Recommendation 1: Influence Roaming.iPhones prefer the 2.4GHz band due to differences in transmission and client imprecision. Both factors cause unnecessary roaming between dual bands on a single AP.
- Use 5GHz for most situations.
Disable 2.4Ghz radio; or implement band segregation that dedicates unique SSID per spectrum (e.g., Pub-2.4 and Pub-5GHz).
Dynamic auto power transmission (tx-power) does not influence single-AP roaming when bands are segregated by SSIDs. However, do consider how power impacts the long range of 802.11bg networks (e.g., sticky client syndrome). Far reaching 11bg signals also introduce security vulnerabilities. Long distance range is not always desirable.
- Take precautions to limit dual-band roaming for situation where band segregation is not possible. Influence iPhone 5GHz preference via signal strength. Keep 2.4GHz RSSI 11dBs lower than the 5Ghz RSSI. Insufficient 5GHz coverage is the exception.
- Load-Balancing is for high density user base situations. Disable load balancing if it’s not necessary. By all means, use load balancing for locations with heavy use. Make sure there are sufficient APs within the proximity of each client.
Recommendation 2: Controlling Data Rates/ Cell Size.Nearby 802.11bg networks can decrease 2.4GHz channel throughput by 90% (another reason to tone down power levels). This is especially troublesome considering there are only three non-overlapping 2.4GHz channel, Legacy data rates may further reduce network throughput. 5GHz is the preferred band.
- Disable 1, 2, 5.5, and 11 Mbps rates for 802.11a, 802.11g, 802.11na, and 802.11ng. Set Mandatory and Beacon rates to 24Mbps on all bands except 801.11b.
- Use RF detection rules to disable 802.11b clients –this requires Ringmaster.
Alternately, set the radio type to 11ng. This approach disables 802.11b and strictly uses transmit rates defined in the service profile.
Also consider disabling 802.11g by changing the 20MHz channel width to 40HMz. There are still a number of devices that use 802.11g –exercise with caution.
- Only use WPA2 RSN (i.e., AES) encryption with CCMP ciphers –no TKIP!
Recommendation 3: Transmission Power Tuning.APs in close proximity to other APs may transmit overlapping cells. Overlapping cells can cause excessive iPhone roaming.
- Conduct site-survey to determine best coverage. Use auto-power tuning in lieu of site-survey.
- Reduce power transmission rates from each AP. Avoid overlapping signals at -70 dBm (i.e., iPhone roaming). Acceptable overlapping target is approximately -81 dBm.
802.11b (2.4GHz) has nearly twice the range of 802.11a (5GHz). Adjust radio power levels so that 5GHz RSSI is greater than the 2.4GHz RSSI. For example, set 2.4GHz to 4dBm; and set 5GHz to 12dBm.
Some folks recommend disabling auto-power tuning. However, auto-tuning is a good alternative to simply jacking-up power rates to maximum transmission. Estimating static transmit maximums should work fine as well.
Juniper WLC iPhone Optimization Commands:These steps segregates dual-band radios by assigning unique SSIDs to each radio. N.B., We can't use the GUI for this advanced configuration.
|SSID||Radio1 (2.4GHz)||Radio2 (5GHz)|
1. Create service profiles for 2.4GHz band.
*WLC# set service-profile contoso_2.4 11n mode-ng enable2. Set 2.4GHz transmission rates.
*WLC# set service-profile contoso_2.4 11n mode-na disable
We cannot disable 11b transmission rates here. We essentially disable 11b later on when we assign radio type (11n/g vs 11b) in the radio-profile. Ignore 802.11b transmission rates (for now) and set mandatory 802.11g rates.
set service-profile sp_contoso_2.4 transmit-rate 11a mandatory 24.0,36.0,48.0,54.0 disabled 6.0,9.0,12.0,18.0 beacon-rate 24.0 multicast-rate AUTOSet 2.4 GHz 11n mode:
set service-profile sp_contoso_2.4 transmit-rate 11b mandatory 11.0 disabled 1.0,2.0,5.5 beacon-rate 11.0 multicast-rate AUTO
set service-profile sp_contoso_2.4 transmit-rate 11g mandatory 24.0,36.0,48.0,54.0 disabled 1.0,2.0,5.5,6.0,9.0,11.0,12.0,18.0 beacon-rate 24.0 multicast-rate AUTO
set service-profile sp_contoso_2.4 transmit-rate 11ng mandatory 24.0,36.0,48.0,54.0 disabled 1.0,2.0,5.5,6.0,9.0,11.0 beacon-rate 24.0 multicast-rate AUTO
set service-profile sp_contoso_2.4 11n mode-ng required3. Create 5GHz service profile.
set service-profile sp_contoso_5GHz 11n mode-na disable
Set 11n mode for 5Ghz profile:
set service-profile sp_contoso_5GHz 11n mode-na required
set service-profile sp_contoso_5GHz 11n mode-ng disable
Set 5Ghz transmissions.
