VLAN assignment fails for mobile devices "waking up"

2

All Replies

  • RichardHan
    RichardHan Posts: 29  Freshman Member
    First Anniversary Friend Collector First Answer First Comment

    @Talkabout

    Thanks for your instant reply and captured information for us.

    I'll open a ticket and keep tracking with you.

    Best Regards,

  • Talkabout
    Talkabout Posts: 34  Freshman Member
    Friend Collector First Comment

    Hi @RichardHan ,

    in the ticket it might be important to mention that the last step (roaming from ap2 to ap1) does NOT execute the RADIUS authentication again. In my opinion this is the reason why the VLAN assignment does not work.

    Who is taking care of checking/fixing the issue now? Is it still you working on it? If so, can you keep me updated on the current status in this thread?

    Thanks!

    Bye

  • RichardHan
    RichardHan Posts: 29  Freshman Member
    First Anniversary Friend Collector First Answer First Comment

    @Talkabout

    I've mentioned the full "issuing" roaming process in the E-mail, where you're also looped.

    This issue will be handled by other specialist, we'll keep contacting through the mail.

    However, if there is any update about this issue, I'll also update the progress here.

    Richard

  • Talkabout
    Talkabout Posts: 34  Freshman Member
    Friend Collector First Comment

    Thanks @RichardHan !

  • Talkabout
    Talkabout Posts: 34  Freshman Member
    Friend Collector First Comment

    Hi @RichardHan ,

    I might have some important Information. Yesterday I have disabled the „Reauthentication interval“ in my security configuration and now I am not able to reproduce the issue any more. The reason why I disabled it was one of our MAC Clients (MacOS) where the reauthentication did not work (authentication Server is not responding – error). Maybe both the issues are related.

    Hope that helps in resolving the Problem!

    Bye

    P.S. I have tried to send the text as email response but it was blocked by your issue tracking system.

  • RichardHan
    RichardHan Posts: 29  Freshman Member
    First Anniversary Friend Collector First Answer First Comment
    edited December 2019

    @Talkabout

    Is that mean, after you set the reauth time to "0", internal wireless clients can get correct VLAN ip address, even in roaming?

    If so, please help me checking if there is RADIUS negotiation when station roams to AP1? or still there is no negotiate when station roams to AP1, but this time station gets correct IP address in VLAN1 ?

  • Talkabout
    Talkabout Posts: 34  Freshman Member
    Friend Collector First Comment

    Hi @RichardHan ,

    I am not able to reply to your mail as it gets blocked by your issue tracking system. So I am answering here:


    please let’s not close the ticket too fast. I would like to test a few days if the issue won’t occur any more, because I had the case already that for 2-3 days there was no wrong behavior and then suddenly it ocurred again.


    I have tested again as you requested and now, when roaming forth and back, there are 3 RADIUS requests. So it seems that reauthentication Setting changes the behavior. Still today I have one device (iPhone 5) that received a wrong ip range. I Need to observe that for some more time.


    It would be great if you could continue analyzing the Problem as there is surely something going wrong…


    Thanks!

    Bye

  • RichardHan
    RichardHan Posts: 29  Freshman Member
    First Anniversary Friend Collector First Answer First Comment

    I just had a detail discussion with @Talkabout , sharing the result below:

    1. This issue can be local reproduced in my site
    2. The reason is, when "reauth time" (On security settings GUI) is set with value, AP will cache clients key-information. Therefore, when station roams back to original AP, since user's key information is existing in AP local cache, there is no need to negotiate with RADIUS server. We use this feature to shorten the roaming time(skip the 802.1X process).
    3. In talkabout's scenario, Dynamic VLAN is implemented, where RADIUS server assign different VLAN information to clients through the RADIUS-authentication packets. However, when the station roams back to original AP, it directly associate with the AP without negotiation with RADIUS server(since key information has been cached by AP) , therefore RADIUS server can't assign Dynamic VLAN to wireless client.
    4. Currently the solution is, set re-auth time to 0, where AP won't cache station's key information, so station has to reauthentication with RADIUS server when roams back to original AP, and get correct VLAN IP address.
    5. As for following-up, we'll propose a fix/feature request for this issue, trying to fit the user scenario where both re-auth time and roaming is included. The firmware or related information will be updated here when ready!
  • Talkabout
    Talkabout Posts: 34  Freshman Member
    Friend Collector First Comment

    Hi @RichardHan ,


    unfortunately, today the issue ocurred again with an iPhone. My wife was having an Internet call going on while she was moving from one room to the other. Suddenly Connection dropped and it took some time until it was back again. This is often the indication that the DHCP Server is delivering an IP in a different subnet. Shortly after that I checked the device list on my DHCP Server and the iPhone had the guest IP. I don’t know what else I can check now… Any ideas?


    Thanks!

    Bye

  • RichardHan
    RichardHan Posts: 29  Freshman Member
    First Anniversary Friend Collector First Answer First Comment

    I'll have a PM discussion with @Talkabout and share the result here.

    Richard