Jump to content

Troubleshooting WiFi Roaming Disconnects


Recommended Posts

iOS Roaming

Trigger threshold

The trigger threshold is the minimum signal level a client requires to maintain the current connection.  

iOS clients monitor and maintain the current BSSID’s connection until the RSSI crosses the -70 dBm threshold. Once crossed, iOS initiates a scan to find roam candidate BSSIDs for the current ESSID.

This information is important to consider when designing wireless cells and their expected signal overlap. For example, if 5 GHz cells are designed with a -67 dBm overlap:

  1. iOS uses -70 dBm as the trigger and will therefore remain connected to the current BSSID longer than you expect.
  2. Review how the cell overlap was measured. The antennas on a portable computer are much larger and more powerful than a smartphone or tablet, so iOS devices see different cell boundaries than expected. It is always best to measure using the target device.

Roam scan

A roam scan is when stations check the available channels in a given band (either 2.4 or 5 GHz) for access points (APs) that support the current ESSID.

The time it takes to scan depends on a variety of factors, but the best way to streamline this process is to enable 802.11k on your control plane since iOS leverages the first 6 entries in the neighbor report and reviews the candidates to prioritize its scanning. Without 802.11k iOS has to scan more methodically, potentially adding several seconds to the discovery process.

For example, if a user is on a call and walks to the other side of the building, the device crosses the -70 dBm threshold and looks for roam targets. Using the neighbor report provided by 802.11k, it knows there are APs supporting the current ESSID on channels 36, 44 and 11. It immediately scans those channels, finds the AP on channel 44 has the appropriate signal strength, and roams. However, without 802.11k the client must scan all of the various channels on each band to find a roam target, adding several seconds to the process.

Roam candidate selection criteria

iOS 8 and later selects target BSSIDs based on two criteria:

  1. Is the client transmitting or receiving a series of 802.11 data packets?
  2. The difference in signal strength against the current BSSID’s RSSI.

iOS 8 and later selects target BSSIDs whose reported RSSI is 8 dB or greater than the current BSSID’s RSSI if the client is transmitting or receiving data. Clients not sending or receiving data, for example sitting idle in a pocket, use a 12 dB differential.

For example, if the RSSI of the current connection drops to -75 dBm, and the user is engaged in a VoWLAN call, then iOS 8 searches for BSSIDs with an RSSI of -67 dBm or better.

If that same user isn't in a call, or transmitting or receiving a series of data packets, then iOS 8 only considers BSSIDs with an RSSI of -63 dBm or better.

802.11 Management and Control frames do not count as data.

Understanding the selection criteria of iOS allows administrators to reevaluate their current wireless design to make sure that it provides the expected and required performance to support real-time services like voice or video.

Roam performance

Roam performance indicates the time a client requires to successfully authenticate to a new BSSID.

Finding a valid roam candidate is only part of the process—the client has to actually complete the roam process quickly and unobtrusively so the user experiences no interruption in service. Roaming itself involves the client authenticating against the new BSSID and deauthenticating from the current BSSID. The security and authentication method dictates how quickly this can be achieved.

802.1X-based authentication requires the client to complete the entire EAP key exchange before it can deauthenticate from the current BSSID. This can take several seconds, depending on the environment’s authentication infrastructure, and translates into interrupted service to the end user in the form of dead air.

The best way to streamline this process is to utilize the fast roam capabilities of 802.11r if this is supported by your networking equipment. 802.11r allows clients to pre-authenticate against potential access points, reducing the authentication time from potential seconds to milliseconds.

Measuring Client RSSI using AirPort Utility

Apple’s AirPort Utility for iOS 1.3.4 includes a wireless scanning feature that provides a log of the client’s view of the network. Administrators can use this feature to validate the iOS client’s view of the network at a given location or walking a path as the scanner maintains a log of scan events for review.

Don't attempt to use AirPort Utility on the same device that you're running your application as that can produce inaccurate results. Apple recommends using a separate device (of the same model) dedicated to the scanning process.

The scanning feature is enabled in the AirPort preferences pane in the iOS Settings app.

 

Cached Roaming with WPA2-Enterprise.pdf

Link to post
Share on other sites

For system administrators, OS X roaming helps your Mac stay connected as it moves between different places within your office wireless network.

Trigger threshold

The trigger threshold is the minimum signal level a client requires to maintain the current connection.  

OS X clients monitor and maintain the current BSSID’s connection until the RSSI crosses the -75 dBm threshold. Once that threshold is crossed, OS X initiates a scan to find roam candidate BSSIDs for the current ESSID.

Consider this threshold in view of the signal overlap between your wireless cells. For example, if 5 GHz cells are designed with a -67 dBm overlap, but OS X maintains a connection until the -75 dBm threshhold, those clients will remain connected to the current BSSID longer than you expect.

Also consider how the cell overlap is measured. The antennas on computers vary from model to model, and they see different cell boundaries than expected. It's always best to measure using the target device.

Selection criteria for band, network, and roam candidates

OS X always defaults to the 5GHz band over the 2.4GHz band, as long as the RSSI for a 5GHz network is -68 dBm or better.

