Configuring Client Roaming

Finding Feature Information

Your software release may not support all of the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http:/​/​www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Restrictions for Configuring Client Roaming

The following are the restrictions that you should be aware while configuring client roaming:

  • Cisco Compatible Extensions (CCX) support is enabled automatically for every WLAN on the switch and cannot be disabled. The switch stores the CCX version of the client in its client database and uses it to generate and respond to CCX frames appropriately. Clients must support CCXv4 or v5 (or CCXv2 for access point assisted roaming) to utilize these roaming enhancements.

  • Client roaming between 600 Series Access points is not supported.

Information About Client Roaming

The controllers deliver high-end wireless services to the clients roaming across wireless network. Now, the wireless services are integrated with the switches, thus delivering a value-added Cisco unified new mobility architecture. This unified architecture enables client-roaming services to both wireless and wired clients with seamless, fast- roaming services.

The new mobility architecture supports fast client roaming services using logical categorization of network into Mobility Domains (MDs), Mobility Groups (MGs), Mobility Subdomains (MSDs), and Switch Peer Groups (SPGs) using systems such as Mobility Oracle (MO), Mobility Controller (MC), and Mobility Agent (MA).

  • A Mobility Domain is the entire domain across which client roaming is supported. It is a collection of mobility groups. For example, a campus network can be considered as a mobility domain.

  • A Mobility Group is a collection of mobility subdomains across which fast roaming is supported. The mobility group can be one or more buildings within a campus across which frequent roaming is supported.

  • A Mobility Subdomain is an autonomous portion of the mobility domain network. Each mobility subdomain contains one mobility controller (MC) and a collection of SPGs. A subdomain is equivalent to an 802.11r key domain.

  • A Switch Peer Group is a collection of mobility agents.

  • The Mobility Oracle acts as the point of contact for mobility events that occur across mobility subdomains. The mobility oracle also maintains a local database of each client in the entire mobility domain, their home and current subdomain. There is only one MO for an entire mobility domain. The Cisco WLC 5700 Series Controllers or Cisco Unified Wireless Networking Solution controller can act as MO.

  • The Mobility Controller provides mobility management services for inter-SPG roaming events. The MC sends the configuration like SPG name and SPG peer member list to all of the mobility agents under its subdomain. The Cisco WLC 5700 Series Controllers, Cisco Catalyst 3850 Switch, or Cisco Unified Wireless Networking Solution controller can act as MC. The MC has MC functionality and MA functionality that is running internally into it.

  • The Mobility Agent is the component that maintains client mobility state machine for a mobile client. All APs are connected to the mobility agent.

The New mobility architecture supports seamless roaming in the following scenarios:

  • Intra-switch roaming—The client roaming between APs managed by same mobility agent.

  • Intra-SPG roaming—The client roaming between mobility agents in the same SPG.

  • Inter-SPG, Intra-subdomain roaming—The client roaming between mobility agents in different SPGs within the same subdomain.

  • Inter-subdomain roaming—The client roaming between mobility agents across a subdomain.

Fast Roaming

New mobility architecture supports fast roaming when clients roam within a mobility group by eliminating the need for full authentication. Security polices should be same across the switches for fast roaming.

Local, anchor, foreign MAs and MCs

When a client joins an MA initially and its point of attachment has not changed, that MA is referred as local or associated MA. The MC to which this MA is associated is referred as local or associated MC.

When a client roams between two MAs, the MA to which the client was previously associated is the anchor MA (point of attachment) and the MA to which the client is currently associated is the foreign or associated MA (point of presence). The MCs to which these MAs are associated are referred as anchor, foreign, or associated MCs, respectively.

Inter-Subnet Roaming

Multiple-controller deployments support client roaming across access points managed by controllers in the same mobility group on different subnets. This roaming is transparent to the client because the session is sustained and a tunnel between the controllers allows the client to continue using the same DHCP-assigned or client-assigned IP address as long as the session remains active. The tunnel is torn down, and the client must reauthenticate when the client sends a DHCP Discover with a 0.0.0.0 client IP address or a 169.254.*.* client auto-IP address or when the operator-set user timeout is exceeded.

Voice-over-IP Telephone Roaming

802.11 voice-over-IP (VoIP) telephones actively seek out associations with the strongest RF signal to ensure the best quality of service (QoS) and the maximum throughput. The minimum VoIP telephone requirement of 20-millisecond or shorter latency time for the roaming handover is easily met by the Cisco Wireless solution, which has an average handover latency of 5 or fewer milliseconds when open authentication is used. This short latency period is controlled by controllers rather than allowing independent access points to negotiate roaming handovers.

