ISG L2 Subscriber Roaming

Subscriber roaming is common in wireless deployments. The ISG L2 Subscriber Roaming feature supports simple IP subscribers connecting to the Cisco Intelligent Services Gateway (ISG) when the subscriber device roams between interfaces, VLANs, or VRFs. This module describes how to configure Layer 2 roaming for simple IPv4 ISG subscribers.

Restrictions for ISG L2 Subscriber Roaming

  • Roaming is not supported for dual-stack sessions.

  • Roaming is not supported for walk-by subscribers.

  • Roaming between interfaces configured with different initiators are not supported.

Information About ISG L2 Subscriber Roaming

ISG Subscriber Roaming

Most devices used in wireless deployments are handheld ones like mobile phones and tablets. It is possible that the same subscriber connects to the Cisco ISG via different access points of the service provider. However, these access points may not always be connected to the ISG over the same VLAN or VRF.

Sometimes, a subscriber with an existing ISG session through a VLAN or VRF, reconnects to the ISG through another VLAN or VRF via a different access point. It is also possible that the VLAN or VRF does not change after the subscriber connects to the access point through the ISG via different physical interfaces or sub-interfaces. This behavior where there is a change in the SSID or access point for a given subscriber is called roaming.

Hence, a roaming subscriber is one who after moving between access points resumes the existing ISG session when it reappears on a new ISG interface.

However, a reconnect subscriber is one who gets a new ISG session when it reappears on the same or different interface. Sometimes, a subscriber who sends a DHCP Discover Packet may also be termed as a reconnect subscriber irrespective of whether it has an existing ISG session or not.

ISG L2 Roaming Events

L2 roaming is now automatically enabled on ISG. When an L2-connected subscriber roams, there may be a change in the session's key parameters. These parameters called session keys are listed below:
  • IP Address

  • VRF

  • Subnet

    Note

    This is applicable to DHCP deployments mostly.


  • Initiator

  • Control policy

When ISG receives a roaming trigger, it performs one of the following actions on the existing subscriber session:
  • Update: When the session keys do not change, ISG updates the subscriber to a new access interface.

    The accounting interim records are sent to the RADIUS server with the updated interface details. Re-authentication may not happen.

  • Reconnect: When the session keys change, ISG removes the existing session and re-creates a new subscriber session.

    The control policy is re-applied and the subscriber may be subjected to re-authorization.

  • No change: When ISG receives DHCP control packets where ISG is neither a DHCP server nor a relay, ISG does not modify the existing session.

    A session update or reconnect occurs only if the subscriber sends data packets.

ISG L2 Roaming Deployments

Some of the deployments that L2 roaming is currently supported on are listed below:

  • Unclassified MAC (External DHCP server)

  • DHCP subscribers (DHCP relay)

  • DHCP subscribers (DHCP server)

  • Hybrid (DHCP with unclassified MAC)

Unclassified MAC (External DHCP server)

For the external DHCP server model, ISG sessions are mainly created by unclassified packets, where the session identifiers will be the MAC address and IP address. The roaming triggers for this model are listed below:
Table 1. Simple IP L2-Connected Unclassified MAC Roaming Triggers

Packets

Roaming Trigger

GARP/ARP

No

DHCP control packets (DHCP Discover, DHCP Request, Init Bootp)

No

Data packets

Yes

Figure 1. Simple IP L2-Connected Unclassified MAC Roaming

DHCP subscribers (DHCP relay)

For the DHCP relay model, the ISG sessions are mainly created by DHCP control packets. Here, the ISG relays these packets to the DHCP server and forwards the response received from the server back to the client. In this scenario, the subscriber that has roamed to a new interface may trigger one of the following session initiator packets:
  • Data packet if the subscriber has an existing IP address

  • DHCP Renew control packet if the IP address needs to be renewed

  • DHCP Discover control packet

The roaming triggers for the DHCP relay deployment are listed below:
Table 2. Simple IP L2-Connected (Dual Initiator) DHCP Relay with Unclassified MAC Roaming Triggers
Packets Roaming Trigger
GARP/ARP No
DHCP Control Packets (DHCP Discover, DHCP Request, Init Bootp) Yes
Data Packets Yes
Figure 2. Simple IP L2-Connected (Dual Initiator) DHCP Relay with Unclassified MAC Roaming

DHCP subscribers (DHCP server)

For the DHCP server deployment, ISG acts as a DHCP server. The roaming triggers for this model are listed below:
Table 3. Simple IP L2-Connected (Dual Initiator) DHCP Server with Unclassified MAC Roaming Triggers
Packets Roaming Trigger
GARP/ARP No
DHCP Control Packets (DHCP Discover, DHCP Request, Init Bootp) Yes
Data Packets Yes
Figure 3. Simple IP L2-Connected (Dual Initiator) DHCP Server with Unclassified MAC Roaming

Hybrid (DHCP with unclassified MAC)

For the L2-connected hybrid model, the roaming triggers are listed below:
Table 4. Simple IP L2-Connected Hybrid (DHCP with unclassified MAC) Roaming Triggers

Packets

Roaming Trigger

GARP/ARP

No

DHCP control packets (DHCP Discover, DHCP Request, Init Bootp)

Yes 1

Data packets

Yes

1 DHCP control packets are considered as roaming triggers when the subscriber moves from unclassified MAC to DHCP deployments.
Figure 4. Simple IP L2-Connected Hybrid (DHCP with unclassified MAC) Roaming

