The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Your software release may not support all of the features documented in this module. For the latest feature information and
caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco
Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for Configuring Client Roaming
The following are the restrictions that you should be aware while configuring client roaming:
Cisco Compatible Extensions (CCX) support is enabled automatically for every WLAN on the device and cannot be disabled. The device stores the CCX version of the client in its client database and uses it to generate and respond to CCX frames appropriately.
Clients must support CCXv4 or v5 (or CCXv2 for access point assisted roaming) to utilize these roaming enhancements.
Client roaming between 600 Series Access points is not supported.
Information About
Client Roaming
The controllers
deliver high-end wireless services to the clients roaming across wireless
network. Now, the wireless services are integrated with the switches, thus
delivering a value-added Cisco unified new mobility architecture. This unified
architecture enables client-roaming services to both wireless and wired clients
with seamless, fast- roaming services.
The new mobility
architecture supports fast client roaming services using logical categorization
of network into Mobility Domains (MDs), Mobility Groups (MGs), Mobility
Subdomains (MSDs), and Switch Peer Groups (SPGs) using systems such as Mobility
Oracle (MO), Mobility Controller (MC), and Mobility Agent (MA).
A
Mobility
Domain is the entire domain across which client roaming is supported. It is
a collection of mobility groups. For example, a campus network can be
considered as a mobility domain.
A
Mobility
Group is a collection of mobility subdomains across which fast roaming is
supported. The mobility group can be one or more buildings within a campus
across which frequent roaming is supported.
A
Mobility
Subdomain is an autonomous portion of the mobility domain network. Each
mobility subdomain contains one mobility controller (MC) and a collection of
SPGs. A subdomain is equivalent to an 802.11r key domain.
A
Switch Peer
Group is a collection of mobility agents.
The
Mobility
Oracle acts as the point of contact for mobility events that occur across
mobility subdomains. The mobility oracle also maintains a local database of
each client in the entire mobility domain, their home and current subdomain.
There is only one MO for an entire mobility domain. The Cisco WLC 5700 Series
Controllers or Cisco Unified Wireless Networking Solution controller can act as
MO.
The
Mobility
Controller provides mobility management services for inter-SPG roaming
events. The MC sends the configuration like SPG name and SPG peer member list
to all of the mobility agents under its subdomain. The Cisco WLC 5700 Series
Controllers, Cisco Catalyst 3850 Switch, or Cisco Unified Wireless Networking
Solution controller can act as MC. The MC has MC functionality and MA
functionality that is running internally into it.
The
Mobility
Agent is the component that maintains client mobility state machine for a
mobile client. All APs are connected to the mobility agent.
The New mobility
architecture supports seamless roaming in the following scenarios:
Intra-switch
roaming—The client roaming between APs managed by same mobility agent.
Intra-SPG
roaming—The client roaming between mobility agents in the same SPG.
Inter-SPG,
Intra-subdomain roaming—The client roaming between mobility agents in different
SPGs within the same subdomain.
Inter-subdomain
roaming—The client roaming between mobility agents across a subdomain.
Fast Roaming
New mobility
architecture supports fast roaming when clients roam within a mobility group by
eliminating the need for full authentication. Security polices should be same
across the switches for fast roaming.
Local, anchor, foreign MAs and MCs
When a client joins an
MA initially and its point of attachment has not changed, that MA is referred
as local or associated MA. The MC to which this MA is associated is referred as
local or associated MC.
When a client roams
between two MAs, the MA to which the client was previously associated is the
anchor MA (point of attachment) and the MA to which the client is currently
associated is the foreign or associated MA (point of presence). The MCs to
which these MAs are associated are referred as anchor, foreign, or associated
MCs, respectively.
Inter-Subnet Roaming
Multiple-controller deployments support client roaming across access points managed by controllers in the same mobility group
on different subnets. This roaming is transparent to the client because the session is sustained and a tunnel between the
controllers allows the client to continue using the same DHCP-assigned or client-assigned IP address as long as the session
remains active. The tunnel is torn down, and the client must reauthenticate when the client sends a DHCP Discover with a 0.0.0.0
client IP address or a 169.254.*.* client auto-IP address or when the operator-set user timeout is exceeded.