The Cisco Wireless solution supports 802.11 VoIP telephone roaming across lightweight access points managed by controllers on different subnets, as long as the controllers are in the same mobility group. This roaming is transparent to the VoIP telephone because the session is sustained and a tunnel between controllers allows the VoIP telephone to continue using the same DHCP-assigned IP address as long as the session remains active. The tunnel is torn down, and the VoIP client must reauthenticate when the VoIP telephone sends a DHCP Discover with a 0.0.0.0 VoIP telephone IP address or a 169.254.*.* VoIP telephone auto-IP address or when the operator-set user timeout is exceeded.

CCX Layer 2 Client Roaming

The controller supports five CCX Layer 2 client roaming enhancements:

  • Access point assisted roaming—This feature helps clients save scanning time. When a CCXv2 client associates to an access point, it sends an information packet to the new access point listing the characteristics of its previous access point. Roaming time decreases when the client recognizes and uses an access point list built by compiling all previous access points to which each client was associated and sent (unicast) to the client immediately after association. The access point list contains the channels, BSSIDs of neighbor access points that support the client’s current SSID(s), and time elapsed since disassociation.

  • Enhanced neighbor list—This feature focuses on improving a CCXv4 client’s roam experience and network edge performance, especially when servicing voice applications. The access point provides its associated client information about its neighbors using a neighbor-list update unicast message.

  • Enhanced neighbor list request (E2E)—The End-2-End specification is a Cisco and Intel joint program that defines new protocols and interfaces to improve the overall voice and roaming experience. It applies only to Intel clients in a CCX environment. Specifically, it enables Intel clients to request a neighbor list at will. When this occurs, the access point forwards the request to the controller. The controller receives the request and replies with the current CCX roaming sublist of neighbors for the access point to which the client is associated.


    Note

    To see whether a particular client supports E2E, choose Wireless > Clients on the controller GUI, click the Detail link for the desired client, and look at the E2E Version text box in the Client Properties area.

  • Roam reason report—This feature enables CCXv4 clients to report the reason why they roamed to a new access point. It also allows network administrators to build and monitor a roam history.

  • Directed roam request—This feature enables the controller to send directed roam requests to the client in situations when the controller can better service the client on an access point different from the one to which it is associated. In this case, the controller sends the client a list of the best access points that it can join. The client can either honor or ignore the directed roam request. Non-CCX clients and clients running CCXv3 or below must not take any action. No configuration is required for this feature.

How to Configure Layer 2 or Layer 3 Roaming

Configuring Layer 2 or Layer 3 Roaming

Before You Begin

To configure the mobility agent for Layer 2 or Layer 3 roaming, the following requisites should be considered:

  • SSID and security polices should be same across MAs for Layer 2 and Layer 3 roaming.

  • Client VLAN ID should be same for Layer 2 roaming and different for Layer 3 roaming.

  • Bridge domain ID and client VLAN IDs should be same for Layer 2 roaming. Either one or both of the bridge domain ID and client VLAN ID should be different for Layer 3 roaming.

SUMMARY STEPS

    1.    configure terminal

    2.    wlan wlan_profile_name wlan_ID SSID_network_name

    3.    no mobility anchor sticky

    4.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1 configure terminal


    Example: 
    Switch# configure terminal
     

    Enters global configuration mode.

     
    Step 2wlan wlan_profile_name wlan_ID SSID_network_name


    Example: 
    Switch(config)#wlan wlan1
     

    Enters WLAN configuration mode.

     

    Step 3no mobility anchor sticky


    Example: 
    Switch(config-wlan)#no mobility anchor sticky
     

    (Optional) Disables Layer 2 anchoring.

     

    Step 4end


    Example:
    Switch(config)# end
     

    Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

     

    Configuring CCX Client Roaming Parameters (CLI)

    SUMMARY STEPS

      1.    configure terminal

      2.    ap dot11 {5ghz | 24ghz} l2roam rf-params {default | custom min-rssi roam-hyst scan-thresh trans-time}

      3.    end


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 configure terminal


      Example: 
      Switch# configure terminal
       

      Enters global configuration mode.

       
      Step 2ap dot11 {5ghz | 24ghz} l2roam rf-params {default | custom min-rssi roam-hyst scan-thresh trans-time}


      Example: 
      Switch#ap dot11 5ghz l2roam rf-params custom -80
       

      Configures CCX Layer 2 client roaming parameters.

      To choose the default RF parameters, enter the default option.

      To fine-tune the RF parameters that affect client roaming, enter the custom option and then enter any one of the following options:

      • Minimum RSSI—Indicates minimum Received Signal Strength Indicator (RSSI) required for the client to associate to an access point.

        If the client’s average received signal power dips below this threshold, reliable communication is usually impossible. Therefore, clients must already have found and roamed to another access point with a stronger signal before the minimum RSSI value is reached.

        You can configure the minimum RSSI range from –50 through –90 dBm and the default value is –85 dBm.

      • Hysteresis—Indicates how much greater the signal strength of a neighboring access point must be for the client to roam to it.

        This parameter is intended to reduce the amount of roaming between access points if the client is physically located on or near the border between two access points.

