Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 29 subscribers
  • Views 21294 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG: Fast transition / WiFi roaming does not work

MarkusSchlüter1

Hi,

right now I do have an AP15 and AP55 at home.

 

Setup: In the upper floor I installed the AP55 and downstairs the AP15.

 

I make use of 7 different SSIDs and only two of them are also broadcasted by the AP 15 (yes, I enabled "Fast Transition" in both SSIDs), but the roaming does not work at all.

Whenever I go up- or downstairs I do have to disable / enable WiFi on my smartphone (Google Pixel XL), tablet (iPad Pro 2017) and notebook (MacBook 12 2017)

to switch the access points :-/

 

The firmware version of my Sophos XG Home Edition is SFOS 17.1.1 MR1.

 

Anyone out there knowing a solution to this hell of a problem?

 

Thanks in advance,

 

Markus



This thread was automatically locked due to age.
  • 0 in reply to rfcat_vk

    I still apply Web policies and App policies by user so need RADIUS to identify them.

    I also like the ability to audit who did what when etc where as a group is much harder.

     

    I do put some iPads into a group as these are locked down and I know the plebs cant abuse it

  • 0 in reply to M8ey

    I am still struggeling with the issue here.

    You are using the Radius SSO Option or Radius accounting option with sophos branded APs? 

    As far as i know, the radius mapping should not be involved into the roaming scenario because your Client IP never change after you roam to another AP, isnt it? 

    Which AP Solution do you use? 

  • 0 in reply to LuCar Toni

    Sorry for the confusion.

     

    Not using Sophos AP's - Meraki MR range

  • 0 in reply to M8ey

    Ok! 

    Lets go the next steps together. 

    You have APs (nvm which one) and a Radius Server. 

    I "assume" you have split the broadcast domains into different subnet ranges? 

     

    So basically you have something like: VLAN(Management) - XG - VLAN(Server). 

    In VLAN(Management) there are all APs connected to.

    And in VLAN(Server) there is the Radius Server? 

     

    So basically the AP send the Radius Request through XG to the Radius server.

     

    Next step is, you are using the Radius requests as SSO on XG. So the Accounting information from radius get send to XG and XG can do the mapping from IP(Client) to Username.

     

    Am i right? 

    Because at this point, i am not able to see, whether the XG causes the issue because of lack of feature or just because some firewall rule is missing in the communication between the connected components.