ISG L2 Roaming Behavior

Table 5. Roaming behavior in ISG

Deployment Type

Client roams with different roaming triggers

Client roams and with changed network conditions

ISG Roaming Behavior

Client/System Behavior

Packet Roaming Trigger

L2-connected unclassified MAC

GARP/ ARP

No

  1. IP Address

  2. Subnet

  3. VRF

  4. Control Policy

  1. Session recreate

  2. Session update

  3. Session recreate

  4. Session recreate

  1. Client will be re-authorized.

  2. Interim accounting record will be sent.

  3. Client will be re-authorized.

  4. Client will be re-authorized.

DHCP control packets

No

Data packet

Yes

L2-connected (Dual Initiator)

DHCP Relay with Unclassified MAC

GARP/ ARP

No

  1. IP Address

  2. Subnet

  3. VRF

  4. Control Policy

  1. Session recreate.

  2. Session update/recreate 2

  3. Session recreate.

  4. Session recreate.

  1. Client will be re-authorized.

  2. Interim accounting record will be sent.

  3. Client will be re-authorized.

  4. Client will be re-authorized.

DHCP control packets

Yes

Data packet

Yes

L2-Connected (Dual Initiator)

DHCP Server with Unclassified MAC

GARP/ ARP

No

  1. IP Address

  2. Subnet

  3. VRF

  4. Control Policy

  1. Session recreate.

  2. Session update/recreate.3

  3. Session recreate

  4. Session recreate

  1. Client will be re-authorized.

  2. Interim accounting record will be sent.

  3. Client will be re-authorized.

  4. Client will be re-authorized.

DHCP control packets

Yes

Data packet

Yes

L2-Connected (Hybrid)

DHCP Relay or Server with Unclassified MAC

GARP/ ARP

No

  1. IP Address

  2. Subnet

  3. VRF

  4. Control Policy

  5. Initiator

  1. Session recreate

  2. Session update/recreate 4

  3. Session recreate

  4. Session recreate

  5. Session recreate

  1. Client will be re-authorized.

  2. Interim accounting record will be sent.

  3. Client will be re-authorized.

  4. Client will be re-authorized.

  5. Client will be re-authorized.

DHCP control packets

Yes (based on network conditions)

Data packet

Yes

2 DHCP control packets may trigger session recreate.
3 DHCP control packets may trigger session recreate.
4 Based on initiator, the session may be updated or recreated.

How to Configure ISG L2 Subscriber Roaming

Enabling Roaming for Simple IP Subscribers

Depending upon network design, subscribers may roam between interfaces, VLANs or VRFs.


Note

Simple IP subscriber roaming is enabled by default. Hence, the ip subscriber l2-roaming command need not be configured to support roaming.

Configuration Examples for ISG L2 Subscriber Roaming

Example: Verifying L2 Roaming on ISG

Before Roaming

Use the show ip subscriber mac mac_address command to verify that the ISG subscriber has successfully roamed to a new interface.

The following are sample outputs from the show ip subscriber mac mac_address command where the subscriber's session is updated due to roaming. On comparing the access interface parameter in both the outputs, you can see that it has changed indicating that the subscriber has roamed.


Device# show ip subscriber mac aabb.cc01.9000

IP subscriber: aabb.cc01.9000, type connected, status up
  display uid: 1, aaa uid: 12	
  segment id: 4098, session hdl: 0xF4000001, shdb: 0x3E000001
  session initiator: unclassified traffic
  access interface: Ethernet0/0.10				                        # Note access interface
  access address: 1.1.1.2	
  service address: 1.1.1.2
  status: IPv4 - Up  IPv6 - Down
  conditional debug flag: 0x0
  control plane state: connected, start time: 00:00:04
  data plane state: connected, start time: 00:00:04
  arp entry: 1.1.1.2, Ethernet0/0.10
  forwarding statistics:
    packets total: received 8, sent 7
    bytes total: received 944, sent 798
    packets dropped: 0, bytes dropped: 0
  hardware forwarding statistics:
    packets total: received 0, sent 0
    bytes total: received 0, sent 0

Device# show ip subscriber mac aabb.cc01.9000

IP subscriber: aabb.cc01.9000, type connected, status up
  display uid: 1, aaa uid: 12
  segment id: 4098, session hdl: 0xF4000001, shdb: 0x3E000001
  session initiator: unclassified traffic
  access interface: Ethernet0/0.20					                 # Change in access interface
  access address: ::
  service address: ::
  access address: 1.1.1.2
  service address: 1.1.1.2
  status: IPv4 - Up  IPv6 - Down
  conditional debug flag: 0x0
  control plane state: connected, start time: 00:00:52
  data plane state: connected, start time: 00:00:52
  arp entry: 1.1.1.2, Ethernet0/0.20
  route: 1.1.1.2 -> Ethernet0/0.20
  forwarding statistics:
    packets total: received 18, sent 17
    bytes total: received 2124, sent 1938
    packets dropped: 0, bytes dropped: 0
  hardware forwarding statistics:
    packets total: received 0, sent 0
    bytes total: received 0, sent 0

Additional References for ISG L2 Subscriber Roaming

Related Documents

Related Topic

Document Title

Cisco IOS commands

Master Command List, All Releases

ISG commands

ISG Command Reference

Technical Assistance

Description Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/support

Feature Information for ISG L2 Subscriber Roaming

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 6. Feature Information for ISG L2 Subscriber Roaming

Feature Name

Releases

Feature Information

ISG L2 Subscriber Roaming

Cisco IOS XE Release 3.12S

Subscriber roaming is common in wireless deployments. The ISG L2 Subscriber Roaming feature supports simple IP subscribers connecting to the Cisco Intelligent Services Gateway (ISG) when the device roams between interfaces, VLANs or VRFs.

The following command was deprecated: ip subscriber l2-roaming.