Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1614
Views
4
Helpful
6
Replies

Roaming between 2 controllers

cuongphan
Level 1
Level 1

‎07-12-2023 06:48 PM

I have:
1 Wifi Controller: SSID Staff (Subnet 192.168.10.024)
1 Wifi Controller: SSID Product (Subnet 172.16.10/23)
All are centralized control at DNA Center.
And 802.1x authentication (ISE and Radius on window server).
Between the SSID Staff vs Product interference area, some users with the phenomenon will prioritize connecting to the most recently connected SSID, even though the signal of that SSID is very weak.
When the signal connection is so weak, the ISE will lock this user.
I have removed the auto-connect SSID mode so that when starting the laptop, the user will automatically select the SSID in the area where he is working and has a strong signal.

Is there any way to fix this error, because there are so many users, I can't tell them to turn off auto connect automatically.

Labels:
0 Helpful
6 Replies 6

Mark Elsen
Hall of Fame
Hall of Fame

‎07-13-2023 09:17 AM

 

 - Consider this advisoryhttps://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-6/b_Cisco_Wireless_LAN_Controller_Configuration_Best_Practices.html#concept_C1F0E5E69F294DA6851DDE5B783ECE42

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

cuongphan
Level 1
Level 1
In response to Mark Elsen

‎07-26-2023 08:10 PM

Thank you very much

0 Helpful

Flavio Miranda
VIP
VIP

‎07-13-2023 09:24 AM

Hi @cuongphan 

 If user can connect to both SSIDs I believe you can consider to have only one. Is there any reason for two SSIDs?

Why dont you put both SSIDs in all area?

 

cuongphan
Level 1
Level 1
In response to Flavio Miranda

‎07-26-2023 08:12 PM

- 2 SSIDs will apply 2 different policies so it is imperative to keep them.
- 2 SSIDs on both areas will lead to roaming between 2 WLCs and Radius, so ISE Block is frequent.

0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni

‎07-14-2023 01:44 AM

I am very interested in knowing how do you achieve "When the signal connection is so weak, the ISE will lock this user". 

Why do you have AP's registering to 2 different controllers in the same vicinity. As the first thing I would consider consolidating all the AP's in to one WLC if it allows. Then which SSID to connect automatically is often decided by the client, so unless you have a MDM solution like AnyConnect or Meraki I think it would be difficult to achieve this. 

Another way of doing this is if both the SSID's are authenticating against ISE, you can use ISE to blacklist the Staff devices from connecting to the Product SSID.

https://community.cisco.com/t5/network-access-control/blacklist-for-registered-corporate-mac-s-on-guest/m-p/3503958

 

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

cuongphan
Level 1
Level 1
In response to Arshad Safrulla

‎07-26-2023 08:15 PM

I am thinking of mobility group solution between 2 WLCs. Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card