HPE Community
M and MSM Series
1753964 Members
7517 Online
108811 Solutions
New Discussion

Re: Wireless mobility and iPads?

 
Cajuntank MS
Valued Contributor

‎01-26-2012 09:16 PM

‎01-26-2012 09:16 PM

Wireless mobility and iPads?

I am using a MSM765zl Mobility Controller with WPA/WPA2 in my VSC. I can sign on with domain joined wireless stations just fine. When I configure an iPad, I am prompted for a username and password, prompted to accept an internal certificate, and everything connects fine. My issue seems to be when that user travels to another location; which of course means in another subnet, and has to go through the reauthentication process on the iPad. I have "Wireless Mobility" checked on the VSC and using "Subnet-based mobility" instead of Mobility Traffic Manager. I also have "WPA2 opportunistic key caching" checked as well. Is this possibly due to the fact that the certificate is from my internal CA and not a trusted public CA? I need to try and get this resolved... Any thoughts?

0 Kudos
17 REPLIES 17
Erik Behrendt
Established Member

‎01-27-2012 01:58 AM

‎01-27-2012 01:58 AM

Re: Wireless mobility and iPads?

I have "WPA2 opportunistic key caching" disabled on the VSC's that holds iPads.

I found that even though it is not exactly new technology, it is not supported on iPads.

 

I don't know if it will help you with your problem, but turning it off is definitely the way to go with iPads on your wireless installation. Ipads on our network had problems roaming between AP even on the same subnet with "WPA2 opportunistic key caching" enabled. 

 

Hope you solve your problem.

 

Kind regards Erik.

Cajuntank MS
Valued Contributor

‎01-27-2012 12:33 PM

‎01-27-2012 12:33 PM

Re: Wireless mobility and iPads?

Thanks Erik, I'll give it a shot to see if that will help. I'll post back in a few days to let you and everyone else whom this might apply to if this worked for me.

0 Kudos
tschaps
Valued Contributor

‎02-03-2012 02:07 PM

‎02-03-2012 02:07 PM

Re: Wireless mobility and iPads?

I am definitely interested in the results -- I am finishing up a network upgrade to support an iPad rollout next year (1,500 in a school), I have 60 MSM430 & 566's, and two 5406's each with a MSM765zl. I was planning to use the opportunistic key caching, since students and teachers will be walking all over with the iPads, and I thought not having to re-authenticate with each AP they pass by would reduce the load on the system. 

 

I would also like clarification on "I found that ... it is not supported on iPads." Do you mean that HP does not support OKC with iPads, or iPads somehow can't make use of that type of system (which seems hard to believe, I have found them to be very good at finding and connecting to known networks with no user interaction.)

 

Thanks for any further info either of you can provide. 

0 Kudos
Cajuntank MS
Valued Contributor

‎02-05-2012 02:20 PM

‎02-05-2012 02:20 PM

Re: Wireless mobility and iPads?

Ok, just an update on this. After I had a weird issue creep up all of a sudden, I had to call into tech support where I got to talk to a very knowledgable engineer. He looked at my config and pointed out a few misteps I had that he said ultimately will need to be addressed. Don't know if any of these misteps had anything to do with the current problem I was having, but it was good information non the less. He wanted me to turn back on oportunistic key caching for one thing even after I explained about the iPads; however, he felt that was related to other config issues. One of the things he pointed out was, I was doing super netting for my active route back to my LAN subnets which he said the controller technically does not support and that could potentially cause issues. The other config issue which is major is that since v 5.4 of the software, the mobility functionality needs distinct VLAN tag IDs. In my situation, I am separated by L3 routes, so L2 VLAN IDs don't have any affect, by them being the same, on those other subnets...well evidently it does when it comes to this controller and software code. If the subnets you report to the controller are all not on their own distinct VLAN ID, this will cause issues with mobility. So I guess I know what I'll be doing over the summer. He could not say for certain if correcting these issues would solve my iPad issue roaming across subnets, but he did know for sure that these two misteps would need to be corrected to be supported by the current software code of the controller.

0 Kudos
Erik Behrendt
Established Member

‎02-06-2012 02:20 AM

‎02-06-2012 02:20 AM

Re: Wireless mobility and iPads?

I got the info from an Aruba document claiming that iPads (not HP) does not support Opportunistic key caching

 

Document can be found here.

http://www.arubanetworks.com/pdf/technology/whitepapers/wp_iPad-in-Enterprise.pdf

 

I did some slight  testing with two AP's and a bunch of iPads.

Initial "logon" to the first AP was smooth and problem free.

Moving closer to the other AP (on the same subnet) and the iPads stopped having internet access.

They all seemed to be connected to the SSID but internet access did not work.

I had to disable Wireless LAN and then enable it aging and then they would work fine again.

 

This was done on FW 5.5.2.14 I have not tested it again.

I do not have the facilities to test again, as this is almost a "mission critical" network and I do not want to mess around with something that is kinda working.

 

Hope this helps

 

Kind regards

Erik Behrendt

 

 

0 Kudos
JesseR
Regular Advisor

‎02-07-2012 09:36 AM

‎02-07-2012 09:36 AM

Re: Wireless mobility and iPads?

I am seeing problems with iPads too...  but mainly because, we have carts and carts full of iPads (30 per cart).  And even when they aren't being used and sitting in the cart in sleep mode, the iPads are STILL maintaining a connection to the nearest AP.   So if we have (3) carts of iPads in a given area that aren't even being used, we can see at least 90 active wireless connections at that time.  When viewing the connections on the MSM web interface and looking at the client itself, by it's MAC address, we will see "Power save state: On" on those connections.   Seems like we end up overcommitting our radios because of sleeping iPads.

 

So take those 90 iPads connections which aren't even being used, and then try and use a FEW laptops for internet browsing, email, or applications hosted on a server, and the result is horrendous.  Not sure how to combat this...  Getting users to turn OFF the iPads has been impossible.

 

Very frustrating.

JR

 

Jesse R
Source One Technology, Inc.
HP Partner


MSM 5.7.x deployment guide:

0 Kudos
Cajuntank MS
Valued Contributor

‎02-07-2012 01:33 PM

‎02-07-2012 01:33 PM

Re: Wireless mobility and iPads?

If anyone from HP is listening, I would recommend they produce a whitepaper or best practices on this matter. Gone are the days of wireless tech being used for laptops...it's all about the slate devices and handhelds based on Apple's IOS or Android.

0 Kudos
ndoudna
Frequent Advisor

‎02-16-2012 01:51 PM

‎02-16-2012 01:51 PM

Re: Wireless mobility and iPads?

If a client (such as an iPad) doesn't support a feature (such as"WPA2 opportunistic key caching"), is it harmful for that feature to be enabled in the VSC?  So OKC wouldn't apply to that client, but turn it off for the whole VSC?

 

thanks,

noemi

0 Kudos
ISoliman
Super Advisor

‎02-20-2012 02:37 AM

‎02-20-2012 02:37 AM

Re: Wireless mobility and iPads?

WPA2 opportunistic key caching is used in Layer 3 roaming, in L2 roaming there shouldn't be any issue as far as I know with WPA/WPA2 and all the APs are in the same VLAN no L3 roaming between SSID that has 2 subnets.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.