Intercontroller Roaming between sites - Anchors

I am planning the design of a multi-site wireless network.
The ideal solution will allow user A who is based at Site A to use the wireless in Site A and then be able to go to Site B and retain their IP address.
I know this feature is possible with intercontroller roaming but with some caveats.
This would only work if User A does not have to re-authenticate.
If a few days passed and then user A turns up at Site B they would authenticate to Site B and get an IP from Site B
What I want to achieve is to be able to anchor a user to their home controller, so whenever they went to Site B,C,D they would always use the IP of Site A and tunnel their traffic back.
Is this possible?
Thanks
Roger

The feature I nearly want is  Dynamic Anchoring for Clients with Static IP Addresses
Reading around this if you assign a static IP to a wireless client for their home site if they try to connect to Site B where that subnet is not supported the controller can tunnel the traffic back to the controller that does support that subnet.
My issue with this is when the client takes his laptop home they will not be able to connect to their home wireless
I need a way to make this solution work but with a dynamic address for the client?

Similar Messages

  • Roaming between mesh and non mesh and mesh AP design

    Hi There,
    I need some verification on the following:
    - Can client roam between Mesh AP 1550 series and Non-Mesh AP?
    - I have 1550 series AP to be installed and all the mounting area are with data point ready, which connects back to switch. Would configuring mesh for this outdoor units recommended, and guide on this. Current guide i am looking from cisco site is basically the AP do not have wired ethernet connection, my design here a bit different, all the AP's have wired connection back to the switch.
    Kindly assist.
    Thank you
    Rama

    I have seen and done installs like this. The advantage is that you don't have to worry about the backhaul dropping. So it's like any LAP but big chunky outdoor AP. If the RAP looses Ethernet connectivity... Well it changes to a MAP. So you can look at
    It as a benefit. It's always nice to be able to have Ethernet when you can.
    Sent from Cisco Technical Support iPhone App

  • Roaming between Flexconnect groups for scaling

    I have a customer that needs flexconnect at each of his 10 locations to access local servers and printers. The customer has a pair of 5508 WLCs running 7.6.130.0.
    While the customer currently has 25 and under AP count per site, they are considering an expansion to 50 - 60 per site.
    We are considering the mobility agent on 3650/3850/4500 switches, but the multi-hop restriction will drive the cost too high.
    What is the downside for defining multiple flexconnect groups per site?
    The customer is also considering Unified Communications. For example, would the voice RTP stream on a wireless IP phone roaming between APs on different flexconnect groups appear to be seamless?

    If you plan on utilizing any real-time applications such as voice, you would not want these devices to be roaming between FlexConnect Groups.  There will be a full re-authentication of the client; with the exception of OKC capable machines, which "may" roam more cleanly.  This means some standard data clients may perform a fast roam, or at least not notice much of a hiccup even with a full re-auth. 
    In either scenario, you would want to make sure this is NOT a L3 mobility roam (ie. FlexConnect WLAN/VLAN mapping to different networks).  This will cause major problems for all your clients as they will most likely end up talking on the new VLAN with their old IP address.
    Mobility / Roaming Scenarios
    WLAN Configuration
    Local Switching
    Central Switching
    CCKM
    PMK (OKC)
    Others
    CCKM
    PMK (OKC)
    Others
    Mobility Between Same Flex Group
    Fast Roam(1)
    Fast Roam(1)
    Full Auth(1)
    Fast Roam
    Fast Roam
    Full Auth
    Mobility Between Different Flex Group
    Full Auth(1)
    Fast Roam(1)
    Full Auth(1)
    Full Auth
    Fast Roam
    Full Auth
    Inter Controller Mobility
    N/A
    N/A
    N/A
    Full Auth
    Fast Roam
    Full Auth
    (1) Provided WLAN is mapped to the same VLAN (same subnet).

