I wanted to test out and analyse Fast Transition in my Cisco home lab but at the first attempt it did not work – the clients were doing full Dot1X authentication each roam. Everything on the SSID/WLAN looked correct, and the clients were connecting/roaming ok, so it wasn’t a certificate or security setting issue.
Thankfully it didn’t take long to figure it out, but I wanted to put this short post together so that hopefully it takes you even less time.
My Cisco home lab is using the free eval copy of the virtual controller running 8.5.140.0. Because it is using the free eval license the AP’s are restricted to FlexConnect mode only. That has not been a problem for any of my testing so far and its a great solution for a home lab.
Now you’re thinking, “Oh great, 11r mustn’t be allowed with FlexConnect, typical!”. But I’m pleased to report you’re wrong. From 8.2 of the controller code Cisco has supported 11r on FlexConnect AP’s, but the very last warning bullet point of this deployment guide does state:
” In a default FlexGroup scenario, fast roaming is not supported. “
If like me you have left your lab AP’s in the default FlexConnect group then this is going to stop the AP’s supporting 11r Fast Transition.
Now you’re thinking, “Oh man, now I’ve got to go and learn about FlexConnect and everything involved with setting up a new group”. Again I’m pleased to report you don’t.
All I did was create a new FlexConnect group with the default settings and moved my lab AP’s into that group. This automatically removes them from the default group, and the basic settings for a new group are the same as a the default group anyway, so nothing is going to change in your environment.
It was that easy to get it work.
I’ve been fighting with poor roaming in my lab for a couple years now. This was the solution. Thank you for taking the time to write this up!
Glad it helped Jeff! Thanks for taking the time to let me know.