Network Management Strategies for the CIO
What happens when you try implementing wireless 802.11g in a place with no open spaces (picture slim hallways to separate closed-in rooms, about 50 per floor)? You may have noticed -- or your clients may have complained about -- a disconnection and a reconnection when switching APs. So you've used a rule of thumb applying 1 AP per 3000 square feet and your clients still aren't able to roam seamlessly? Here's why and what you can do about it:
802.11 stations automatically try to associate with the "best" AP with a given SSID. "Best" can be based on many factors, including signal strength, error rate, and link speed. When a station associated with one AP decides that another AP might be better, it disassociates from the old AP and associates to the new AP. This roaming process of course takes time.
If your APs are in the same subnet with no security enabled, roaming may be barely noticeable. If your APs require WPA or WPA2-Personal, PreShared Key authentication will add many milliseconds of latency. If your APs require WPA or WPA2-Enterprise, the full-blown 802.1X authentication can add seconds of latency, which users perceive as broken connections. If your APs are in different subnets, every TCP and UDP session must be restarted: the user's worst case scenario.
Depending upon your network, you may have several options to speed roaming:
- If your APs are in different subnets, use a VLAN to group nearby APs into the same subnet. However, this may not scale to
Requires Free Membership to View
- meet your needs, or you may not want to disrupt your current VLAN and IP addressing.
- Alternatively, if your APs are in different subnets, connect them to a wireless gateway that offers subnet roaming (e.g., Bluesocket, Trapeze). These gateways let clients keep the same IP when roaming between subnets inside an enterprise WLAN.
- If you use WPA2, look for 802.11i key caching or pre-authentication options in your APs. Key caching makes it possible for the new AP to continue using the pairwise master key established with the old AP, typically through a wireless switch that manages both APs. This lets the client skip most of 802.1X when roaming between APs, reducing latency.
- 802.11i pre-authentication makes it possible for a client to authenticate with the new AP before dropping its association to the old AP. The client performs 802.1X authentication through its association to the old AP, establishing a new key that can then be used immediately once it re-tunes and associates to the new AP.
- If you use 802.1X, consider using an alternative EAP designed to reduce authentication processing and thus roaming latency (e.g., Cisco's EAP-FAST).
- Although it will not help you today, the IEEE is defining a new standard, 802.11r, to further speed the handoff process between APs within a private WLAN.
Read the Q&A that prompted this tip.
This was first published in November 2006
Join the conversationComment
Share
Comments
Results
Contribute to the conversation