Layer 3 Roaming

Is there a way for a client on one autonomous AP in user vlan A to roam to second autonomous AP in user vlan B whilst retaining IP address without using WDS. So Mobile IP Layer 3 roaming possibly through the switch/router?
The two APs are connected to a 3560 which is connected to an 877. The vlans are layer 3 on the SVI of the 3560.

Hello Mat,
no, it's not possible without WDS. In fact, regular WDS doesn't support Layer 3 roaming, either. You need to do WDS with Cisco's 6500 WLSM module. WLSM was announced end of life in 2006.
https://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a00802252b7_ps2706_Products_Data_Sheet.html
Regards,
Roman

Similar Messages

  • Layer 3 roaming issue

    Hi all,
    i have two wireless networks with two subnet (see the attached drawing) , all controllers run v4.2 access points type is 1020 .
    the first network in hall 1 have 4 wlc in subnet 172.16.40.X  , the security is WEP key for wireless phone
    the second network in hall two have one WiSM in subnet 172.26.40.Y the security is WEP key for wireless phone also
    all controllers and WiSM in same Mobility group .
    the issue is  ,when   wireless phone roaming from hall one to hall two or from hall two to one it dropped the connection and not working
    please advice

    Examples :
    WLC1 has management as 192.168.1.2
    WLC2 has management as 192.168.1.3
    WLC1 has the SSID "employees" linked to interface "emp_int" which has ip 192.168.50.2
    WLC2 has the SSID "employees" linked to interface "employee_int" which has ip 192.168.80.2
    In this case, we have layer 3 roaming. Meaning that normally the client would need to change its ip from 192.168.50.x to 192.168.80.x but thanks to mobility anchoring mechanism, the WLC2 forwards all traffic back to WLC1 so that the client can keep its ip address in 192.168.50.x
    If the situation was that both employee interfaces were in the 192.168.50.x on both WLCs, then we would have layer 2 roaming. Meaning the client entry is simply moved to WLC2 and WLC2 handles all the traffic. WLC1 has nothing to do anymore with this client.
    conclusion : the ip addresses of the management interfaces don't matter to decide if it's layer 2 or 3 roaming, it's the ip of the dynamic interface of SSID which matters
    Nicolas
    ===
    Don't forget to rate anwers that you find useful

  • 5508 WLC HA pair and layer 3 roaming

    Hey,
    We have a pair of 5508 WLC's configured in HA (primary/standby). We have a single SSID that we're broadcasting across each floor of our head office. The AP's are in flexconnect mode so users pickup an IP address from the DHCP range for that building level and that's all working well. 
    The problem I have is that users cannot roam between floors without losing access to the network. They roam to the AP's on the different floors, and maintain wireless connection throughout the building, but they cannot connect to anything on the network when outside of the floor that contains an IP range that matches the client's IP. I was told by a number of technical consultants that this sort of layer 3 roaming should work in this configuration. When users go to a different floor, they retain their original IP and the traffic is tunneled (EOIP) back to the controller to maintain network connectivity, however this does not appear to be happening. 
    Firstly I'm wondering if this is possible with a HA pair configured in active/standby. All of the documentation around layer 3 roaming seems to involve at least 2 controllers, the foreign and the anchor. In this case as they're a HA pair their is technically only a single controller. 
    If it is possible to do layer 3 roaming on a single controller (intra-controller), if anyone can provide some guidance on things I should be checking or looking out for that would be appreciated. 
    Thanks. 

    Still though, I had a number of technical consultants from a very large system integrator design this setup and despite my asking a number of times how this roaming could work I was simply told it would.
    ROFL!
    We contracted a consulting company/implementors to do a wireless job (back in 2011) for a particular project (politics dictate I keep stay away from it).  They had one "wireless expert".  
    Then one day, I got a call from the "wireless expert" and the phone conversation went like this, "It's me.  I am doing another wireless project for another agency.  But I would like to know how do you convert an autonomous AP to controller-based IOS".   <FACEPALM>
    Long story short:  They won't know.  Not all of them know.  Their main concern is YOUR MONEY in their hands.  That's all.  But I can tell you this:  I am the end user.  I configure stuff.  Roaming works if you get the basics correct.  Roaming works if you know what you want and you get it done right.   Scott Fella and Steve Rodriguez, two regular in this forum, (and works for CDW) and they are good.  There's another "mad Texan" by the name of George Stefanick is another one.    An Aussie by the name of Rasika is also around.  
    The most basic item is roaming is how you space your APs.  Unless you've got wireless antennas coming out of your ears, you need to organize a wireless site survey.  And when you want to do the a "good" wireless site survey, you "future proof" your requirements.  Right now,  my wireless site survey is aimed at "wireless VoIP" requirement. 

  • Mobility group -without layer 3 roaming

    Hi all,
    With a N+1 WLC deployment, is it possible to disable layer 3 roaming while enabling Mobility group feature on the backup controller ?
    based on the network setup layer 3 mobility is not required.However,  we need to both controllers to exchange all security related  parameters so that excluded clients info etc  will be in sync during a failover scenario.
    I do not  intend to use ACLs as such.
    Any thoughts much appreciated.
    cheers,
    Janesh

    Hi Nicolas,
    Many thanks for the  reply.
    Let me throw some light on the matter
    -Why exactly do you want to block layer 3 roaming ?
    Buildings are miles apart so roaming  will only happen within a building and it will be  intra controller.
    Also  I have seen on cisco doco that Layer 3 roaming is not preferred.
    How does it impact you as anyway it's transparent for the network ?
    As I mentioned layer 3 roaming is not required so I don't see a point enabling it.Why tax the controller unnecessarily?
    One controller serves all the APs at one data centre and the other is the backup.No salt and pepper  scenario.
    -Does that mean that you're ok with layer 2 roaming ? If yes, just configure all WLCs to serve the same subnets for the clients
    Layer2 roaming will happen  within the controller as  primary and backup controllers are Layer -3 separated.
    There is no layer 2 adjacency between the controllers.
    over to you
    cheers,
    Janesh

  • Layer 2 vs. Layer 3 roaming

    We have a large network with AP350, and those do not support Layer 3 roaming.
    I would like to know what is different in latency and functionality between Layer 2 and 3?
    There is mentioned a WLSE in the Layer 3 design, but is it needed?
    We are about to by WLSM and Sup720
    Is there some technical document whish you could recommend?
    Best regards,
    Glenn

    Some related documents.
    http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/netqa0900aecd800fad5c.html
    http://www.cisco.com/en/US/products/hw/wireless/ps458/prod_technical_reference09186a00801c5223.html

  • Layer 3 Roaming for Voice

    What are people using on wireless networks that have VLAN's for voice and data to provide Layer 3 roaming funcionality. Need wireless voice users to be able to roam across subnets seemlessly. Layer 2 works great but scalling to 2000 users. Need a Layer 3 solution. Does anyone have this working ? With a non-cisco wireless voice device?

    IP mobility is the feature you are looking for, I guess Cisco will be coming with voice handsets with this feature soon.

  • 5508 WLC Layer 3 roaming

    Hey everyone,
    As we get more users, we are starting to run out of IP addresses in our wireless subnet at one of our locations.
    We were thinking instead of just enlarging the subnet, creating a different subnet for each floor.
    While I can find plenty of documentation on Inter-controller inter-subnet roaming, I was wondering how this would be handled across a single controller.
    I read the Mobility chapter of the Wireless LAN Fundamentals book (http://www.ciscopress.com/articles/article.asp?p=102282&seqNum=3), which suggests that this can be done.
    Who has had experience doing this? What additional configuration (if any) had to be done?
    Edit: If you have implemented this, what is the user experience while roaming between floors?

    When you are operating the Cisco wireless LAN solution in Layer 3 mode, you must configure an AP-manager interface to control lightweight access points and a management interface as configured for Layer 2 mode.
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70/c70ovrv.html#wp1069144

  • SSID + Layer 3 roaming across subnets

    Morning Guys,
    I have a situation in which I have a site where all the APs are not in the same subnet and thus the IP Addresses received by my clients are different. However, all APs are advertising the same SSID which is permitting roaming at the lower layers. Is there a configuration I can apply to the Access Points that will allow for clients to roam across SSIDs in a different subnet and get a new IP address without doing a ipconfig /renew or disabling and or enabling the wireless?
    I'm using Aironet 1200 series Access Points
    Thanks
    Nik

    Hi Steve,
    While in most sites I have them in the same subnet there is a site where they are in 2 subnets. I was hoping to be able to make the roam seamless. If you have to disable and enable the wireless or perform an ipconfig /renew it takes away from the seamlessness :-).
    Any suggestions would be welcome. However, I can understand what Scott is saying also as that is how it currently works.
    The environment consists of all Anonymous AP various Aironent 1200 series, i.e. 100, 1250, etc.

