Intersubnet Roaming

Posted on Posted in Intersubnet Roaming

Intersubnet RoamingThis figure shows intersubnet roaming, which occurs when the wireless LAN interfaces of the controllers are on different IP subnets.

Inter-subnet roaming is similar to inter-controller roaming in that the controllers exchange mobility messages
on the client roam. However, instead of moving the client database entry to the new controller, the original controller marks the client with an “Anchor” entry in its own client database. The database entry is copied to the new controller client database and marked with a “Foreign” entry in the new controller. The roam remains transparent to the wireless client, and the client maintains its original IP address.


In inter-subnet roaming, WLANs on both anchor and foreign controllers need to have the same network access
privileges and no source-based routing or source-based firewalls in place. Otherwise, the clients may have
network connectivity issues after the handoff.


In a static anchor setup using controllers and ACS, if AAA override is enabled to dynamically assign VLAN
and QoS, the foreign controller updates the anchor controller with the right VLAN after a Layer 2 authentication
(802.1x). For Layer 3 RADIUS authentication, the RADIUS requests for authentication are sent by the anchor
controller.


Mobility is not supported for SSIDs with security type configured for Webauth on MAC filter failure.
If the management VLAN of one Cisco WLC is present as a dynamic VLAN on another Cisco WLC, the
mobility feature is not supported.


If a client roams in web authentication state, the client is considered as a new client on another controller
instead of considering it as a mobile client


When the primary and secondary WLCs fail to ping each other’s IPv6 addresses, and they are in the same VLAN, you need to disable snooping to get the WLCs to ping each other successfully.


Note

New Mobility with WebAuth and MAC filter is not supported. For a client, if L2 authentication fails and

it falls back to L3 authentication and then tries to roam to a different Cisco WLC, the roaming will fail.

The same behavior is applicable to FlexConnect central switching and local mode as well.


Note

Cisco Wireless Controllers (that are mobility peers) must use the same DHCP server to have an updated

client mobility move count on intra-VLAN.


Leave a Reply

Your email address will not be published. Required fields are marked *