Hello wireless experts,
I have been tasked with extending the range of our RADIUS secured internal WLAN network.
I use Intellinet 300N access points
, capable of four SSIDs combined with radius.
Simplified we have this setup:
Internal LAN, vlan1
Guest LAN, vlan100
Radius Backend: Windows Server 2008r2 with NPS role, Users from Active Directory.
Right now, I am using several 300N with the same SSID to span the DMZ (WPA2-PSK) and GUEST (WPA2-PSK) networks. Only one AP is used also for the INTERNAL Lan (WPA2-Enterprise), altogether hosting three SSIDs.
First of all, this setup is working and roaming between WPA2-PSK works as expected.
My thought was to put the third (RADIUS) SSID on the other AP's as well. I used a device and passphrase template in NPS for the devices and tested them all individually (working well).
The problem: Roaming is not stable. The client stays connected as long as the login AP stays in reach. Then it roams over and has no connection; roaming back to the original AP.
This continues until the connection is lost completely.
Also, it happens that some clients identify the wrong AUTH type for the network, say you want to connect to GUEST and are prompted to enter user / password combination (logs confirm the client sees a WPA2 Enterprise).
I hope it is just a misconfiguration or wrong assumption on my part. Or the AP's crap (working well without RADIUS)?
Thanks for the insight!