  • Block Layer 3 Roam from certain foreign controllers

    We have a large campus that we recently openend a new building where the decision was made to initially keep the network somewhat isolated from the rest of the campus.  We are working on converging the networks now, with much discussion, but until that happens, we have clients going back and forth between buildings and their devices won't work properly.  While the SSIDs are the same throughout, the addressing is different and we don't have a layer3 roam set up as of yet, but it is being planned.  So my question is, can i force a client device that is using an address from one network to pull a new address when they enter the other network.  There is some common RF space, which is why they are not automatically doing that. 
    Thanks in advance.

    what will happen is like two linksys AP who can see each other configured for similar wlan name and using different network.
    Anyway, the L2 & L3 roaming is broken already without the Mobility tunnel. It is possible that wireless client can be stranded already switching between same wlans mapped to different vlan at the overlapping spots and should be having dhcp issues already due to no smooth handoff while roaming.
    Fix the RF or Mobility or applicable WLAN parameters
    easy to implement.
    #Enable Mobility tunnel. it is going to work reliabily though the roamed client will retain same ip.
    #Enable dhcp required on WLAN - it should help with your current scenario i.e, without mobility tunnel, however it still doesn't help due to RF bleeding between the building means you're running into the same issue again.
    difficult to implement
    #Use different security - Use wpa-tkip on one side and wpa2-aes on other side.
    #Use different Radio policy for that WLAN - But all connecting clients should be locked in appropriately ie., A or G.
    #Manually reduce the power at the overlapping APs from both sides.
    #Use AP group remove the overlapping wlan from overlapping APs.
    #AAA override + static auto anchor - Force all the clients on that wlan  connecting to one or multiple WLC on one side and put the client on  respective vlan based on user.
    #MAC filtering.

  • L2 Roaming issue with Avaya wireless phone on WISM -V6.0.196.0

    Hello Friends,
    I am facing Layer2 roaming issue with Avaya Wirless phone 3620 which are configured WPA / Pre-shared key auth with a SSID1 and face a cut or delay in the voice.
    But when i use Cisco Wireless phones and try to roam between one LWAP to other i dont face a cut or delay in the vocie which are
    Configured with 802.1x +CCKM auth .
    Then i configured new SSID 3 with 802.1x+CCKM settings for  the new Avaya wireless module 3631 , but still face cut and delay while doing Layer 2 roaming.
    While i was using these AP in WDS mode i never faced this Layer 2 roaming issue with Avaya wireless phones.
    In  current WISM all the LWAPs are supporting properly to the Cisco phone and Wirelss laptop clients.
    I request you to please let me know how do i proceed further to solve the issue and please let me know if anybugs or incompatibilty for WISM with Avaya wireless phones.
    Appreciate your response.
    Regards,
    KA.

    Hello ,
    Can any body please respond to my above Query.
    Thanks,
    KA.

  • WLC 7.4.100.60 and roaming problems on 8500

    Hello,
    After installing an 8500 controller on 7.4.100.60 and migrating 1000 APs do this controller, we have the following problems:
    [1] clients get disconnected and loose sessions (note: client is mobile gun and is heavily mobile). I have the impression there are more coverage holes. This might be due to bug CSCue13108, but says fixed in 7.4.100.60, we wil be upgrading to 7.4.110.0 anyway shortly.
    [2] we have lots of L3 roaming problems between clients, especially when clients roam between old WISM controller and new 8500 controller. They don't roam, they get disconnected and reconnected, resulting in ip address change, resulting in sessions loss. Old controller still runs 7.0.230.0 but compatibility matrix says these two versions are L3 roaming compatible.
    However, the release notes of 8500 mention this: "Cisco 8500 Series Controller cannot be configured  as a guest anchor controller. However, it can be configured as a foreign  controller to tunnel guest traffic to a guest anchor controller in a  DMZ"
    Because Layer 3 roaming is similar to guest traffic tunneling, does this mean that the 8500 can be the initiator of a L3 roam tunnel, but cannot be the endpoint of a L3 roam tunnel ?
    We have done a test that seems to confirm this: client starts on 8500 in state "local", goes to AP on old controller (7.0.230.0), but roam doesn't work. Client gets re-associated with ip address change. Then when moving back to the 8500 controller, the client does roam successfully, keeps its ip address in the 7.0.230.0 vlan and gets status "foreign" on 8500 controller. controllers are in same mobility group and mobility connections are all up.
    In the 7.5 release notes, this limitation is not mentioned anymore. Does it mean it is solved and 8500 can be used as guest anchor controller in 7.5 ??
    regards,
    Geert

