12-20-2019 07:28 AM - edited 07-05-2021 11:27 AM
Trying to gain a better understanding of the following scenario:
I have 3 APs configured/deployed, each one are within 55ish feet of each other, and fast roaming is enabled. When a user connects and walks from one end of the room to the other they drop roughly 3 pings due to reassociation/authentication to each AP. In our environment we use eap-fast to utilize eap-chaining for both comp cert auth and user CAC auth. Users have no issue authenticating and being authorized to the appropriate wlan based on how I have ISE configured. In the WLC I have fast transition for the wlan enabled and the association timeout is set to 20. Testing computers have intel dual band wireless AC 8265 that supports 802.11r.
WLC 5520
CiscoAIR-AP3802I-B-K9
Versions: 8.8.125
Please advise. Thanks in advance.
12-23-2019 07:05 PM
Are you doubting the dropped pings, after hearing that 802.11r should give <10ms roaming times? ;-)
Every time I see a Cisco customer who has roaming issues and 802.11r is enabled, we struggle, even with TAC support to figure this out. I have never seen this work. It's a dream.
I find that PSK works best for voice networks and this often resolves the issue. I don't know if this is a Cisco Wireless or a client issue.
12-24-2019 05:23 AM
Are you doubting the dropped pings, after hearing that 802.11r should give <10ms roaming times? ;-)
Yes :)
Thanks for the valuable info. I have a tac ticket open as well so if I get anything there I will update accordingly.
12-28-2019 03:18 AM
I have similar experiences as Arne, we only use 802.11r with Cisco's 8821 phones on a dedicated SSID. Other than that we stay away from it for the majority of our customers, with as exception adaptive ft on some BYOD networks. Do you need 802.11r for non-VoWLAN applications in the first place? (Maybe to battle key-caching mismatches between the infrastructure and end-points, e.g. Apple iPhones now that I think about it...)
Last but not least, have you tried doing the same test without 802.11r?
Please rate useful posts... :-)
12-28-2019 01:13 PM
@Freerk Terpstra I am impressed that you got it working with those 8821 handsets. After months of TAC we gave up and used PSK instead. We were told we had issues with “AP placement” or “AP density” and even “too high power levels”. Yet, with PSK it worked just fine. Go figure.
I think it helps to have all the APs be the same model. We had a mixture on the same floor.
12-30-2019 08:05 AM
12-30-2019 10:47 AM
Did you try any other methods besides 802.11r?
I have had some luck with CCKM and you should look into opportunistic key caching.
12-31-2019 09:02 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide