EAP Controller Portal Authentication & Roaming Clients not Working

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

EAP Controller Portal Authentication & Roaming Clients not Working

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
EAP Controller Portal Authentication & Roaming Clients not Working
EAP Controller Portal Authentication & Roaming Clients not Working
2017-08-14 01:57:40
Model :

Hardware Version :

Firmware Version :

ISP :

Hi,

Test setup with EAP245 and controller using Hotspot authentication - all works fine on 2.4.7 (Windows) and 2.4.8 (Linux). However when an authorised client moves from one band to the other the authorisation does not follow so a second voucher has to be used. I expected the authorisation should be tied to SSID and client MAC. Any tips on where to look to get the authorisation applied to both 2.4G and 5G

Anyone had problems with multiple AP's and roaming with Hotspot?



Thanks
  0      
  0      
#1
Options
4 Reply
Re:EAP Controller Portal Authentication & Roaming Clients not Working
2017-08-16 15:29:14
Dual band APs typically include two wireless chipsets to allow a device to communicate with another wireless-enabled device.This two different wifi chipsets cannot work at the same time. They are two separate devices. EAP245 and the wifi client communicate according to the MAC address of the wifi devices and the two chipsets. So i think it absolutely normal for a dual-band AP.
  0  
  0  
#2
Options
Re:EAP Controller Portal Authentication & Roaming Clients not Working
2017-08-16 17:15:09
Agreed, but this is sold as a business solution so the controller should check the client MAC and see it's been authorized for the SSID and grant access. The other business WiFi systems handle this. I also have my doubts the EAP system can handle roaming either and if it done by radio MAC then of course it wont.

I see the new PowerPoint docs just added completely omit this weakness
  0  
  0  
#3
Options
Re:EAP Controller Portal Authentication & Roaming Clients not Working
2017-08-16 20:18:35

MikeB wrote

Agreed, but this is sold as a business solution so the controller should check the client MAC and see it's been authorized for the SSID and grant access. The other business WiFi systems handle this. I also have my doubts the EAP system can handle roaming either and if it done by radio MAC then of course it wont.


Of course, yes, since the EAP245 supports band steering, it should be able to handle roaming as well (clients re-connecting using the same ESSID on APs are standardized in 802.11). Yes, they actually use the BSSID of a WiFi adapter (the MAC address) to connect to it, but in search for the BSSID they use the ESSID (WiFi network name).

So if clients gets de-authenticated, it must be caused by the EAPC. According to http://www.tp-link.com/us/faq-928.html, the EAP transmits both, the ESSID and the BSSID to the EAPC auth service, so this could be indeed a major flaw in EAPC authentication scheme.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#4
Options
Re:EAP Controller Portal Authentication & Roaming Clients not Working
2017-08-16 22:10:21
Its a flaw as far as I can see but wanted to check incase I did a fat finger job!

Anyway I was onto support and they confirmed it doesn't work. They have confirmed same band roaming works so EAPC has the 802.11 re-authentication functionality but there is a bug in the ESS code module that's keeping the bands segregated.

I have requested a fix - looks like UBNT solution need for now:(
  0  
  0  
#5
Options