    [2] we have lots of L3 roaming problems between clients, especially when clients roam between old WISM controller and new 8500 controller. They don't roam, they get disconnected and reconnected, resulting in ip address change, resulting in sessions loss. Old controller still runs 7.0.230.0 but compatibility matrix says these two versions are L3 roaming compatible.
    Roaming from one AP to another that shares the same controller is totally different with inter-controller roaming, which you have now.  I believe WiSM-1 has 180 ms compared to the 90 ms on a 5508.  And this time difference means alot.
    So when your client goes from one controller to another, they actually have to do a full re-authentication to the new controller.
    I presume both the old and new controller are in the same Mobility Group?
    However, the release notes of 8500 mention this: "Cisco 8500 Series Controller cannot be configured  as a guest anchor controller. However, it can be configured as a foreign  controller to tunnel guest traffic to a guest anchor controller in a  DMZ"
    Pffft!  That'll be the most expensive Guest Anchor Controller if I follow this solution.

  • Connectivity loss when roaming from AP to AP

    I work for a healthcare organization where nurses use what we refer to as COWS, or carts on wheels. These carts are basically laptops attached to carts that utilize our wireless infrastructure to access patient care applications.
    The problem we've been having and working with the application developers on is that, whenever the carts are moved between patient rooms and have to associate with a different AP, the telnet connection that the application uses to establish connectivity is dropped during the short delay in the changeover.
    Anyone have any experience with settings that might mitigate this? Far as I know there are no telnet timers that can be adjusted(buffered) to help with this situation, and I'm not certain if anything can be adjusted on the wireless network to help. The "fix" has been to have the user reboot to re-establish the telnet session and then everything's good again.
    Any suggestions on things to try?
    Thanks.
    /rls

    I assume these are all on the same SSID and same subnet, i.e. there are no layer 3 roaming issues since you did not mention if you use LWAPP APs. In any case I used to roam all the time with telnet sessions to Cisco switches. If it is dropping the session, it is more likely because of the host system. You could test that by testing to a Cisco device.
    A couple of suggestions:
    1. Use WPA2 instead of WPA. WPA2 handles roaming better.
    2. If you are using XP wireless make sure you have the Microsoft WPA2 update installed. Not necessary if you use another wireless supplicant.
    3. Test roaming with a laptop from room to room. If you are loosing more than two pings or so, your roaming sensitivity is not working optimally. Use continuous pings.
    4. You could go to fast roaming using CCKM; however, I would make sure the standard roaming method is working correctly before going to the effort of changing everything. Besides, you will need to have a wireless client capable of CCKM. If not, you are out of luck. I had that problem with some of my Windows CE devices. They were too dumb to use CCKM.
    5. I did have some Windows CE devices which did not roam properly until I had the roaming sensivity set. I was loosing about 7 pings. This is not normal unless you have a problem.
    6. Last resort - but expensive. We had an intermediate server that would hold sessions to SAP due to the potential of the same problem you have. The company that provided it to us was Psion Teklogix. It prevented session loss because a server held the session, not the mobile client. A company like this one should be able to modify the application to your needs if you have money to spend.
    Testing is the key I think, but WPA2 would have to help due to the caching of authentications. If you go back to a room you were just in, it should roam faster.
    Randy

  • Wireless roaming in different networks

    Hello,
    In Wireless networks if we have two different networks with the same SSID when we pass from one network to another network, the client will change the ip network automatically or we need to disconnect and connect again to request another ip?
    I would like to know this information to Flexconnect and local. 
    Thank you.
    Best Regards
    Cristiano Nunes.

    Hello Cristiano,
    You don't need to disconnect and connect again if you have Layer-3 Roaming enabled.
    To configure Layer 3 Mobility, following requisites should be considered.
    SSID and security policies should be same across MAs.
    Client VLAN ID should be different for Layer 3 roaming.
    Either one or both of the bridge domain ID and client VLAN ID should be different for Layer 3 Roaming.
    Please find the attached topology for better understanding.
    Regards,
    Moin Ilyas.

  • WLC L3 Roaming Using FlexConnect

    Hi everyone.
    A customer has a network with several buildings (each with a different VLAN/subnet), and a single WLC.
    The Access Points are grouped by AP groups, and on each building the clients are assigned to different VLANs.
    There is one single SSID with the users connect to on the entire campus, and it assigns (as expected) different ip address segments depending on which building the users are connecting into.
    The problem comes whenever a user is in a building and walks to another, since the buildings are not that far from each other, and the client machine is still connected to the network, it tries to roam but it doesn't know that it has to refresh its IP address.
    I know there's something that is not working here, but I can't find documentation about this. Is this a supported configuration? Is this an expected behaviour? How can I fix this?
    Thanks in advance for your help

    If you are using FlexConnect Local switching, then L3 roaming is unsupported feature.
    Here is some reference in the 7.6 configuration guide (see configuring FlexConnect section or page 926)
    http://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/7-6/configuration/guide/b_cg76.pdf
    Here is another good reference about FlexConnect Design from a CiscoLive presentation.
    BRKEWN-2016 - Architecting Network for Branch Offices with CUWN
    As you can see on page 9, these are the advantages you get if you have a local WLC at your branch. L3 roaming is one
    * Cookie cutter configuration for every branch site 
    * Layer-3 roaming within the branch 
    * WGB support 
    * Reliable Multicast (filtering) 
    * IPv6 L3 Mobility 
    HTH
    Rasika
    **** Pls rate all useful responses. Each time you rate a response Cisco will donate $1 to Kiva ****

  • 4404 Controller roaming - retaining IP

    Hi again guys!
    I have this scenario:
    We are using a 4404 controller with 3 different subnets (interfaces), all using the same SSID (using AP Groups VLANS). The thing here is that when a client roams from one AP to another AP of different subnet, the IP remains the same, even after resetting the interface on the client. I think this is a normal behavior, I mean, layer 3 roaming. But I want to make sure, and also I would like to know if this behavior can be disabled.
    Also, the client doesn't go from one AP to another immediately, I mean, the client stays some time without signal, so I think it should get an IP from the new subnet, not the one it had.
    The DHCP server is external, I dont know if this behavior has something to do with lease times on the server or something like that.
    Thanks in advance!!

    The default session timeout for a WLAN using authentication is 1800 seconds (30 minutes). I think the controller may be considering this client as still having an active session and not timing out their entry, although I would expect it to do so if it loses connectivity. In the IOS days there was a station timeout whereby the controller would send keepalives to verify activity before disassociating the client. I'm not sure what the equivalent keeplive mechanism is now, if there is one.
    If the client is on a new subnet the (old) DHCP renew request should be rejected as it would not be served by the (new) interface its sourced on. This should be in a different scope, so the client should obtain a new address sepecific to the scope served by the new source interface (router interface). Unless the client itself is holding onto the address, regardless of the DHCP process.

Maybe you are looking for

  • Issue in user creation

    I am trying to create EBP users in my newly installed system. When I try to create a user using the web, it does not create it and gives an error 'Error creating users'. When I try to create users using transaction USERS_GEN using option to create us

  • Changes to my bookmarks are not saved when firefox is restarted. I already tried deleting places.sqlite, but it is still doing this.

    Since I downloaded Firefox 4, I have not been able to save changes to my bookmarks (this includes both adding new bookmarks or deleting old bookmarks). When I make a change, the changes are not saved the next time I restart Firefox. After doing a Goo

  • Upload data from abap program to abap inbound proxy

    Hi, I have requirement to upload flat file data to an internal table and call Inbound proxy abap class and pass all the internal table data to tha proxy clas method structure. So could any one help me how to send/pass data to class, Please give some

  • How do I get by buddy avatars back in Messages?

    After updating to Yosemite, all my buddy icons/avatars no longer show up.  I only get a circle with a head silhouette or a circle with initials.  I would rather have the buddy icons.  I don't see an option to enable them.  i checked ~/library/caches/

  • How to use .keystore file with BEAweb 6?? Help

    Hi, Is there a way to use .keystore file with BEA Weblogic 6 or 6.1 ? I used keytool to create private key and public key.. I do not know how to tell weblogic 6 to use it.... Can this be done through the GUI or do I have to add something to the .xml