OSX Roaming, etc

  • 2
  • Question
  • Updated 2 years ago
Do these recommendations still hold true for OSX clients? https://forums.ruckuswireless.com/ruckuswireless/topics/best_practice_optimization_by_cli_for_zone_d...

We're having frequent roaming and disconnect issues with Apple products, so far Ruckus support hasn't been very helpful or insightful. I've recently tested ofdm-only, but it doesn't seem to be a silver bullet.

I've got R710s almost at min tx power due to the density of our deployment and limitations of the building's design (i.e. one main floor with Mezzanine levels above some areas...cinderblock walls, concrete floors, etc.)
Photo of JasonD

JasonD

  • 43 Posts
  • 3 Reply Likes
  • concerned

Posted 2 years ago

  • 2
Photo of JasonD

JasonD

  • 43 Posts
  • 3 Reply Likes
Should I enable smart-roam instead of dealing with ofdm-only and bss-minrate?

https://support.ruckuswireless.com/answers/000002277
Photo of David Henderson

David Henderson

  • 92 Posts
  • 13 Reply Likes
This summer we are installing a brand new Ruckus network with 400 R710 and two virtual controllers. We have a lot of Apple devices and am interested in seeing the outcome of this. Roaming and disconnect issue have me worried. We also have a lot of Win7 machines and Chromebooks, and iOS devices. Are you seeing roaming and disconnect issues with these devices as well?
Photo of JasonD

JasonD

  • 43 Posts
  • 3 Reply Likes
We have a few W8.1 + W10 clients, no chromebooks. I've seen some roaming from the W8.1 clients, but not as much the OSX/iOS devices.
Photo of David Henderson

David Henderson

  • 92 Posts
  • 13 Reply Likes
You mention support has so far not been of much help. Have you had a case open for awhile? Are you on the latest version of code?
Photo of JasonD

JasonD

  • 43 Posts
  • 3 Reply Likes
We're on 9.12.2.0 build 101 (I believe this is the latest). It's been open/closed/reopened for close to a month now.

Ruckus, I'd really love some sort of best practice guide for OSX clients.
(Edited)
Photo of Robert Lowe

Robert Lowe

  • 172 Posts
  • 35 Reply Likes
Ok, look at this from a different angle; roaming is a client orientated function so maybe you need to look at the WLAN properties so see if they are 'optimized' for Apple devices. Apple devices are very specific about how they work but on the plus side its normally well documented. take a read of this and I would suggest making use of 802.11r

https://support.apple.com/en-us/HT206207
https://support.apple.com/en-gb/HT203068
Photo of JasonD

JasonD

  • 43 Posts
  • 3 Reply Likes
Thanks, Robert. I should have found those Apple docs by now :). Those should help and I just switched on 802.11r.
Photo of David Henderson

David Henderson

  • 92 Posts
  • 13 Reply Likes
Jason,

Let us know how it goes, I am very interested in hearing

Dave
Photo of JasonD

JasonD

  • 43 Posts
  • 3 Reply Likes
Also, just to note from the document above OSX does not support 802.11r, but interoperates with it. iOS does support it. I'm mostly concerned with OSX clients.
Photo of Robert Lowe

Robert Lowe

  • 172 Posts
  • 35 Reply Likes
Also note that 802.11r has been known on occasion to cause issues with older 802.11 devices so do keep an eye/ear out for reports of issues on other devices (if you have them).
Photo of David Henderson

David Henderson

  • 92 Posts
  • 13 Reply Likes
I thought I read somewhere that 802.11r is supported in El Capitan (OSX 10.11.x). Is that not true?
Photo of JasonD

JasonD

  • 43 Posts
  • 3 Reply Likes
It might...a quick search doesn't come up with anything definitive. I also can't tell how old the OSX document above actually is.
Photo of David Henderson

David Henderson

  • 92 Posts
  • 13 Reply Likes
We are sitting on Yosemite across the board right now and I am contemplating jumping to El Capitan for better support of enterprise wireless standards
Photo of JasonD

JasonD

  • 43 Posts
  • 3 Reply Likes
Okay, there doesn't seem to be issues with 10.9+ and 802.11r, but 10.9 and below forced OSX clients to authenticate with username/password for a WPA2 wlan that previously only required a password.
Photo of itdept_head me

itdept_head me

  • 18 Posts
  • 1 Reply Like
I have looked into this with ruckus support
The  WIFI stays up with a strong signal, but the software stack collapses somehow.
So the apple says yep i have wireless, but the data just disappears into a black hole.
sleeping or power save kicks it off.
Really there needs to be some sort of hard disconnect that forces the WIFI to re-init and then everything is good until next time.

But that said , i'm not going to be buying ruckus next time round, hardwire is good, but the software is complete crap.
Photo of JasonD

JasonD

  • 43 Posts
  • 3 Reply Likes
^^ I agree with itdept_head me. Ruckus support determined this is client-forced behavior.

Ruckus, I'd love some sort of paper white re: optimization for OSX/iOS devices. Similar to this Cisco document

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-2/b_Enterprise_Best_Practices_f...
Photo of Robert Lowe

Robert Lowe

  • 172 Posts
  • 35 Reply Likes
@jasond Agreed Ruckus could do more to provide best practice docs etc but you have to consider the size and resources of the companies you are comparing. Also they have a strategic business partnership so its in their common interests to have a best practice doc

http://www.apple.com/uk/pr/library/20...
Photo of itdept_head me

itdept_head me

  • 18 Posts
  • 1 Reply Like
actually the maximum black list you can build is 128.
the issue is not that i want a  list of 128, but the fact that the software will not support blocking devices in a reasonable manner. (i can ban all devices of a type) or I can have a black list of 128 devices.
i just want a better solution, to what should be a simple problem.
you state there are other 'solutions' but yet you fail to even mention any that ruckus can employ


it will only get worse once randomised  Mac make a showing
ban all  androids except  'X' makes far more sense
(Edited)
Photo of David Henderson

David Henderson

  • 91 Posts
  • 13 Reply Likes
Just curious, what is the use case for blocking whole classes of devices or devices by specific Mac address? I work in K-12 education and cannot think of a case where I would use this
Photo of itdept_head me

itdept_head me

  • 18 Posts
  • 1 Reply Like
factories, most Chinese workers use android.
Securing pws are difficult, cannot easily reset the pw (supervisor gives out pw to staff, staff gives to girlfriend.etc.etc)
so block all androids , kills 600/900 devices, then just mac allow supervisors.

even a few hours access can destroy a network, not to mention nearly every chinese mobile is actually a "Bot"
(Edited)
Photo of Robert Lowe

Robert Lowe

  • 172 Posts
  • 35 Reply Likes
There are plenty of solutions available, use a policy based MDM system like Cloudpath or even 802.1x with RADIUS auth. This is much more secure than a PSK with blanket ban on an OS type or lockdown by MAC.