  • What is difference between Site template and web template

    What is difference between Site template and web template

    Both are almost same, are you referring to Site Definitions vs web template?, if so, refer to the following post
    http://blogs.msdn.com/b/vesku/archive/2011/07/22/site-definitions-vs-web-templates.aspx. 
    --Cheers

  • Unable to pass traffic between sites

    I've read through dozens of posts and so far have had no luck getting any of the suggestions to work - combined with many of these posts being multiple years old...so I'm going to try posting something current and see if I get anywhere.
    Scenario:
    Site A - Cisco ASA 5510 running 8.4(4)1 with two interface connections to a Cisco ME 6500 (which I do not manage), one for internet and one for a MPLS connection.
    Site B – connecting to an unknown switch which is connected to the MPLS network.
    Site C – Cisco ASA 5505 running 7.2(3) with one connection to an unknown switch (which I do not manage) for internet access.
    Site A to Site B traffic flows between the two without issue.
    Site A to Site C is a site-to-site VPN connection. Traffic flows between the two without issue.
    The main issue I’m having is that Site B cannot talk to Site C and vice versa. Also my client VPN connections to Site A cannot get to Site B or Site C.
    My first question is; is this even possible? (I sure expected it to be). And if so, what the heck am I doing wrong???
    I’ve included a config from Site A which is where I’m guessing the problem is. Any insight is appreciated.

    "I'm not following what you mean by that."
    Your Site "A" and "B" connected through MPLS cloud and they are not connected through vpn-connection, right?  I assume that your site "B" cannot communicate to site "C", therefore you must permit site-B's subnet traffic transit between site "A" and site "C" i.e. Site-B should have access to "C", right ?
    "I may be misunderstanding, but isn't that what this is: "route MPLS 10.17.0.0 255.255.0.0 10.17.250.2 1"."
    Great 10.17.0.0/16 route meant for site "B", that is fine, you wouldn't need an additional one.
    "You completely lost me there :)"
    I presume that your Site "B" and "C" does not have direct MPLS connection, therefore Site "A" becomes a transit path for site "B" and "C".   You allow site-B's transit through the vpn-tunnel between site "A" and "C".  Your site "C" assumes that subnet belong to site "B" is directly connected at site "A" but in reality it connects via a MPLS cloud and one last thing is that a route needed at site-B to push site-C's traffic to Site "A", a static route would do that.
    As you would permit site-B's traffic to pass through vpn-tunnel site "A" and "C", in other words your "A" become a hub for traffic flowing between site "B" and "C".
    "Should the route be applied to the inside or the outside interface?"
    Outside.  Your tunnel terminated on the outside interface, right? If so then it must point to outside's default-gateway address.
    object network SiteB-network
     subnet 10.17.2.0 255.255.255.0
    this would allow you to access site-c subnet when you are remote-in to Site-A.
    nat (outside,outside) source static VPN-pool VPN-pool destination static SiteC-network SiteC-network
    this is to allow Site-B to access site-C subnet via the tunnel between site A and C.
    nat (MPLS,outside) source static SiteB-network SiteB-network destination static SiteC-network SiteC-network
    object network inside-network
     subnet 192.168.1.0 255.255.255.0
    nat (inside,outside) source static inside-network inside-network destination static SiteC-network SiteC-network
    access-list outside_cryptomap extended permit ip object inside-network object SiteC-network
    this is allow Site-B to access site-C subnet via the tunnel between site A and C.
    access-list outside_cryptomap extended permit ip object SiteB-network object SiteC-network 
    Thanks
    Rizwan Rafeek

  • How to improve client handover and roaming between AP's

    Improving client Handover and roaming between APs
    There are a few standards and methodologies available to use to improve handover of clients between APs. Most are focused on VOIP technologies, but it must always be remembered that we cannot control the client Handover (especially with legacy clients) we can only encourage them. Some Standards and methods work well for some environments and some do not - test the recommendations extensively before implementing in a live Production environment. It must also be noted that all settings take effect immediately once applied, however from a client perspective it might need to re-associate for the changes to take effect client side.
    As with everything else in IT, if a perfect method/solution existed there would only be one - try them all and keep the best.
    The Standards and Definitions
    802.11k
    IEEE 802.11k allows a device to quickly identify nearby APs that are available for roaming. When the signal strength of the current AP weakens and the device needs to roam to a new AP, it will already know the best candidate AP with which to connect to.
    802.11r
    IEEE 802.11r specifies fast Basic Service Set (BSS) transitions between access points by redefining the security key negotiation protocol, allowing both the negotiation and requests for wireless resources to occur in parallel.
    When a device roams from one AP to another on the same network, 802.11r streamlines the authentication process. BSS allows a devices to associate with APs more quickly. Coupled with 802.11k's ability to quickly identify the target AP, BSS's faster association method may enhance application performance.
    Handoff Assist
    The AP monitors the RSSI for every associated client. If the RSSI for a specific client falls below "low-rssi-threshold" and continues to fall for the "rssi-falloff-wait-time", then the AP will send a de-auth to the client. 
    The de-auth is meant to kick the client away from the current AP and get it to re-authenticate to a nearby AP. This will have the effect of helping a client handover between 2 APs.
    BUT (Big But), if the client gets de-authed and takes a while to re-authenticate (if it even does re-authenticate automatically after a de-auth), then this will have the effect of destroying communication instead of helping it -- mostly found with legacy clients. 
    Remove Lower Transmit Rates
    Removing lower transmit rates is a way to promote better roaming, BUT not all clients respond well, or even respond to it. 
    The practice is that the basic rates are a subset of the transmit rates. If you only want to allow speeds 9 and up, you would select only the transmit rates of 9 and up, and the basic rates of 9 and 11. If a legacy client expects the rates of 1 and 2 it will not connect.
    Local Probe Threshold
    Local probe Threshold prevents a client from connecting to an AP with a too low a signal - helps more with initial connection than roaming.
    The local probe threshold parameter is not supposed to force clients to roam as soon as they pass near an access point with a good signal, but rather to NOT hold on to an access point with a weak signal (avoiding sticky clients).
    PMK Caching
    Defined by 802.11i and is a technique available for authentication between a single AP and a station. If a station has authenticated to an AP, roams away from that AP, and comes back, it does not need to perform a full authentication exchange. Only the 802.11i 4-way handshake is performed to establish transient encryption keys.
    Opportunistic Key Caching (OKC)
    Is a similar technique to PMK, but not defined by 802.11i, for authentication between multiple APs in a network where those APs are under common administrative control. An Aruba deployment with multiple APs under the control of a single controller is one such example. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys
    Implementation and Configuration
    802.11k
    802.11k is configured in your VAP profile. Tick the option to “Advertise 802.11k”. There after set the Handover Trigger Feature Settings.
    Tick the “Enable Handover Trigger feature” and then set RSSI threshold by specifying the -dBm level at what the hand over trigger should be sent to the client
    802.11r
    802.11r is configured under SSID of your VAP profile. Tick the option to “Advertise 802.11r”
    HandofF Assist
    Station Handoff Assist is enabled in RF Optimization under the RF Management section of AP configuration.
    Tick the “Station Handoff Assist” option to enable it, next set the Low RSSI Threshold – the threshold determines above what level no deauth gets sent
    Lower Transmit Rates
    Transmit rates can be adjusted in the Advanced tab of SSID under your VAP profile.
    Remember that the basic rates are a subset of the transmit rates. If you only want to allow speeds 9 and up, you would select only the transmit rates of 9 and up, and the basic rates of 9 and 11
    Local Probe threshold
    Local Probe threshold can be adjusted in the advanced tab of SSID under your VAP profile.
    Depending on the density of your APs consider values between 20 and 40 -- 40 being aggressive in an AP dense area.
    Deny Broadcast Probes
    Denying Broadcast Probes can cause problems with Roaming especially if the SSID is hidden – leave option disabled.

    Hi, thank you for the helpful guidance.  I have a basic question, if the device roam from one AP to another AP with the same SSID.  Is there a need of re-authentication given a) the network uses EAP based authentication; b) the network uses MAC address authentication.   If there is no need of EAP re-authentication, how the 802.11 keys are moved to the new AP.  Thank you very much if you could help me clarify my thought. 

