Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

 
 
LinkBack Thread Tools Display Modes
Wizard
Join Date: Jun 2010
Posts: 583
#11 (permalink)  
Old 11-16-2011, 09:01 AM
Default

Ok, so the phones associate via WPA-EAP, correct?
Member
Join Date: Nov 2011
Posts: 31
#12 (permalink)  
Old 11-16-2011, 09:13 AM
Default

Yes. The phone also have an separate user for connecting to the radius.
__________________
Using: 2x ASG in HA, 6x AP10, 28x AP30, 20x AP50
Wizard
Join Date: Jun 2010
Posts: 583
#13 (permalink)  
Old 11-16-2011, 12:53 PM
Default

Thanks for the info so far.

A typical EAP authentication of a wireless client can easily take around 500ms (depending on the network setup, the RADIUS server load etc.). However, there are mechanisms to decrease the roaming delay introduced by EAP authentications.
  1. EAP Preauthentication
  2. OKC - Opportunistic Key Caching
  3. CCKM - Cisco Centralized Key Management

Browsing through some Cisco documents suggests that the Cisco 7920/7921 and 7925 seem to only support CCKM in order to reduce EAP-related roaming delays. Unfortunately, the CCKM protocols are proprietary and hence no specification is publicly available. This could explain the delay you're experiencing.

Could you please check your device configuration if you find anything regarding "EAP preauthentication" just to be sure?

And it would be also interesting to see if you can get shorter delays when using WPA-PSK as authentication method. Would you mind to try that as well?

Thanks,
Helmut
Member
Join Date: Nov 2011
Posts: 31
#14 (permalink)  
Old 11-18-2011, 04:48 AM
Default

I searched the phone options, but there is nothing to configure in this way.
So now I will make some checks with WPA-PSK config.

regards
__________________
Using: 2x ASG in HA, 6x AP10, 28x AP30, 20x AP50
Member
Join Date: Nov 2011
Posts: 31
#15 (permalink)  
Old 11-21-2011, 07:52 AM
Default

So now I tested with WPA-PSK and the result is that it is more bad than better. The phone needs between 2 and 6 seconds for roaming...
__________________
Using: 2x ASG in HA, 6x AP10, 28x AP30, 20x AP50
Wizard
Join Date: Jun 2010
Posts: 583
#16 (permalink)  
Old 11-21-2011, 07:59 AM
Default

Quote:
Originally Posted by Eberwein View Post
So now I tested with WPA-PSK and the result is that it is more bad than better. The phone needs between 2 and 6 seconds for roaming...
Hmm, that was unexpected. Was this also on a VLAN tagged SSID or on a separate zone?

Helmut
Member
Join Date: Nov 2011
Posts: 31
#17 (permalink)  
Old 11-21-2011, 09:13 AM
Default

It is an VLAN tagged SSID. For voice I only have this network.
__________________
Using: 2x ASG in HA, 6x AP10, 28x AP30, 20x AP50
Robert Tausend's Avatar
Wizard
Join Date: Mar 2002
Location: Germany
Posts: 754
#18 (permalink)  
Old 11-21-2011, 11:25 AM
Default

That is strange, i have (as i think) nearly the same setup, i have 5 AP30 and 5 AP50 running. Setup a WLAN for my Cisco 7921 phones on a seperate VLAN. Roaming from one to the other AP takes less than 1 second. Only roaming from 5,2ghz to 2,4ghz takes about 1 to 3 seconds (but have to re-test that for verification).

Robert
__________________
UTM v9, Unlimited IP, 5x AP50, 5x AP30, 1x AP10, 1x AP5, 1x RED10 v1, 1x RED10 v2
Running on an UTM220 / VMWare Server

VoIP - Asterisk and Cisco Phones, 7975 | 7985 | 7970 | 7960 | 7921
VLAN - Cisco SG 300-28P GBit PoE | NetGear GS716T | GS110T | GS108T

------------------------------------------------------------
Astaro Certified Engineer (ACE)
Astaro Authorized Reseller
info@mnt-IT.de http://www.mnt-IT.de
Testing and working with Astaro since 2002
------------------------------------------------------------

~~ der Letzte macht das Netz aus ~~
Member
Join Date: Nov 2011
Posts: 31
#19 (permalink)  
Old 11-21-2011, 11:48 AM
Default

I check it again and have nearly the same results as you. 2-4s for roaming between 2Ghz and 5Ghz, and 1s for roaming in the same band. But let me say 1s for roaming, is for voip a long time...
__________________
Using: 2x ASG in HA, 6x AP10, 28x AP30, 20x AP50
Robert Tausend's Avatar
Wizard
Join Date: Mar 2002
Location: Germany
Posts: 754
#20 (permalink)  
Old 11-21-2011, 12:32 PM
Default

the roaming time is less! then 1 second

Robert
__________________
UTM v9, Unlimited IP, 5x AP50, 5x AP30, 1x AP10, 1x AP5, 1x RED10 v1, 1x RED10 v2
Running on an UTM220 / VMWare Server

VoIP - Asterisk and Cisco Phones, 7975 | 7985 | 7970 | 7960 | 7921
VLAN - Cisco SG 300-28P GBit PoE | NetGear GS716T | GS110T | GS108T

------------------------------------------------------------
Astaro Certified Engineer (ACE)
Astaro Authorized Reseller
info@mnt-IT.de http://www.mnt-IT.de
Testing and working with Astaro since 2002
------------------------------------------------------------

~~ der Letzte macht das Netz aus ~~
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 09:27 AM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.