Hi guys, please, does anybody here uses Macs with Meraki authentication? I'm not having a good experience with the authentication speeds (even worse when roaming between APs), maybe because of a big delay between my network and Meraki (about 200ms, 250ms)
Thanks in advance,
Solved! Go to Solution.
I've used it in the past or in lab environment without any trouble, we'll find a way to make it work 👊
Could you give us more precision about your situation
Do you experience latency only with Mac OS clients ? (Or does it concerns all clients over your network ?)
Is it an overall latency between your client and the WAN, or between your client and the AP ?
Are we talking about latency only during the authentication phase ? Or also once authenticated ?
As you're mentioning roaming, I believe we're talking about an overall experience of latency between your Mac & Meraki AP, isn't it ?
MacBooks tends to be quite sticky in their roaming experience...
Are you connected using 2.4GHz or 5GHz ?
Did you check your Channel utilizations ?
Do you have some metrics to share with us gathered from a client with trouble (RSSI, Channel selection, Channel width, Channel Utilization, SNR, ...)
I would suggest first to test :
- Raising the minimum bitrate of your SSID (the value should depend on your clients 802.11 oldest compatibility)
This would influence a bit the roaming decision from the client
- Disabling the client balancing (except if you have A LOT of active clients)
This functionality is sometimes misinterpreted by clients and behaviours could be affected
- If your channels seems to be jammed : Forcing your channel width to 20MHz
Furthermore, I'd look into setting up 802.11r & 802.11k standards, but not as a first pick here
Let us know
Thanks for replying Henry!
I use here at my home network...
Well, iOS and MacBooks, but I'm seeing more problems with MacBooks and yeah, I feel that they are complicated at roaming..
Only between client/network and WAN (since I'm in Brazil and the Radius log is showing latency between 200ms and 250ms to authenticate)
My network is 5GHz only, very low channel utilization and during my tests I'm walking very slowly between APs and the RSSI is basically ~75dBm for the AP that I'm leaving (and so the MacOS roaming process kicks off) and ~60dBm for the AP that I'm trying to roaming to.
But nevertheless, even with -40dBm, I see the authentication delay, with about two or three retries to get connected to the network
This is a dedicated SSID that test, so I'm using just 2 MacBooks and one iPhone...
I'm mostly concerned with this WAN latency between me and Meraki cloud that's not good enough, too laggy to perform well the authentications..
Didn't had time to setup a local radius as well to check local 802.1x behaviour..
Ok, makes definitely more sense to me now !
So the laggy part is really for the Meraki platform to process your authentication request ? Is that it ?
Could you please confirm the latency between your client and the AP by LAN pinging it from the client ?
So we could definitely exclude the RF environment from the troubleshooting approach
Could you confirm the Meraki node your network is using ? I suppose North America, and check the actual latency between your network and the Meraki node ?
If you see same delay as the one you're experiencing with your authentication process, I would definitely head this way
If for you this first authentication process delay is acceptable (200ms for a first authentication could be), then II would suggest to have a look at implementing 802.11r over your network to make sure that the authentication is only performed once, thus improving your roaming experience, once authenticated in the first place
Hey Nolan, thanks for joining the discussion... yeah, that's why I see a better/normal roaming performance with iOS and 802.11r.
But, although I have not tested going back to AP1 with my mac (just because the way the APs are installed here), the full EAP authentication is taking too long and failing repeatedly with the mac..
Henry, yeah I think so.
client to AP latency is ~3ms, client to Meraki is about ~190ms and here is the RADIUS log.
North America node.
802.11r enabled, even with caveat that the Mac does not do fast roaming as Nolan stated..
Will do, just to make sure.
Thanks for the support my friend.
Today I lowered a bit the transmit power of both APs to have a better understanding of the roaming behaviour and set the 802.11r to "Enabled" instead of just Adaptive...
Saw a better performance overall..