Question : Configure Cisco Access Point for seamless roaming!!

Hi,
I recently configured our Company wireless for PEAP authentication with Microsoft IAS.
So far everything looks good, the only problem im having is that user complained about disconnects while roaming.
Could somebody take a look at my config to check if i'm missing something.

Thanks
Code Snippet:
         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:

           
           
             !
! Last configuration change at 15:04:55 R Mon Oct 12 2009 by CIsco
! NVRAM config last updated at 15:04:56 R Mon Oct 12 2009 by CIsco
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname KTPO-APO-1
!
enable secret 5 meep
!
clock timezone GMT -5
clock summer-time R recurring
ip subnet-zero
ip name-server 10.0.1.6
!
!
aaa new-model
!
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius ras_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap
 server 10.0.1.132 auth-port 1645 acct-port 1646
 server 10.0.9.101 auth-port 1812 acct-port 1813
!
aaa group server radius cckm_infra
 server 10.0.9.101 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login methods_cckm_infra group cckm_infra
aaa authorization exec default local 
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 vlan-name Guest vlan 75
dot11 vlan-name Mgmt vlan 9
dot11 vlan-name Office vlan 4
dot11 vlan-name Plant vlan 8
dot11 vlan-name Unauthorized vlan 74
!
dot11 ssid KTPO-Guest
   vlan 75
   authentication open 
   authentication key-management wpa
   wpa-psk ascii 7 meep
!
dot11 ssid KTPO-Wireless
   vlan 8
   authentication open eap eap_methods 
   authentication network-eap eap_methods 
   authentication key-management wpa
   guest-mode
!
dot11 ssid Vlan4
   vlan 4
   authentication open eap eap_methods 
   authentication network-eap eap_methods 
   authentication key-management wpa
!
!
!
username meep password 7 meep
username meep privilege 15 password 7 meep
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 4 mode ciphers aes-ccm 
 !
 encryption vlan 8 mode ciphers aes-ccm 
 !
 encryption vlan 75 mode ciphers aes-ccm tkip 
 !
 ssid KTPO-Guest
 !
 ssid KTPO-Wireless
 !
 ssid Vlan4
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 packet retries 128 drop-packet
 channel 2462
 station-role root
!
interface Dot11Radio0.4
 encapsulation dot1Q 4
 no ip route-cache
 bridge-group 4
 bridge-group 4 subscriber-loop-control
 bridge-group 4 block-unknown-source
 no bridge-group 4 source-learning
 no bridge-group 4 unicast-flooding
 bridge-group 4 spanning-disabled
!
interface Dot11Radio0.8
 encapsulation dot1Q 8
 no ip route-cache
 bridge-group 8
 bridge-group 8 subscriber-loop-control
 bridge-group 8 block-unknown-source
 no bridge-group 8 source-learning
 no bridge-group 8 unicast-flooding
 bridge-group 8 spanning-disabled
!
interface Dot11Radio0.9
 encapsulation dot1Q 9 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.75
 encapsulation dot1Q 75
 no ip route-cache
 bridge-group 75
 bridge-group 75 subscriber-loop-control
 bridge-group 75 block-unknown-source
 no bridge-group 75 source-learning
 no bridge-group 75 unicast-flooding
 bridge-group 75 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 hold-queue 160 in
!
interface FastEthernet0.4
 encapsulation dot1Q 4
 no ip route-cache
 bridge-group 4
 no bridge-group 4 source-learning
 bridge-group 4 spanning-disabled
!
interface FastEthernet0.8
 encapsulation dot1Q 8
 no ip route-cache
 bridge-group 8
 no bridge-group 8 source-learning
 bridge-group 8 spanning-disabled
!
interface FastEthernet0.9
 encapsulation dot1Q 9 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface FastEthernet0.75
 encapsulation dot1Q 75
 no ip route-cache
 bridge-group 75
 no bridge-group 75 source-learning
 bridge-group 75 spanning-disabled
!
interface BVI1
 ip address 10.0.9.101 255.255.255.0
 no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1 
!
logging trap debugging
logging 10.0.1.133
 
radius-server local
  no authentication eapfast
  no authentication mac
  nas 10.0.9.101 key 7 meep
  user meep nthash 7 meep
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.0.1.132 auth-port 1645 acct-port 1646 key 7 meep
radius-server host 10.0.9.101 auth-port 1812 acct-port 1813 key 7 meep
radius-server vsa send accounting
!
control-plane
!
bridge 1 route ip
!
!
wlccp ap username meep password meep
wlccp authentication-server infrastructure methods_cckm_infra
wlccp authentication-server client eap eap_methods
wlccp wds priority 255 interface BVI1
!
line con 0
line vty 0 4
!
sntp server 10.0.1.6
end

           
         
Open in New Window
Select All
Answer : Configure Cisco Access Point for seamless roaming!!

At six autonomous access points, you're likely to get drops in roaming no matter what you do. Anything more than three deserves a wireless LAN controller at the heart of things.
