Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

802.1x on Wireless with OAC: roaming

Wraeth_
Occasional Contributor
‎07-18-2010 07:54:PM
‎07-18-2010 07:54:PM

802.1x on Wireless with OAC: roaming

Hi all,

I was wondering if anyone here has had much experience with using the Odyssey client in a wireless environment that uses 802.1x authentication. Particularly anyone using preemt and/or autoscan lists.

I have deployed a system using 5500 Cisco WLC with about thirty five 1142 LAPs that authenticate clients against an IC that returns VLAN assignements based on AD groups. I'm using pre-login authentication using OAC on Win7. Autoscan lists are being used too due to a multicampus setup.

All of this works really well (except for the fact that I can't get windows to try the domain when using the OAC credential provider :@) and the user ends up on the right VLAN with no addressing issues - sessions are effectively ended after heartbeat loss too!

What I want to know is if anyone has any tips to speed up roaming using OAC? With 802.1x it seems to take around 10 seconds which isn't an issue when sitting in the one spot but for a user who's moving around you can see that this would be quite a frustrating problem...

When I use my mac book with the OS X supplicant I usually only loose 2 or 3 pings during a roam. When I use a Win7 machine with OAC I loose 8-10 which just the one WLAN selected, and 8-15 with the preemt/autoscan list.

Anyone have any tips?

0 Kudos
2 REPLIES 2
CraigB_
Frequent Contributor
‎07-19-2010 12:23:PM
‎07-19-2010 12:23:PM

Re: 802.1x on Wireless with OAC: roaming

Define roaming. If you mean walking around the campus while connected, you have a few options.

The best is to use WPA2/AES as this will enable the 802.11i support in OAC. Your access points have to support this as well. 802.11i roaming only takes place between the client and the AP, the IC is not involved and thus is WAY faster.

If you cannot use WPA2/AES fore whatever reason, you can enable session resumption within the OAC client. When you roam to a new AP, it will prompt for a reconnect. With session resumption enabled, OAC will send a cookie to the IC and if the cookie is valid, the session will be resumed usually under a second.

Hope that helps

Craig

0 Kudos
Wraeth_
Occasional Contributor
‎07-19-2010 07:49:PM
‎07-19-2010 07:49:PM

Re: 802.1x on Wireless with OAC: roaming

Yep. That's what I meant!

The WLAN in question uses WPA2/AES only, with 802.1x auth key management. Session resumption is already enabled. I've got 1142 APs which support 802.11i...

Does the OAC have issues with non-broadcast SSIDs?

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.