Voice-over-IP Telephone Roaming
802.11 voice-over-IP (VoIP) telephones actively
seek out associations with the strongest RF signal to ensure the best quality
of service (QoS) and the maximum throughput. The minimum VoIP telephone
requirement of 20-millisecond or shorter latency time for the roaming handover
is easily met by the Cisco Wireless solution, which has an average handover
latency of 5 or fewer milliseconds when open authentication is used. This short
latency period is controlled by controllers rather than allowing independent
access points to negotiate roaming handovers.
The Cisco Wireless solution
supports 802.11 VoIP telephone roaming across lightweight access points managed
by controllers on different subnets, as long as the controllers are in the same
mobility group. This roaming is transparent to the VoIP telephone because the
session is sustained and a tunnel between controllers allows the VoIP telephone
to continue using the same DHCP-assigned IP address as long as the session
remains active. The tunnel is torn down, and the VoIP client must
reauthenticate when the VoIP telephone sends a DHCP Discover with a 0.0.0.0
VoIP telephone IP address or a 169.254.*.* VoIP telephone auto-IP address or
when the operator-set user timeout is exceeded.
CCX Layer 2 Client Roaming
The controller supports five CCX Layer 2 client roaming enhancements:
Access point assisted roaming—This feature helps clients save scanning time. When a CCXv2 client associates to an access point,
it sends an information packet to the new access point listing the characteristics of its previous access point. Roaming time
decreases when the client recognizes and uses an access point list built by compiling all previous access points to which
each client was associated and sent (unicast) to the client immediately after association. The access point list contains
the channels, BSSIDs of neighbor access points that support the client’s current SSID(s), and time elapsed since disassociation.
Enhanced neighbor list—This feature focuses on improving a CCXv4 client’s roam experience and network edge performance, especially
when servicing voice applications. The access point provides its associated client information about its neighbors using a
neighbor-list update unicast message.
Enhanced neighbor list request (E2E)—The End-2-End specification is a Cisco and Intel joint program that defines new protocols
and interfaces to improve the overall voice and roaming experience. It applies only to Intel clients in a CCX environment.
Specifically, it enables Intel clients to request a neighbor list at will. When this occurs, the access point forwards the
request to the controller. The controller receives the request and replies with the current CCX roaming sublist of neighbors
for the access point to which the client is associated.
Note
To see whether a particular client supports E2E, choose Wireless > Clients on the controller GUI, click the Detail link for the desired client, and look at the E2E Version text box in the Client Properties area.
Roam reason report—This feature enables CCXv4 clients to report the reason why they roamed to a new access point. It also
allows network administrators to build and monitor a roam history.
Directed roam request—This feature enables the controller to send directed roam requests to the client in situations when
the controller can better service the client on an access point different from the one to which it is associated. In this
case, the controller sends the client a list of the best access points that it can join. The client can either honor or ignore
the directed roam request. Non-CCX clients and clients running CCXv3 or below must not take any action. No configuration is
required for this feature.
How to Configure Layer 2 or Layer 3 Roaming
Configuring Layer 2
or Layer 3 Roaming
Before you begin
To configure the
mobility agent for Layer 2 or Layer 3 roaming, the following requisites should
be considered:
SSID and
security polices should be same across MAs for Layer 2 and Layer 3 roaming.
Client VLAN ID
should be same for Layer 2 roaming and different for Layer 3 roaming.
Bridge domain ID
and client VLAN IDs should be same for Layer 2 roaming. Either one or both of
the bridge domain ID and client VLAN ID should be different for Layer 3
roaming.
Procedure
Command or Action
Purpose
Step 1
configureterminal
Example:
Device# configure terminal
Enters global configuration mode.
Step 2
wlanwlan_profile_namewlan_IDSSID_network_name
Example:
Device(config)#wlan wlan1
Enters WLAN
configuration mode.
Step 3
no mobility anchor sticky
Example:
Device(config-wlan)#no mobility anchor sticky
(Optional)
Disables Layer 2 anchoring.