  • IPad's Roaming Between Access Points

    A company with 460 Cisco Access Points is using iPad Mini's to control lighting and other things, the iPad Mini's are roaming between access points VERY SLOW, they are dropping 45-50 packets between roams. iPad 2's and iPhone's are roaming just fine, if they drop any packets it's a max of 5.
    Is there any differance in the NIC's that are in iPad 2's and iPad Mini's? Or is there a setting for fast roaming?

    Hi,
    It seems that these APs are not aware of each other, I would suggest you look into a controller based solution, that means you need some sort of controller base AP system to get this seamless roaming feature, I also suggest you check whether there's compatibility
    issue for the device with product vender.
    Yolanda Zhu
    TechNet Community Support

  • Why i am unable to select between 2 anchor points with in a object while dragging with direct select

    why i am unable to select between 2 anchor points with in a object while dragging with direct selection tool instead it moves

    Another option is to temporarily change your view to outline mode, when your done switch back to preview mode. Ctrl-Y or View>Outline {View>Preview} The menu option will change depending on which mode you are in.
    And another option, double click on the object in question to place it in Isolation mode. You can now edit to your hearts content. When done, click on the gray border at top of document.
    So as you can see there are multiple ways of accomplishing the same thing.

  • How can I allow send referrers in site (same domain) only but not between sites?

    I don't want other sites to know from which site I went there. (Sending referrer between sites.) However, some sites only function when referrer is sent on site (same domain).
    Is there a way to accomplish this? No sending referrers between sites but in sites: yes? If not Firefox, Chrome?
    Thanks.

    Hi , I think this addon is what you need [https://addons.mozilla.org/en-US/firefox/addon/refcontrol RefControl]
    About this Add-on:
    You create a list of sites, and the referrer that should be sent for each site. You can choose to send that referrer unconditionally or only for third-party requests. Additionally, you can specify the default behavior for any site not in the list.

  • Roaming between RV220W wireless router and WAP121 Access Point

    Hello, I have recently purchased a RV220W wireless router and a WAP121 access point and i would like to allow my users to "roam" between the two networks as needed (so when the user is closer to whichever one they connect to that one since it has a better signal). For the most part I only have experience in cisco IOS and in actual routers not the wireless stuff so my knowledge has not exactly transfered over well.

    William,
    WDS will not work between the RV220W and WAP121 due to incompatible chipsets. The RV220W can be repeated using WDS by another RV220W or RV180W only. You will need to plug the WAP121 into the RV220W or try WorkGroup Bridge mode to repeat the signal.
    Regarding roaming, the router or AP are not aware of each other and do not have the capability to disconnect a client and help them connect to the AP with the stronger signal. The client will switch to the stronger AP only when the original signal is lost.
    The Aironet (enterprise) devices have the ability to utilize a wireless LAN controller which can help keep devices connected to the stronger signal and allow truly seamless roaming between APs.
    - Marty

  • Roaming between two extreme

    with an IPad 1..How to roam between two Apple expreme without loosing connection?
    Thanks

    See the second message of this thread for instructions on creating a "roaming network":
    https://discussions.apple.com/thread/2273124?threadID=2273124

  • Roaming between 802.11a & g

    Hi forum,
    Can wireless clients roam seamlessly between 802.11a and 802.11g APs? they will be using the same SSID.
    besides, if I select different channel for bluetooth clients, can it coexist with 802.11g?
    Thank you,
    paul

    It is possible for a wireless client to roam between 802.11a and 802.11g.
    Try this link:
    http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/index.shtml

  • Roaming between E3000 wireless router and WAP300N

    Hi all
    The Linksys router I’ve got in my office room at home is providing poor coverage in my living room. Thus I’ve purchased a WAP300N and connected it by wire to the build-in 4 port switch of my Router (E3000). The set-up is providing a significant improvement in the living room, but… it seems as if the two wireless access points are “competing” over the “clients”.
    When I move from the office room into the living room, my wireless equipment seems to be stuck on the connection to the wireless router in the office room – even though the signal from the WAP300N in the living room is much stronger.
    The situation is exactly the same, when I move from the living room to the office room – the wireless equipment is stock on the weak signal from the living room.
    I have to turn off and on the radio on my wireless equipment to get them to connect to the strongest signal. 
    Is there a way to make the “roaming” between wireless access points more smooth?
    Kind regards
    vonRasmussen

