ISE re authentication is required while roam to another AP

Aden
New here

ISE re authentication is required while roam to another AP

I am facing one issue. I have AP1 & AP2. WHen i registered with AP1 authenticate with ISE guest portal and move around to AP2 successfully roam and can use internet but as soon as get back to AP1 and re associate with it my internet is gone and need to authenticate with ISE portal manually. It shouldn't required the re auth ideally.

 

Please suggest is there any setting is missing. Both APs are in same subnet.

4 REPLIES 4
RupertDot11
Meraki Employee
Meraki Employee

Sounds to me like Data-Carrier-Detect might be enabled? If the client disconnects before roaming to other APs, it’s not technically seamless-roaming. 

 

Besides that, I’m sure you’ve already checked the primary details:

https://community.cisco.com/t5/security-documents/how-to-integrate-meraki-networks-with-ise/ta-p/361... 

- are Both APs are on the same network and tags (ie same SSID)

- splash authentication depends on whether splash is hosted on Meraki cloud or on ISE; if Meraki cloud, use “Sign on” with My Radius.

if using ISE with MAB authentication, then splash must be configured as ISE (vs my RADIUS)

 

 

Roaming is happening and SSID is the same Meraki WLC (Cloud based). When I move to AP2 and come back on AP1 i remain connected as both APs are near and no coverage whole but some how i have to reauthenticate with ISE in order to connect to internet. ideally i should not require to re auth unless i am out of covrage area or turn off and on  my wifi.

Sorry to hear it’s not working. 
What are you seeing on ISE logs? 
Those are usually very useful in cases like these. 

Also, is it possible that the client device is using randomized MAC addresses?

https://community.cisco.com/t5/security-documents/random-mac-address-how-to-deal-with-it-using-ise/t... 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels