09-03-2013 05:32 PM - edited 07-04-2021 12:45 AM
Hello!
Current Cisco best practice recommendations for enterprise MediaNet design, specify that VLANs be local to a switch / switch stack (i.e., to limit the scope of spanning-tree).
In the wireless world, this causes problems if you want users while roaming to keep real-time applications up and running. Every time they connect to a new AP on a different VLAN, then they will need to get a new IP address, which interrupts real-time apps.
So...best practice for LAN users causes real problems for wireless users.
I thought I'd post here in case there's a best practice for implementing wireless roaming in a routed environment that we might have missed so far!
We have a failover pair of FlexConnect 7510s, btw, configured for local switching for Internal users, and central switching with an anchor controller on the DMZ for Guest users.
Thanks,
Deb
09-04-2013 11:31 AM
All depends on what you are doing with the wireless and how the person who designed it thought it should work.
Now from what you are saying about being routed to the access layer, I wouldn't have gone flex connect. I'd have gone local mode which would allow the client to roam across the L3 without needing to re-ip.
This is only based off hat you posted above, as I have no real time knowledge of your network and it's design.
Steve
Sent from Cisco Technical Support iPhone App
09-05-2013 11:11 AM
Thanks for your reply, Stephen. FYI: I added more information in a reply to my original post.
Regards,
Deb
09-04-2013 12:20 PM
Layer3 roaming is not supported with Flexconnect.
http://www.cisco.com/en/US/docs/wireless/controller/7.3/configuration/guide/b_wlc-cg_chapter_01110.pdf
You would have to extend a common vlan to all switches where seemless roaming needs to occur. Since you are routed access you would have to turn your uplinks to trunks and route over SVIs as well as pass the wireless VLAN(s) between switches.
Sent from Cisco Technical Support iPhone App
09-05-2013 11:11 AM
Thanks for your reply, JSnyder. FYI: I added more information in a reply to my original post.
Regards,
Deb
09-05-2013 10:47 AM
Thanks for your replies, Stephen and JSnyder.
The situation here is that the original design engineer is no longer here, and the original design was not MediaNet-friendly, in that it had a very few /20 subnets bridged over entire large sites.
These several large sites (with a few hundred wireless users per site), are connected to an HQ location (where the 7510s in failover mode are installed) via 1G ethernet hand-offs (MPLS at the WAN provider). The 7510s are new, and are replacing older contollers at the HQ location.
The internal employee wireless users use resources both local to their site, as well as centralized resources. There are at least as many Guest wireless users per site as there are internal employee users, and the service to them consists of Internet traffic only. (When moved to the 7510s, their traffic will continue to be centrally switched and carried to an anchor controller in the DMZ.)
(1) So, going local mode seems impractical due to the sheer number of users whose traffic bound for their local site would be traversing the WAN twice. Too much bandwidth would be used. So, that implies the need to use Flex / HREAP mode instead.
(2) However, re-designing each site's IP environment for MediaNet would suggest to go routed to the closet. However, this breaks seamless roaming for users....
So, this conundrum is why I thought I'd post here, and see if there was some other cool / nifty solution I wasn't yet aware of.
The only other (possibly friendly to both needs) solution I'd thought of was to GRE tunnel a subnet from each closet to the collapsed Core / Disti switch at each site. Unfortunately, GRE tunnels are not supported in the rev of IOS on the present equipment, and so it isn't possible to try this idea.
Another "blue sky" idea I had (not for this customer, but possibly elsewhere in the future), is to use LAN switches such as 3850s that have WLC functionality built-in. I haven't yet worked with the WLC s/w available on those, but I was thinking it looks like they could be put into a mobility group, and L3 user roaming between them might then work. Do you happen to know if this might be a workable solution to the overall big-picture problem?
Thanks again for taking the time and trouble to reply!
Deb
09-05-2013 11:09 AM
The Unified Access plan would work well.
Gre tunnels would get really messy.
You can still acheive routed access with trunks down to the access layer and routing on SVIs with the wireless subnets coming from the collapsed core for wireless only and keep most of the medianet plan in place.
The only traffic the woukd be outside of medianet would be the wireless.
Sent from Cisco Technical Support Android App
09-05-2013 11:15 AM
Yes, that is my current plan, JSnyder. I was really hoping to avoid spanning-tree on any and all uplinks, but that will not be possible in this environment.
Thanks for the confirmation that using Unified Access on the 3850s would work. I will file that idea for later!
Best Regards,
Deb
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide