cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1657
Views
0
Helpful
5
Replies

WLC 5508 migrating issue with clients connecting to old WAPs

egua5261
Level 1
Level 1

Hi There,

I'm working on migrating autonomous WAPs to lightweight mode in a WLC 5508. Some of the older WAPs are being decommissioned at the same time.

One issue I have found is that after replacing an old WAP in autonomous mode with a new WAP (3502); some clients near the coverage of this new LWAPP are now connecting to another WAP in autonomous mode that has not been converted or replaced yet; but that is located quite far away from where these clients are, actually two floors down. Users on these clients have reported wifi dropouts, which is obvious due to the distance where the old WAP is. A workaround that seems to work is removing the wifi profiles in the client machines and recreating them again, which is not a good solution for all of the wifi profiles we have in place. At this point of time we still need to have the older WAPs until they are all replaced.

I will appreciate if someone can share a solution for this. How can I get clients connecting to a LWAPP that is closer to their location? I'm wondering what causes those clients to look for an existing older WAP rather than connecting to the new LWAPP, which is brodcasting the same SSID closer to where they aree. Bear in mind that the new LWAPP is working fine and has live sessions working just fine.

Cheers,

egua5261

1 Accepted Solution

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

You should not set it to both. Pick one, either wpa tkip or wpa2 aes and see if the clients join.

When a client has options for wpa personal or wpa enterprise, it uses wpa tkip. When using wpa2 personal or wpa2 enterprise, clients use wpa2 aes.

There are many devices that will fail to join if you have it set to both when using a wlc. Please look at the client and figure out if they are using wpa or wpa2 and make the change. You will see client start to join.

Apple devices do not like the mixed tkip and aes!

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

5 Replies 5

Scott Fella
Hall of Fame
Hall of Fame

Well its nots a good idea to mix autonomous an lightweight access points.  Roaming for one will not work and clients that roam from one system to another, will drop.

So for the issue you are having, is the SSID configuration the same?  It seems like either the SSID was broadcasting on the old, but not on the new system and that can be an issue with the clients if the profile was created when the SSID was broadcasting.  Try to keep the SSID the same, well broadcast it. Also make sure the authentication is the same.  Many have fallen inot this black hole when setting up wpa or wpa2.  On the WLC, you should only either use wpa-tkip or wpa2-aes.  Don't mix or match this as it will not work well or not work at all.  Also look at the TX power level and make sure its not set at TX level of 5-8... that is useless in my opinion:)  Also make sure the data rates are the same from the old to the new.... Also in a mixed environment, if you have CleanAir enabled, it might be freaking out with all your other autonomous ap's around.

What you can do is post your old autonomous config and your show -run-config on the wlc and a debug client

-Scott
*** Please rate helpful posts ***

HI Scott,

Thanks for you reply. Yes the SSID configuration is  the same in the new LWAPP as it was in the old WAP and the same as the  currently active WAP in autonomous mode.I have made sure the SSID is  broadcasting in the new system. I can confirm it works as there are  clients connecting on the new system with the same SSID. The SSID uses  wpa2-policy, with wpa2 encryption set to TKIP and AES, authentication  key mgmt is set to 802.1x, and the appropriate RADIUS server is  configured. As mentioned, there are a number of session on this SSID,  which shows the configuration is working. Are you suggesting I should  configure the SSID with WPA encryption set to either TKIP or AES?

I have looked at the TX power control (TPC) levels for  both radios, 802.11a/n and 802.11b/g/n. They have both set the Power  Level Assignment method to 'Fixed = 1'.

Clean Air is not enabled.

I  understand that running a mixed environment is not appropriate however;  I'm only doing it so until i migrate the newer WAPs and replace the  older WAPs. Currently I have 10 WAPs in LWAPP and 4 in autonomous. The 4  in autonomous are still connecting clients including those that dont  seem to be able to connect on the new ones.

I'm now concerned that if I continue replacing the older ones, I will have users unable to connect at all?

egua5261

egua5261:

Some quetsions:

- What your clinets type?

- What is the supplicant that is used on the clinets to connect to the wireless network?

- How did you configure the wireless profile on the clinets? It automatically discovers the security type or you configured it manually?

Just want to add some points:

- Keep in mind what Scott is telling, you need to only enable WPA-TKIP or WPA2-AES. Enabling WPA2 with both AES and TKIP may cause problems with clinets that  don't understand this piece of configuration.

- Make sure that the configuration of the security is fully the same on both autonomous and lightweight APs.

- Even if the config is the same on both types there is a possibility that some fields in the wirelss frames are different (depending on the supported features on both systems). This may still cause some clients no to connect.

- To mitigate some of the client-side issues try upgrading clients wireless adapter's driver.

HTH

Amjad

You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".

Rating useful replies is more useful than saying "Thank you"

Scott Fella
Hall of Fame
Hall of Fame

You should not set it to both. Pick one, either wpa tkip or wpa2 aes and see if the clients join.

When a client has options for wpa personal or wpa enterprise, it uses wpa tkip. When using wpa2 personal or wpa2 enterprise, clients use wpa2 aes.

There are many devices that will fail to join if you have it set to both when using a wlc. Please look at the client and figure out if they are using wpa or wpa2 and make the change. You will see client start to join.

Apple devices do not like the mixed tkip and aes!

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Hi Scott,

Thanks for your response. Indeed the issue was the clients were configured with a SSID profile with WPA enterprise + TKPI. Changed the profile to WPA2 Enterprise + AES and clients are connecting fine.

Cheers,

Esteban

Review Cisco Networking for a $25 gift card