Step 4
end
Example:
Device(config)# end
Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.
Configuring CCX
Client Roaming Parameters (CLI)
Procedure
Command or Action
Purpose
Step 1
configureterminal
Example:
Device# configure terminal
Enters global configuration mode.
Step 2
ap dot11 {5ghz | 24ghz}
l2roam rf-params{ default | custommin-rssiroam-hystscan-threshtrans-time}
Example:
Device#ap dot11 5ghz l2roam rf-params custom -80
Configures CCX
Layer 2 client roaming parameters.
To choose the
default RF parameters, enter the
default option.
To fine-tune the
RF parameters that affect client roaming, enter the
custom option and then enter any one of the following
options:
Minimum
RSSI—Indicates minimum Received Signal Strength Indicator (RSSI) required for
the client to associate to an access point.
If the
client’s average received signal power dips below this threshold, reliable
communication is usually impossible. Therefore, clients must already have found
and roamed to another access point with a stronger signal before the minimum
RSSI value is reached.
You can
configure the minimum RSSI range from –50 through –90 dBm and the default value
is –85 dBm.
Hysteresis—Indicates how much greater the signal strength of a
neighboring access point must be for the client to roam to it.
This
parameter is intended to reduce the amount of roaming between access points if
the client is physically located on or near the border between two access
points.
You can
configure the hysteresis range from 3 through 20 dB and the default is 3 dB.
Scan
Threshold—Indicates a minimum RSSI that is allowed before the client should
roam to a better access point.
When the
RSSI drops below the specified value, the client must be able to roam to a
better access point within the specified transition time. This parameter also
provides a power-save method to minimize the time that the client spends in
active or passive scanning. For example, the client can scan slowly when the
RSSI is above the threshold and scan more rapidly when the RSSI is below the
threshold.
You can
configure the RSSI range from –50 through –90 dBm and the default value is –72
dBm.
Transition
Time—Indicates the maximum time allowed for the client to detect a suitable
neighboring access point to roam to and to complete the roam, whenever the RSSI
from the client’s associated access point is below the scan threshold.
The Scan
Threshold and Transition Time parameters guarantee a minimum level of client
roaming performance. Together with the highest expected client speed and
roaming hysteresis, these parameters make it possible to design a wireless LAN
network that supports roaming simply by ensuring a certain minimum overlap
distance between access points.
You can
configure the time period in the range from 1 through 5 seconds and the default
time is 5 seconds.
Step 3
end
Example:
Device(config)# end
Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.
Example
Configuring Mobility Oracle
Procedure
Command or Action
Purpose
Step 1
configureterminal
Example:
Device# configure terminal
Enters global configuration mode.
Step 2
wirelessmobilityoracle
Example:
Device(config)# wireless mobility oracle
Enables mobility oracle on the controller.
Step 3
end
Example:
Device(config)# end
Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.
Configures a switch peer group name. You can enter up to 31 case-sensitive ASCII printable characters for the group name.
Spaces are not allowed in mobility group.
Note
The No form of the command deletes the switch peer group.
Device(config)# wireless mobility group keepalive count
Configures the wireless mobility group keepalive count which is the number of keepalive retries before a member status is
termed
DOWN and keepalive interval which is interval between two keepalives.
Step 11
wireless mobility groupnamename
Example:
Device(config)# wireless mobility group name group1
Specifies the case sensitive wireless mobility group name which can be ASCII printable string up to 31 characters.
Step 12
wirelessmobilityoracleipmo-ip-address
Example:
Device(config)# wireless mobility oracle ip 10.0.0.5
Configures the number of clients that can be local or anchored on the MA. You can configure the threshold value in a range
from 100 to 2000. The default value is 1000.
The Cisco Support website provides extensive online resources,
including documentation and tools for troubleshooting and
resolving technical issues with Cisco products and technologies.
To receive security and technical information about your
products, you can subscribe to various services, such as the
Product Alert Tool (accessed from Field Notices), the Cisco
Technical Services Newsletter, and Really Simple Syndication
(RSS) Feeds.
Access to most tools on the Cisco Support website requires a
Cisco.com user ID and password.