10-30-2017

OPEN authentication, yes.
PSK, yes (possibly).
Authentication, I don't think so because the APs/Controllers need to learn about the clients when they go from Cisco to Aruba (vice versa).

Manish Mathur · ‎10-31-2017

Thanks Leo.

So , for open authentication - Yes. But I guess ,along with that , it needs to be made sure that the DHCP server for both the infrastructures (Cisco and Aruba) is the same or in sync. Correct ? Because , if the client moves from Cisco to Aruba with the same IP and Aruba infra has already leased out that IP to another client , the client will have to Re-DHCP , which will hamper the seamless roaming.

For WPA/WPA2-PSK : My understanding is :"not possible". Reason: How will the two different WLCs share the PMK among themselves to avoid the re-authentication of the client. If someone can attest that by adding Cisco and Aruba WLCs to the same mobility group/domain , the PMKs will be shared among them , we can say that roaming would also work.

Thanks,

Manish

Leo Laohoo · ‎10-31-2017

@Manish Mathur wrote:

if the client moves from Cisco to Aruba with the same IP and Aruba infra has already leased out that IP to another client , the client will have to Re-DHCP , which will hamper the seamless roaming.

Eh? Two separate DHCP servers for wireless clients? That's nuts.

Manish Mathur · ‎10-31-2017

Aaaahh .. my bad.. Still in the hangover.. ;)

Ok. so open auth scenario is clear. Roaming will work.

Thanks,

Manish

Manish Mathur · ‎10-31-2017

Here is one more doubt regarding the open auth scenario:

When the client roams from Cisco AP to the Aruba AP , it will send a reassociation request. In turn the AP will respond with a association response. Now, I assume that this association response will have a new AID (association ID) for the client since , the Aruba infrastructure can not get the AID for this client from the Cisco infra. So will this new AID allocation tear down the existing client sessions and hamper seamless roaming ?

Thanks,

Manish

Glenn Martin · ‎11-01-2017

According to Aruba, there are some considerations that need to be made on the Aruba device in order to get this to work properly.

http://community.arubanetworks.com/t5/Wireless-Access/roaming-between-cisco-and-Aruba-same-SSIDs-different-Auth/td-p/219767

Glenn

Manish Mathur · ‎11-02-2017

Thanks Glenn . I went through that discussion but was not convinced that it will work as they stated. There are backend technical challenges which would not let the client roam between two different infrastructures.

That's the whole purpose behind placing this question on Cisco forum.

Thanks,

Manish

Glenn Martin · ‎11-03-2017

Okay.. We'd have to understand the other challenges in order to further diagnos. You can surely contact the Technical Services team for that.

Thanks

Glenn

Manish Mathur · ‎11-15-2017

Do u mean opening up a case with Cisco TAC ? I am not sure if TAC would support such multi vendor compatibility queries as TAC is a break-fix organization.

I guess if I have a way to reach out to the WNBU directly , they can probably provide a certain answer.

Thanks,

Manish