[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 346
  • Last Modified:

RADIUS Trouble Laptop Keeps Connecting to Weak Access Point

Hello all,

I'm trying out RADIUS at our company.  Currently we use WPA-PSK access points.  I have just setup 2 802.1X AP's, lets call them AP1 and AP2.  I've also setup Group Policy for Laptops to configure wireless settings for these 2 AP's only.  Everything seems ok, the test laptop wireless settings for the APs are applied and it connects using windows credentials.

Here's my question:  In Group Policy i set the order of perferred networks.  AP1 is the first AP it tries to connect to before AP2.  This works fine as long as the 2 networks are no where near each other.  The problem is when they are in the same building and in range of each other.  The laptop always tries to connect to AP1 even when the signal is weak. I can be in same room of AP2 which is downstairs and 4 rooms away from AP1, but the laptop still connects to AP 1 with a very weak signal.  I don't see where I can change this.  Is there a setting I can apply to change this?

Second Question:  I'm connected to AP1 and I want to connect to AP2 but windows wont let me.  Everytime I choose AP2 and "Connect" nothing happens.  Windows Wireless Connections will just rehighlight AP1 and say Connected.  If i choose AP1 and click "Disconnect" it gives me the prompt if I want to disconnect, I choose Yes, and it just goes back to highlighting AP1 and saying Connected.  The only way i seem to disconnect from AP1 is to choose and an AP that isn't setup for 802.1X.  I've set myself as a local admin of the laptop but this doesn't help. I want to have the ability to choose which AP to connect to depending on which has a better signal.  How can i do this?

I'm sure the problem has something to do with GP.  Before I setup GP for laptops, I manually  had to configure the setting for these AP's and I was able to jump from any AP we have on site without any problem.  With 60+ laptops I wanted to use GP so I don't have to go to each one and manually configure each AP connection setting.

Network info:  win2k3, 10 wireless AP.  2 are setup for 802.1x (WPA/TKIP) and 8 are WPA-PSK(TKIP). GP set to so windows controls wireless connections, EAP Type = PEAP.  Laptop running XP pro.

Any help is appreciated
0
ozzalot
Asked:
ozzalot
  • 4
  • 3
1 Solution
 
merowingerCommented:
First i would configure the networks (in your gpo ->general tab) so, that no network is connected automatically!
So u can choose which ap you want...which the better signalstrenght has!
0
 
merowingerCommented:
also in the peap settings...begin testing with the "Fast Reconnect" function...i think this is the reason,
why u still get connected to ap1 when disconencting!

Do u have WPA2 or WPA  (for WPA2 Windows XP needs a hotfix)
0
 
ozzalotAuthor Commented:
They are setup at WPA.

Concerning your first post, in gpo -> general tab, I don't see an option so that it doesn't connect to any network automatically. The option "Automatically connect to non-perferred networks" is unchecked if that's what you're meaning.

I had to put these AP's in the preferred network list so I can configure their settings i.e, PEAP, certificate, Authentication type.

I've also tried unchecking "Fast Reconnect" but it doesn't help. It won't let me disconnect and i can't switch from AP1 to AP2.

Here's a bit more info:  If i'm connected to a 802.11 AP I can't switch to another 802.11 AP.  I can choose to go to AP that is setup for a  PSK.  These APs are not in GPO.   If i'm connect to an AP with PSK, I can switch between other AP's that are also setup with PSK.  If i try to connect to a 802.11 AP, then I have the same problem, where I choose "Connect" and nothing happens, it highlights the current connected AP and says "Connected".  only way i can switch to a 802.11 AP is to disconnect, which for some reason it lets me disconnect from these, and it automatically will connect to top preferred 802.11 AP if it is in range regardless of signal strength.  I hope i explained that to where it makes sense.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
ozzalotAuthor Commented:
I guess i should add in GP there isn't really any other policy besides the wireless policy and disabling server  and computer browser services.
0
 
merowingerCommented:
i'm just searching (google)....with vista based group policies...this option is available.
The problem is...when they are prefered...it will connect always automatically....
0
 
merowingerCommented:
dont find anything..i'm overasked..wait for other experts response! :(
0
 
ozzalotAuthor Commented:
thanks for trying merowinger.

I've removed all AP's not defined by GPO and set "Networks to Access" to "Any available network", but I still come up with the same result. If AP1 is in range it will connect to it no matter how weak the signal is.  Which really doesn't matter too much to me.  What i don't like is that I can't switch over to AP2 when I'm sitting next to it and has a strong signal.

Anyone else know what could be wrong? perhaps there some other GPO setting that restricts me from changing from wireless networks?  I've read that that is not possible but it seems like that is what is happening.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now