Meraki

Community

Catalyst 9410 and Cisco Meraki Roaming

tduff4785
Conversationalist
‎Nov 9 2023 10:08 AM
‎Nov 9 2023 10:08 AM

Catalyst 9410 and Cisco Meraki Roaming

We are running Cisco Meraki APs that are connected to a Catalyst 9410 switch and are experiencing and issue with roaming. We put in the 9410 switch last week replacing a 4510. We did not have this issue when the same Meraki APs were connected to the 4510 and the 9410 has the same port config that the 4510. The Meraki dashboard is just showing Bad Roams or Suboptimal Roams, no other information is given.   Curious if anyone else has come across this issue or something similar in the past, if so what was the solution if there was one.  

0 Kudos
7 Replies 7
alemabrahao
Kind of a big deal
‎Nov 9 2023 10:15 AM
‎Nov 9 2023 10:15 AM

Can you provide more information? What type of authentication? Apart from the port configurations, are the other configurations of the 4500 and 9400 the same?
 
Do you have any topology to share with us?
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 9 2023 12:02 PM
‎Nov 9 2023 12:02 PM

Can you show a sample configuration of a port that connects to an AP?

 

This often means the APs can not communicate with each other using their LAN ports.  Is the management interface of all the APs in the same VLAN?

0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Nov 11 2023 9:22 AM
‎Nov 11 2023 9:22 AM

Bad roams or suboptimal roams usually has to do with the client choosing the wrong AP to roam to.

In the roaming analytics you should see the RSSI of the previous AP and the next AP.  If the next AP has the same or lower RSSI than the old one the roam is suboptimal or bad.  If that is the case your issue is wireless design, not wired network.  The roaming analytics feature is quite new so you may not have had these messages before.

tduff4785
Conversationalist
‎Dec 5 2023 5:42 AM
‎Dec 5 2023 5:42 AM

We found the issue, it was related to the config on the new 9400 switch and using 802.1x authentication. We had to add auth mac-move permit to the config. This was something that was enabled by default on the 4500s but not on 9400s.

0 Kudos
In response to tduff4785
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Dec 6 2023 10:56 AM
‎Dec 6 2023 10:56 AM

Oh really?  So you had your client going back to the original AP just to regain it's connectivity?

0 Kudos
In response to GIdenJoe
tduff4785
Conversationalist
‎Dec 6 2023 11:05 AM
‎Dec 6 2023 11:05 AM

If we went back to the original AP it would connect right away, if not it would take 3 minutes to join the new AP. Our port authentication timer inactivity config is set to 3 minutes. 

In response to tduff4785
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Dec 6 2023 11:08 AM
‎Dec 6 2023 11:08 AM

That makes perfect sense now 😉

0 Kudos
li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.