I recently have purchased 2 x Cisco 3802 , and 2 x Cisco 1852 Access points to work with the Cisco 2504 WLC Controller. I really wanted to upgrade to AC wifi and take advantage of all that Cisco have to offer in the wireless world and put it through some tests and performance. Initially i found it great on Windows Laptops and Macbooks, however i had major issues with Apple IOS 11 and Apple TV. Connections would constantly drop and would not work as well. I was testing on the 5Ghz/80Mhz band, and i seriously thought there was an issue with this band, as switching things to 2.4Ghz/20Mhz seemed to work better.
I raised a Cisco TAC case to further investigate these issues and we found that:
1) Optimized Roaming was enabled for 802.11a and 802.11b. (On WLC: Wireless > Advanced > Optimized Roaming)
This caused many issues with the Apple TV and Iphones/Ipads, and disabling this fixed the Apple TV, but not fully the Iphones and Ipads.
2) Fast Transition was enabled with Adaptive (On WLC: WLANS > “Your SSID” ID > Security > Layer 2 > Fast Transition)
Having Fast Transition enabled caused the significant issues with Iphones and Ipads with wireless connectivity and dropping. Once this was switched off we immediately noticed the performance improvement and roaming.
Cisco advised that the IOS 11 is buggy when it comes to the implementation of Fast Transition as we went through many debugs. They advised I needed a Apple Enterprise Support contract for Apple to just look at it, which I couldnt afford, so I have left Fast Transition “off”. The enterprise contract is like $5995 USD, or $799 USD per incident, just a bit pricy!
I also asked if there was any benefits to Fast Transition being “on”, and they advised it was only beneficial if my wireless setup is 802.1X and this improves the roaming between AP’s and going through Radius etc. My scenario only had WPA2 Pre-Shared key, so i could leave the Fast Transition set to Off without any issues.
Cisco Apple best practice document found here, advises FT should be set to Adaptive and left on, however as we found IOS 11 has severe issues with their implementation of FT..
I queried Cisco whats going on here.. and why there is so many issues and differentiates from their document and their advise was:
FT will always be suggested on Apple enterprise environment. This can’t be removed from the document simply because new iOS on some devices are having buggy issues with it. This is something that need to be fixed on Apple side and Cisco has nothing to change on the code or document since we are following the IEEE standard that we expect Apple to also follow on their entire product line.
Unfortunately as shared before to engage Apple care , you need to have an “enterprise AppleCare support agreement” contract.
TAC can’t do anything from Cisco side for this case to move further unfortunately.
So for all of you reading and have Cisco Wireless setup, running IOS 11, and are noticing problems with Apple TV/Iphones/Ipads be warned what options are set on the WLC, and how it could affect the wireless experience.
For Apple reading, please look at your FT implementation with Cisco on IOS11, so its less buggy, especially on the 5Ghz bands.
Again, thanks for reading and any feedback welcome.
Thanks for this post – it saved our network when our network technician didn’t know what to do after some months of strange wifi droppping on iPads, after a wlan controller exchange. However, I also believe there is another approach to this workaround (at least now). I think the “FT PSK” needs to be ticked under “Authentication Key Management” in Security-Layer 3.
UPDATE: This still isnt fixed as of IOS12 release, still cant believe Cisco have a document for best practice still advising this when it doesnt even work well.
Any update on this? We’re running FT on a WLC2504. Our iPhones on iOS12 can’t seem to fast roam. They try and try to fast-roam handshake but it never works. Eventually they will drop the wifi signal and do a full re-association.
Everything seemed to work fine on iOS 10.
Hi Steve, no i couldnt get it working still something is a miss to whatever Cisco guides they have on their website, and i havent got thousands to spend with Apple enterprise support.
I did some of my own experimentation, and found disabling FT completely, and only enabling 802.1X and CCKM works okay.
I also have flex connect operational, so what I did was create a flex connect group and vlan template, then mapped the vlans in this, and associated it to the AP’s. I was able to get then Iphones to roam quite well.
I still feel something is completely a miss with FT on apple devices and Cisco.