If multiple 5GHz SSIDs meet this level, OS X chooses a network based on these criteria:

  1. 802.11ac is always preferred over 802.11n or 802.11a
  2. 802.11n is always preferred over 802.11a
  3. 80 MHz channel width is always preferred over 40 MHz or 20 MHz
  4. 40 MHz channel width is always preferred over 20 MHz 

OS X does not support 802.11k. Although OS X does interoperate with SSIDs that have 802.11k enabled, OS X doesn't limit roam scans of the environment based on the neighbor report. A roam scan is when stations check the available channels in a given band (either 2.4 or 5 GHz) for access points (APs) that support the current ESSID.

OS X selects a target BSSID whose reported RSSI is 12 dB or greater than the current BSSID’s RSSI. This is true even if the OS X client is idle or transmitting/receiving data.

Roam performance

Roam performance describes how long a client needs to authenticate successfully to a new BSSID.

Finding a valid network and AP is only part of the process. The client must complete the roam process quickly and without interruption, so the user doesn't experience downtime. Roaming itself involves the client authenticating against the new BSSID and deauthenticating from the current BSSID. The security and authentication method determines how quickly this can be achieved. 

802.1X-based authentication requires the client to complete the entire EAP key exchange before it can deauthenticate from the current BSSID. This might take several seconds, depending on the environment’s authentication infrastructure, and translates into interrupted service to the end user in the form of dead air.

OS X supports static PMKID (Pairwise Master Key identifier) caching to help optimize roaming between BSSIDs in the same ESSID. OS X doesn't support Fast BSS Transition, also known as 802.11r. Deploying additional SSIDs to support OS X isn't necessary because OS X interoperates with 802.11r.

Measuring Client RSSI

OS X offers a few easy, built-in tools for scanning to measure RSSI.

To learn the RSSI for the currently associated network, hold the Option key while clicking the Wi-Fi yosemite-airport_scan_icon.png menu in the menu bar.

To learn the RSSI for networks in the client’s environment, use Wireless Diagnostics. To open Wireless Diagnostics, Option-click on the Wi-Fi  yosemite-airport_scan_icon.png menu, then selecting Open Wireless Diagnostic. When Wireless Diagnostic opens, choose Scan from the Window menu. Click the Scan Now button in the Scan window to find all nearby wireless networks and measure their RSSI.

In addition to this graphic tool, the command-line utility "airport" found in

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport

can be used to acquire the same data. The ‘-s’ flag scans the current environment for available networks and lists the RSSI, among other details.

Starting with OS X El Capitan, you can turn on Wi-Fi Monitor on the desktop to display signal strength and other environment details. Hold down Option and Shift-click on the Wi-Fi  yosemite-airport_scan_icon.png menu to reveal the Debug menu, then choose Show Wi-Fi Monitor.

 

 

Link to post
Share on other sites

Check out this link from Cisco

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-2/b_Enterprise_Best_Practices_for_Apple_Devices_on_Cisco_Wireless_LAN.pdf

Navigate to WLANs > Security tab of the WLAN and check both FT and non-FT authentication. Example 802.1X and FT 802.1X, or PSK and FT-PSK.

Non-802.11r clients which have the updated wireless LAN drivers for '802.11r-compatibility' can now join this 802.11r-mixed-mode WLAN. It is important to note that laptop clients with newer wireless LAN chipsets and updated chipset drivers with 11r-compatibility, both are equally important when trying to use the 11r mixed-mode SSID configuration. For example, Apple introduced the 11r-compatibility drivers for the MacBook Laptops with their Mavericks 10.9 OS, which allowed the MacBook to correctly identify and associate to a mixed mode SSID (e.g. FT-PSK + PSK). Any MacBook laptop running an older OS (even with the same chipset) might be able to see the 11r mixed mode SSID, but may fail to associate to it. 

 

Also I tried running the following command that was suggested on airheads

sudo defaults write /Library/Preferences/com.apple.airport.opproam disabled -bool true

 

Link to post
Share on other sites

You can change the system preferences for JoinMode and JoinModeFallback to be the following:

    JoinMode (String)
        Automatic
        Preferred
        Ranked
        Recent
        Strongest
    JoinModeFallback (String)
        Prompt
        JoinOpen
        KeepLooking
        DoNothing

Do this using the airport command: 

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport

Run the command to see the options, up the top you'll see a section on how to sec preferences.

$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport prefs
AirPort preferences for en0:

DisconnectOnLogout=NO
JoinMode=Strongest
JoinModeFallback=DoNothing
RememberRecentNetworks=YES
RequireAdminIBSS=NO
RequireAdminNetworkChange=NO
RequireAdminPowerToggle=NO
WoWEnabled=YES         

An example of updating the JoinMode from Automatic to Strongest

sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport prefs JoinMode=Strongest

Also a helpful feature is to turn on debugging

sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport debug +AllUserland +AllDriver +AllVendor +LogFile

This can all be found by just running airport with no options after

 

 

 

Link to post
Share on other sites

Announcements


×
×
  • Create New...