Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
776
Views
0
Helpful
0
Replies

Roaming behaviour - local vs flexconnect

Paul Harris
Level 1
Level 1

‎11-14-2016 09:04 AM - edited ‎07-05-2021 06:07 AM

Hi all. I have a site that is misbehaving and I would like to run my findings past the knowledgeable people of this forum. Here is the scenario:

  • Two 4400 WLCs in mobility group TEST
  • ~ 100 APs all running in local mode
  • One WLAN Profile
  • 15 different location

Each location has assigned a different VLAN, IP subnet and ap group which links these together with the APs that are located on that site. So for example:

  • Site A -  VLAN 100, subnet 192.168.1.0/24, AP_Group_A
  • Site B -  VLAN 200, subnet 192.168.2.0/24, AP_Group_B

And so on. As mentioned, all these VLANs are centrally switched and there is only one WLAN profile which has a different VLAN depending on the AP Group.


So when a user moves between these locations, it creates a layer 3 roaming event. That's all fine but where I have a problem is what happens with the MAC address of the client. It appears that as traffic from a L3 roaming client passes through the WLC, the source MAC is rewritten as the MAC address of the WLC on the anchor WLC. This becomes a problem because there is a captive portal running on a separate device, which needs to see the real client MAC address.

 Instead, what happens is this:

  • Client A connects to the wireless at Site A and gets IP address 192.168.1.10
  • Client A moves to location B and the WLC detects a L3 mobility event.
  • Traffic from client A now exits through VLAN 200 on the foreign controller but is returned via VLAN 100 on the anchor controller.
  • The captive portal device sees traffic coming in from VLAN 200 with a source IP from VLAN 100. Additionally, the source MAC address is the wired interface of the anchor controller.

As a result, when a number of clients do this, all their traffic appears to be from the same source MAC.

I'm not sure the fact that there are multiple controllers actually matters here, as I believe it is roaming between subnets that is causing the problem, rather than roaming between controllers.

So my next question is, how would this scenario be different if I used HREAP/Flexconnect instead? What I believe should happen is this:

  • Client A moves from one AP in Site A to another AP in Site A - this is a layer 2 roaming event and is performed seamlessly.
  • Client A moves from Site A to Site B - layer 3 roaming not supported in Flexconnect mode so the client has to obtain another DHCP address and no NAT'ing is performed.

Hope all that makes sense. Based on the information above, would you say that my assumptions are correct?

Another idea I had is to disable layer 3 roaming and only allow layer 2 roaming. But I can't find any information on how to do this, or even if it is possible.

Many thanks!


Paul

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card