Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
0
Helpful
4
Replies

Fast secure roaming in a high school possible?

patoberli
VIP Alumni
VIP Alumni

‎07-13-2006 10:09 PM - edited ‎07-04-2021 12:37 PM

Hello all

I'm the wireless admin of a high school.

We have around 60 AP1230 b/g here and a WLSE. The APs are splitted into two IP subnet where in each is a WDS.

The network is open and isn't using any authorisation or encryption.

The authorisation is done via VPN, the students have to start their Cisco VPN client and are connected to a Concentrator 3000.

I recently read about fast secure roaming, which could be quite usefull. Currently the VPN connection terminates when a student walks around and roam to the next access point.

Could this fast secure roaming stopp them from loosing the VPN connection?

Would that work with every brand of wireless adapter and operating system?

What would I need to configure where to realise it?

Thanks,

Pato

Labels:
0 Helpful
4 Replies 4

jackyoung
Level 6
Level 6

‎07-16-2006 10:04 PM

I suggest you can read below link for the configuration of fast secure roaming & WDS. What I believe the fast secure roaming require the Cisco authentication method,e.g. LEAP or EAP-Fast.

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080341d2d.html

According to your case, the VPN connection is terminated when travel to other AP. Will the wireless connection terminated too ? If not, I beleive it is the VPN Concentrator issue and not related to the fast secure roaming. Please correct me if I am wrong.

0 Helpful

jackyoung
Level 6
Level 6
In response to jackyoung

‎07-17-2006 12:53 AM

One more issue that please check if the user roam from one AP to another AP. Is the IP Address still the new ? If not, the VPN connection may be broken. Just my two cents.

0 Helpful

6mraddie
Level 1
Level 1

‎07-22-2006 02:29 AM

For seamless fast secure roaming at layer 3 (i.e. maintain client ip address even as you roam amongst APs on different subnets), you need a WLSM as your WDS device in a cat6000 chassis with sup720 to do gre in hardware. This is the only way you can maintain ipsec vpn as you roam unless you use a large layer 2 network spanning the school campus (not ideal).

On the client (mobile node) side, you need to support peap with cisco extensions, specifically CCKM.

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to 6mraddie

‎07-22-2006 08:05 AM

All APs are in the same subnet and also the clients have their own subnet.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card