?
Solved

Wireless Networking: Roaming between RADIUS secured base stations

Posted on 2014-02-11
2
Medium Priority
?
475 Views
Last Modified: 2014-03-17
Hello wireless experts,

I have been tasked with extending the range of our RADIUS secured internal WLAN network.
I use Intellinet 300N access points, capable of four SSIDs combined with radius.

Simplified we have this setup:
Internal LAN, vlan1
Guest LAN, vlan100
DMZ, vlan101

Radius Backend: Windows Server 2008r2 with NPS role, Users from Active Directory.

Right now, I am using several 300N with the same SSID to span the DMZ (WPA2-PSK) and GUEST (WPA2-PSK) networks. Only one AP is used also for the INTERNAL Lan (WPA2-Enterprise), altogether hosting three SSIDs.

First of all, this setup is working and roaming between WPA2-PSK works as expected.

My thought was to put the third (RADIUS) SSID on the other AP's as well. I used a device and passphrase template in NPS for the devices and tested them all individually (working well).

The problem: Roaming is not stable. The client stays connected as long as the login AP stays in reach. Then it roams over and has no connection; roaming back to the original AP.
This continues until the connection is lost completely.

Also, it happens that some clients identify the wrong AUTH type for the network, say you want to connect to GUEST and are prompted to enter user / password combination (logs confirm the client sees a WPA2 Enterprise).

I hope it is just a misconfiguration or wrong assumption on my part. Or the AP's crap (working well without RADIUS)?

Thanks for the insight!
Helge
0
Comment
Question by:Daniel Helgenberger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39859025
It sounds like misconfiguration to be perfectly honest (if I understand the OP correctly).  The fact that the other SSIDs are working says the APs and RADIUS are fundamentally ok.
0
 
LVL 7

Accepted Solution

by:
bill30 earned 1500 total points
ID: 39868149
There is a possible issue with roaming and authenticating before a timeout.  Radius authentication has more hoops to jump through than WPA-PSK authentiation.  At the bottom of the following article, it shows authentication rates based off of reduced connectivity conditions.  With Cisco you could do a debug showing you where you are running into trouble.  Looking at the manual didnt show much for Radius Authentication troubleshooting.

http://www.codealias.info/technotes/performance_of_eap_and_radius_authentication_in_roaming_scenarios

Also check to see if you are on the latest firmware on the AP's as that may help you with the roaming, but it looks like the last firmware update was 2011 on v1.05.  There is a possibility that these AP's will not handle roaming and Radius server authentication.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question