4. Create 5GHz Radio Profile
set service-profile sp_contoso_5GHz transmit-rate 11a mandatory 24.0,36.0,48.0,54.0 disabled 6.0,9.0,12.0,18.0 beacon-rate 24.0 multicast-rate AUTO
set radio-profile rp_contoso_5GHz rate-enforcement enable5. Create 2.4GHz Radio Profile
set radio-profile rp_contoso_5GHz service-profile sp_contoso_5GHz
set radio-profile rp_contoso_2.4 rate-enforcement enable
set radio-profile rp_contoso_2.4 service-profile sp_contoso_2.4
set radio-profile rp_contoso_2.4 preamble-length short
6. Optionally set power for RF transmission.
Dedicating radios to SSIDs allows for relaxed power management -it's not entirely necessary. Consider auto-power tuning. It’s not as good as a site survey but it’s better than blasting tx-power at maximum output.
set radio-profile Shoreland_2.4 power-policy max-coverage7. Assign radio profiles to specific APs/Radios.
We assign radio 1 with auto transmit power.
set ap 3 radio 1 radio-profile Shoreland_2.4 radiotype 11ng tx-power auto8. Optionally set channel width to 40MHz to effectivly prevent legacy devices from connecting.
set radio-profile Shoreland_2.4 11n channel-width-na 40MHz9. Assign service profile to APs' 5GHz radios.
set ap 3 radio 2 radio-profile Shoreland_Guest radiotype 11na tx-power auto10. Assign other SSIDs as needed. Add CORP-802.1x to new radio-profile -otherwise it won't broadcast.
set radio-profile Shoreland_2.4 service-profile Shoreland_VLAN1_MFLet's see if it works:
set radio-profile Shoreland_Guest service-profile Shoreland_VLAN1_MF
#reset ap 3
#sh ap status verbose
Radio 1 Type: 802.11ng(2x3), State: configure succeeded [Enabled]
Antenna type: INTERNAL
Operational channel: 6 (Auto) Operational power: 4
Load balance: disabled
RFID reports: Inactive
BSSID1: 00:26:3e:xx:xx:xx, SSID: Contoso 2.4GHz
Radio 2 Type: 802.11na(2x3), State: configure succeeded [Enabled]
Antenna type: INTERNAL
Operational channel: 165,-- (Auto) Operational power: 18
Load balance: disabled
RFID reports: Inactive
BSSID1: 00:26:3e:xx:xx:xx, SSID: Contoso 5.4
Juniper Troubleshooting Commands:Review session data on the wireless controllers. Check client roaming. Look for short connection durations; and roams between the 2.4GHz and 5GHz radios:
CONTROLLER# sh sessions network verboseThings to look for:
CONTROLLER# sh service-profile Public
CONTROLLER# sh ap status verbose
Roaming history: Check for short connection durations; and roams between the 2.4GHz and 5GHz radios.
Confirm the device information: Device type, Last RSSI, last packet rate.
Switch AP/Radio Association time DurationThe above example shows frequent roams between the same AP.
--------------- ----------- ----------------- -------------------
10.10.10.2 2/1 03/11/16 16:11:20 00:04:10
10.10.10.2 2/2 03/11/16 16:10:10 00:01:10
10.10.10.2 2/1 03/11/16 16:02:27 00:07:43
10.10.10.2 2/2 03/11/16 15:52:33 00:09:54
10.10.10.2 2/1 03/11/16 15:39:17 00:13:16
10.10.10.2 2/2 03/11/16 15:33:22 00:05:55
-Confirm the device information: Device type, Last RSSI, last packet rate.
Device type: iphone (AAA)Review the service-profile:
Radio type: 802.11ng
Last packet rate: 24.0 Mb/s
Last packet RSSI: -69 dBm
*CONTROLLER# sh service-profile Shoreland_GuestIs the 2.4GHz band (i.e., 11ng) enabled?
11n Mode (na): enabled
11n Mode (ng): enabled
Guard Interval: short
Frame aggregation mode: all
MSDU Max length: 4k
MPDU Max length: 64k
CryptoAlso, Check encryption and cipher setting. Does it use WPA or Robust Security Network (RSN)? Or both? N.B., in general, WPA uses Temporal Key Integrity Protocol (TKIP), and RSN uses Advanced Encryption Standard (AES) with the Counter Mode CBC MAC Protocol (CCMP) cipher.
Juniper recommends WPA2 (i.e., RSN) and CCMP. It does not recommend combinations of WPA, WPA2, TKIP, and CCMP. Authentication can either be pre-shared key or 802.1x. Use 802.1x for the corporate network and PSK for the Guest network.
Pay attention to the 802.11 settings as well.