Re: Doesn't anyone Know anything about roaming?

From: Sam Salhi [MSFT] (samers_at_online.microsoft.com)
Date: 10/13/04

• Next message: Sam Salhi [MSFT]: "Re: can't connect via ms-chapv2"
• Previous message: Sam Salhi [MSFT]: "Re: problem with CA"
• Messages sorted by: [ date ] [ thread ]

Date: Tue, 12 Oct 2004 20:43:28 -0700

Are you getting a slew of reason code 96 and 97 when you roam?
Roaming is supported in IAS and should work great. But some vendor
implementations are not 100% PEAP RFC compliant. this would cause issues
when Roaming

To test this theory, enable EAP-TLS (full auth happens no fast-reconnect)
and see if your laptops lose connectivity. If they don't then I suggest you
contact the AP vendor for an updated firmware

The next point would be to provide us with event log, trace logs, and a
netmon sniff to be able to tell for sure if this is the case

HTH

-- 
      =============================================
  This posting is provided "AS IS" with no warranties, and confers no 
rights.
      =============================================
"RogerC" <rojoch@NOSPAMtiscali.co.uk> wrote in message 
news:eXsBIKwiEHA.396@TK2MSFTNGP12.phx.gbl...
> Hi Bar,
> Thanks for your response.
> To clarify a few points....
> I did not say "2 APs per server" - I have 2 windows 2003 servers that are 
> DC's with IAS configured.  The 4 Access points are setup to use both of 
> them as their primary and secondary RADIUS servers.  The access points are 
> set with the same SSID but all different channels.
> The clients and servers use PEAP-MS-CHAP v2  authentication with 'fast 
> reconnect' enabled on the laptop and servers
> The building I am trying to cover is a long two storey office block with a 
> large central staircase.  I need an access point in each 'wing' to get 
> sufficient coverage.
> A laptop user will successfully authenticate against the nearest access 
> point but if he/she moves to another wing to say go for a meeting, even 
> though there is an access point in the meeting room area the laptop will 
> remain on the original access point even though the signal is too weak to 
> be useable.
>
> RogerC
>
> "BAR" <BAR@discussions.microsoft.com> wrote in message 
> news:E83086FC-8261-4EF5-93A7-3A1E0801F107@microsoft.com...
>> How large an area do you need to cover?
>> Roaming and random connections leaves you open to unauthorised access.
>> If you have all the access points set up the same then network adapters 
>> in
>> the Laptops will not properly differentiate between the APs: except for
>> signal strength, so you'd need to set channels differently for each one.
>>
>> Many issues in doing what you have suggested, and why 2 APs per server?
>>
>> My basic recommendations follow this:
>>
>> OK you have a PC connected to the internet at home or the office and you
>> want other PCs to share the internet access.  Hopefully you'll have Cable 
>> or
>> DSL internet access.
>> What should one do?
>> First, make sure everything you buy conforms to the dominant wireless
>> standard known as 802.11b, or Wi-Fi (short for wireless fidelity). That 
>> way
>> you can mix brands, operating systems, even network a Mac to a Windows PC 
>> and
>> everything should still work together.
>> There are two new, faster versions of Wi-Fi: 802.11a and 802.11g. "A" is 
>> for
>> business use; "g" is for the home. Both bump networking speeds up from 11
>> megabits per second to 54 mbps. But unless you're moving around big video
>> files or sharing other graphics-rich multimedia applications, "b" will be
>> more than sufficient. If you still want "g," wait until the standard has 
>> been
>> officially ratified this summer.
>> The heart of your network will be a wireless access point and the 
>> Internet
>> Access or preferably one device that does both called a router, acting as
>> Wireless Access Point and  cable or DSL modem and Network Switch. The
>> two-in-one units, available from Linksys, D-Link, Netgear and others, 
>> start
>> at about $100; with a few Ethernet ports and USB port too, so you can 
>> connect
>> to PCs using a standard Ethernet cable or USB cable.
>> To establish a wireless connection between a desktop PC and the wireless
>> router, you need a USB or Ethernet Cable.
>> To connect a notebook PC, you'll need a wireless PC card.  If new 
>> notebooks
>> have Wi-Fi capabilities built in. Notebooks with Intel's new Centrino 
>> chip,
>> for example, are Wi-Fi-enabled.
>> Note that 802.11g is backwards compatible with 802.11b - meaning a laptop
>> with a "g" card will talk to a "b" router, albeit at the slower speed - 
>> but
>> 802.11a is not. If your office installs an 802.11a network, get a 
>> dual-band
>> wireless PC card for your laptop so that it can connect both at home and 
>> at
>> work.
>> Make sure that the software that comes with your gear will walk you 
>> through
>> the installation. The steps will vary slightly, depending on each 
>> computer's
>> operating system. The older the OS, the trickier it can be; Windows XP is
>> designed to detect and configure a PC card to talk to an existing 
>> network.
>> Before you start, gather the following information:
>> . your broadband connection's IP address, e.g., 123.43.2.1
>> . subnet mask, e.g., 255.255.122.0
>> . default gateway e.g., 192.168.0.2
>> . DNS IP addresses e.g., 123.123.123.1
>> You can get these things from your Internet provider; your 
>> customer-service
>> rep will know what you're talking about (or you can find this using the
>> Properties tab, under Network Connections). Each is just a series of 
>> numbers
>> (e.g., 123.43.2.1) that you'll be prompted to plug in during setup. (If 
>> your
>> provider supports a protocol called DHCP, your router should retrieve 
>> these
>> settings automatically when you plug it in.)
>> You may also be asked to choose an SSID (service set identifier) I 
>> recommend
>> that you do not accept the default setting as anyone nearby with a 
>> wireless
>> device can also use your internet access.  Set your SSID to a meaningful 
>> name
>> use your Business Name.  For work-group name use 'Wireless'  and a 
>> wireless
>> channel select from 1 - 11, I recommend you use a higher channel as 
>> default
>> settings usually select the lower end.  Keep these consistent for all of 
>> your
>> machines.
>> Security
>> For additional security you can and should use Wired Equivalent Privacy
>> (WEP) algorithm: and set this at 64bit: you can then choose a combination 
>> of
>> 10 hexadecimal characters [0-9 + A-F], again for this may I recommend you
>> select your mobile phone number as it is 10 characters long and not known 
>> to
>> all your neighbours.
>> Additionally you can set the Access Point to only allow access to 
>> specific
>> units, where you would enter their MAC address, again a series of Hex
>> numbers, usually found on the Wireless Card plugged into the Laptops or 
>> other
>> desktop PCs.
>>
>>
>>
>>
>> "RogerC" wrote:
>>
>>> Hi,
>>> Although I have put several posts on this and other newsgroups about
>>> wireless roaming I have never had any replies.
>>> Is there any documentation anywhere about setting up a wireless network 
>>> with
>>> several access points to enable laptops to 'seamlessly roam' between 
>>> them?
>>>
>>> I am using 2 win2003 servers with IAS, 4 access points with 802.1x 
>>> enabled
>>> and win XP sp1 & sp2 clients. The clients authenticate correctly but 
>>> will
>>> not roam when moving to another area.
>>>
>>> Thanks,
>>> RogerC
>>>
>>>
>>>
>
> 

• Next message: Sam Salhi [MSFT]: "Re: can't connect via ms-chapv2"
• Previous message: Sam Salhi [MSFT]: "Re: problem with CA"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint