Solved: 9800 IntraController L3 roam

Alex-Pr · ‎10-13-2023

Hey there,

We are running a large campus with public and trying not to have have overly large subnets. I can set subnets per geographic area but when walking from one area to the other the roaming is not working the way that I'd expect...

We are running a pair of 9800's in HA with IOS XE

When roaming from one AP to another where the two AP's have a tag that tie back to different VLANs the connection drops for a while while the device does a DHCP request on the new VLAN. I thought that a IntraController L3 roam is supposed to maintain the IP... Am I incorrect? Or does this only happen for Inter Controller L3 Roam?

I see that for 3850 iosxe you need to run - no mobility anchor sticky - to enable L3 roaming...

Ultimately the goal is for managing the broadcast domains in stadium style buildings with thousands of users where it is one WLAN across the campus.

I appreciate your help

balaji.bandi · ‎10-13-2023

that what in the document about that config to overcome the issue - 17.3 onwards that supported :

The Catalyst 9800 best practices guide describes different ways to overcome the issue of roaming between policy tags.

https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html

If the policy profiles differ only for certain parameters (VLAN and ACL), seamless roaming across policy tags can be achieved with the help of the VLAN-persistent feature. This feature is supported beginning with Cisco IOS XE Release 17.3.1 and can be enabled from the Command-Line Interface (CLI) in the global configuration mode, as shown below:

C9800-1(config)#wireless client vlan- persistent

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎10-13-2023

I have not deployed but one of the session cisco showed how that works as long as the config correct that should maintain same IP like we do in Airos

below guide have some config tips (Hope that helps you to resolve the issue)

https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/cat9800-ser-primer-enterprise-wlan-guide.html#5IntraandintercontrollerroamingLayer3roaming

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Alex-Pr · ‎10-13-2023

Thanks for the quick reply. It does state that a full re-auth is required however that can be overcome with persistent vlan configuration. I have found this article.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/config-guide/b_wl_17_3_cg/m_client_roaming_policy_profile.html

Device(config) # wireless client vlan-persistent

I will test it out

Thank you again.

balaji.bandi · ‎10-13-2023

that what in the document about that config to overcome the issue - 17.3 onwards that supported :

The Catalyst 9800 best practices guide describes different ways to overcome the issue of roaming between policy tags.

https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html

If the policy profiles differ only for certain parameters (VLAN and ACL), seamless roaming across policy tags can be achieved with the help of the VLAN-persistent feature. This feature is supported beginning with Cisco IOS XE Release 17.3.1 and can be enabled from the Command-Line Interface (CLI) in the global configuration mode, as shown below:

C9800-1(config)#wireless client vlan- persistent

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Leo Laohoo · ‎10-13-2023

There is a concept of Interface Group in AirOS and VLAN Group in IOS-XE.

Because the WLC uses VLAN NAME tags, multiple VLANs can be bundled into a VLAN Group and the tags can point to the VLAN Name tag.