cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1715
Views
0
Helpful
3
Replies

9800 Guest Roaming Issue

MrDude
Level 1
Level 1

Hi,

 

I'm hoping someone can help me out here as I've been looking at this issue for the past week. I'm setting up a 9800-40 with a mixture of 9120 and 2802 APs. On it there are multiple SSIDs (two using RADIUS), and one using WebAuth (centrally switched).

 

The Guest Network is centrally switched WebAuth with an externally hosted consent webpage. It works fine, but whenever a client roams to another AP their session is dropped and they have to re-authenticate. Client session timeout isn't an issue, and it has Fast Transition Adaptive Enabled with 'Over the DS' option checked. No Layer 2 Security or Load Balancing. The APs are FlexConnect but the Guest Network is Central. WLC code is 16.11.1c. I'm seeing this on a mixture of Apple and Android mobile devices. 

 

I also have a 5508 WLC in use, using the same Guest Network settings and same consent webpage. As far as I can tell the SSIDs are set up exactly the same, but this legacy WLC has zero issues.  

3 Replies 3

patoberli
VIP Alumni
VIP Alumni
I guess it's a software bug, I suggest you open a TAC.
If the roaming within the same WLC doesn't work, then I don't suspect a settings issue.

Hi, thank you for the advice. In the end I updated to 16.12.1s, it caused external WebAuth to fail completely due to ACL issues caused by the process no longer updating them automatically. In the end I copied the WebAuth contents and hosted them locally on the WLC and it has worked around the issue, with clients roaming correctly. That's one of the many 9800 issues dealt with for now. 

If you're using ISE for CWA, Cisco told me that the ACL used for ISE is reversed between AireOS and IOS-XE.

I have both AireOS and IOS-XE controllers deployed and this is the only way we could get our CWA working properly.

All the AireOS rules are permit rules, but on the IOS-XE version, we had to make them all deny statements.

 

Ven Taylor
Review Cisco Networking for a $25 gift card