Solved: Re: Improving roaming when using flexconnect and ISE

dan.letkeman · ‎02-13-2020

I am wondering if there is any way we can reduce the number of disconnects of clients when they are roaming over flexconnect ap's?

5520 Controller 8.5.140

2802 WAPs

Windows 10/Ipad's/Android Phones/Iphones

Flexconnect Local switching with Central Authentication using ISE 2.2

When clients roam there is often a disconnect and reconnect happening in ISE. Most of the time this is not an issue, however when using applications like voice this becomes an issue. I have also noticed that some clients don't seem to roam quickly enough and there is actually a delay when moving to a new AP.

Wlan is configured for 802.1x, most clients use PEAP/MSChapV2.

Let me know if you need more information.

Thanks,

Dan.

patoberli · ‎02-16-2020

Do you have MFP Client Protection active? If yes, it's optional and not enforced, right?

The client seems to roam every ~1-5 seconds, was it walking around?

Also try to disable 802.11k for the moment. It seems your client wants to roam again, before the previous roam is finished (if I'm reading the logs right). That might be an issue, depending on your wireless coverage design.

View solution in original post

patoberli · ‎02-13-2020

That could actually be a coverage issue. How much signal strength do you have at the typical roaming points in the building from the two nearest APs?
Do you have one or several WLC?

dan.letkeman · ‎02-13-2020

No it should not be a coverage issue as there is somewhere between -60 to -70 signal strength on the 5ghz band between AP's. Maybe in the odd areas there would be less, but the roaming issues happen everywhere. We only have one central controller cluster and a single flexconnect group in each building.

Scott Fella · ‎02-13-2020

FlexConnect Groups allow for roaming to happen as long as the user traffic stays on the same vlan. I don’t know how else you can improve the roaming as long as you have more than enough coverage. What you will need to look at is if the device roams properly when in a call. Does the device tend to stick to an ap and never roam until the device is dropped? That could be the device and how the manufacturer has defined the roaming parameters on the device/application. Some thing to try to understand. If you have a Windows 10 machine and you walk around doing a ping to the gateway, are you roaming properly or are you doing a full re-auth every roam?

-Scott
*** Please rate helpful posts ***

dan.letkeman · ‎02-13-2020

The clients are always on the same vlan. I think in some cases it is the client. However if I take a windows laptop around pinging the gateway it will not do a full reauth and only sometimes drop a ping. However a mobile device making a wifi call does drop at every ap. This goes for something like jabber or whatsapp, so you may be right that its just the app that doesn't work well with roaming. A 7925g phone will not drop when roaming.

Maybe its just as good as it gets....

Dan.

patoberli · ‎02-13-2020

Ok that all sounds good.

In that case please provide a " debug client clientmacaddress" on the WLC from an affected client while he is roaming.

dan.letkeman · ‎02-13-2020

Here is a log of a particularly bad client. Within close range of 4 WAPs, and it drops the connection for more than a few seconds when roaming. I would guess its a client issue.

patoberli · ‎02-16-2020

Do you have MFP Client Protection active? If yes, it's optional and not enforced, right?

The client seems to roam every ~1-5 seconds, was it walking around?

Also try to disable 802.11k for the moment. It seems your client wants to roam again, before the previous roam is finished (if I'm reading the logs right). That might be an issue, depending on your wireless coverage design.

dan.letkeman · ‎02-18-2020

Yes MFP is optional. I can try disabling 802.11k to see what happens.