    vonRasmussen :
    Change the channel on the WAP or your router are on.
    Not the 802.11?, but the transmission channels, which are probably transmitting on the same channel. I find the best results are at lease 2 numbers apart. if on is transmitting on channel 1 the next closest will be on 3. With multiple WAPs in a large area you would have to play Sudoko to make sure every one is 2 channels apart.
    to quote Lisa Phifer:
    Multiple access point configuration: Distinguish transmission signals;
    Why should you access points use different channels? In a typical micro-cell Wlan, adjacent APs should always use non-overlapping channels, ( e.g., 1 ,6 ,11), to avoid co-channel interference.
    Good Luck.
    Dave

  • Roaming between 1231A and 1142N

    Gday Everyone,
    Just would like to know your experience in roaming between LWAPP converted 1231A and 1142N APs?

    Inter-Release Controller Mobility (IRCM)
    Table 10 lists the inter-release Controller Mobility (IRCM) compatibility matrix.
    Table 10     Inter-Release Controller Mobility Compatibility Matrix
    CUWN Service
    4.2.x.x
    5.0.x.x
    5.1.x.x
    6.0.x.x
    7.0.x.x
    7.2.x.x
    7.3.x.x
    Layer 2 and Layer 3 Roaming
    X
    X
    X
    X
    X
    Guest Access/Termination
    X
    X
    X
    X
    X
    X
    X
    Rogue Detection
    X
    X
    X
    X
    X
    Fast Roaming (CCKM) in a mobility group
    X
    X
    X
    X
    X
    Location Services
    X
    X
    X
    X
    X
    Radio Resource Management (RRM)
    X
    X
    X
    -1
    Management Frame Protection (MFP)
    X
    X
    X
    X
    X
    AP Failover
    X
    X
    X
    X
    X
    1 In the 7.2.x.x release, RF Groups and Profiles were introduced. RRM for 7.2.x.x and later releases is not compatible with RRM for any previous release.
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

  • Roaming between APs with Radius

    Hi everyone,
    Someone told me about this issue this week. I heard that roaming between APs was not possible without reauthenticating when RADIUS authentication is used. This means that you need to reauthenticate yourself to the RADIUS server each time you switch from an AP to another, so you have to re-enter your credentials many times.
    Do someone have heard about the same thing? Is there some technical articles discussing about this issue?
    Thx, Jim

    With LEAP authentication, your credentials are cached (encrypted) from when you login to windows.
    Wen you LEAP authenticate those cached credentials are used, and when you roam they are used to reauthenticate.
    The user is not prompted for username-password when roaming with LEAP.
    The best security white-paper is this one;
    http://www.cisco.com/warp/customer/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.htm

Maybe you are looking for

  • Opening a PDF residing in the server

    Hi, I have a WD application and there is pdf file placed in the same server of the client where SAP is there. I have to open that file from on click of a hyperlink from my application . Please suggest some way to do that.

  • How can I merge data from a spreadsheet to a document that I can email on an iPad?

    I Am switching from a old pc to my new iPad Air 2 and need to run my eBay business from it. The last issue I am having is I need to pull data from the sales spreadsheet I download from eBay and put the data in a document that includes name, address,

  • PO approval change

    Hi, In purchase approval hierarchy, Current manager (X) has been replaced by another one (Y). But X is still in the HR roll. Now all the approval has to go to Y. Implemented Position Hiararchy setup. Now after reassinging it goes to Y but X names is

  • Changing Role created with Customizing Auth. Utility

    I created a role in PFCG using the Customizing Auth. option under Utilities by referencing a project view that I created in the IMG.  My intent was to create a security role with access to all of the SPRO tcodes and related security objects.  I then

  • Encoding on terminal to read/write ntfs hard drive help!

    I encoded in Terminal the codes that were posted online regarding the enabling of read/write for ntfs hard drive but something went wrong during the process. Would it be possible to undo it? Would there be any code to disable it so I could at least r