        You can configure the hysteresis range from 3 through 20 dB and the default is 3 dB.

      • Scan Threshold—Indicates a minimum RSSI that is allowed before the client should roam to a better access point.

        When the RSSI drops below the specified value, the client must be able to roam to a better access point within the specified transition time. This parameter also provides a power-save method to minimize the time that the client spends in active or passive scanning. For example, the client can scan slowly when the RSSI is above the threshold and scan more rapidly when the RSSI is below the threshold.

        You can configure the RSSI range from –50 through –90 dBm and the default value is –72 dBm.

      • Transition Time—Indicates the maximum time allowed for the client to detect a suitable neighboring access point to roam to and to complete the roam, whenever the RSSI from the client’s associated access point is below the scan threshold.

        The Scan Threshold and Transition Time parameters guarantee a minimum level of client roaming performance. Together with the highest expected client speed and roaming hysteresis, these parameters make it possible to design a wireless LAN network that supports roaming simply by ensuring a certain minimum overlap distance between access points.

        You can configure the time period in the range from 1 through 5 seconds and the default time is 5 seconds.

       

      Step 3end


      Example:
      Switch(config)# end
       

      Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

       

      Configuring Mobility Oracle

      SUMMARY STEPS

        1.    configure terminal

        2.    wireless mobility oracle

        3.    end


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 configure terminal


        Example: 
        Switch# configure terminal
         

        Enters global configuration mode.

         
        Step 2wireless mobility oracle


        Example:
        Switch(config)# wireless mobility oracle
         

        Enables mobility oracle on the controller.

         

        Step 3end


        Example:
        Switch(config)# end
         

        Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

         

        Configuring Mobility Controller

        SUMMARY STEPS

          1.    configure terminal

          2.    wireless mobility controller

          3.    wireless mobility controller peer-group switch-peer-group-name

          4.    wireless mobility controller peer-group switch-peer-group-name member ip ip-address {public-ip public-ip-address}

          5.    wireless mobility controller peer-group switch-peer-group-name multicast

          6.    wireless mobility controller peer-group switch-peer-group-name multicast ip peer-group-multicast-ip-addr

          7.    wireless mobility controller peer-groupswitch-peer-group-name bridge-domain-id id

          8.    wireless mobility group member ip ip-address [public-ip public-ip-address] [group group-name]

          9.    wireless mobility dscp value

          10.    wireless mobility group keepalive {count | interval}

          11.    wireless mobility group name name

          12.    wireless mobility oracle ipmo-ip-address

          13.    wireless management interface interface-name

          14.    end


        DETAILED STEPS
           Command or ActionPurpose
          Step 1 configure terminal


          Example: 
          Switch# configure terminal
           

          Enters global configuration mode.

           
          Step 2wireless mobility controller


          Example:
          Switch(config)# wireless mobility controller
           

          Enables wireless mobility controller.

           

          Step 3wireless mobility controller peer-group switch-peer-group-name


          Example:
          Switch(config)# wireless mobility controller peer-group SPG1
           

          Configures a switch peer group name. You can enter up to 31 case-sensitive ASCII printable characters for the group name. Spaces are not allowed in mobility group.

          Note   

          The No form of the command deletes the switch peer group.

           

          Step 4 wireless mobility controller peer-group switch-peer-group-name member ip ip-address {public-ip public-ip-address}


          Example: 
          Switch(config)# wireless mobility controller peer-group SPG1 member ip 10.0.0.1
           

          Adds a mobility group member to a switch peer group.

          Note   

          The No form of the command deletes the member from the switch peer group.

           

          Step 5 wireless mobility controller peer-group switch-peer-group-name multicast


          Example: 
          Switch(config)# wireless mobility controller peer-group SPG1 multicast
           

          Configures the multicast mode within a switch peer group.

           

          Step 6 wireless mobility controller peer-group switch-peer-group-name multicast ip peer-group-multicast-ip-addr


          Example: 
          Switch(config)# wireless mobility controller peer-group SPG1 multicast ip 10.0.0.4
           

          Configures the multicast IP address for a switch peer group.

          Note   

          The No form of the command deletes the multicast IP for the switch peer group.

           

          Step 7 wireless mobility controller peer-groupswitch-peer-group-name bridge-domain-id id


          Example: 
          Switch(config)# wireless mobility controller peer-group SPG bridge-domain-id 10.0.0.5
           

          Configures the bridge domain ID for a switch peer group. The default is zero.

          Note   

          The No form of command sets the bridge domain ID to the default value.

           

          Step 8 wireless mobility group member ip ip-address [public-ip public-ip-address] [group group-name]


          Example: 
          Switch(config)# wireless mobility group member ip 10.0.0.1
           

          Adds a mobility group member.

          Note   

          The No form of the command removes the member from the group. The default group name is the group name of MC.

           

          Step 9wireless mobility dscp value


          Example:
          Switch(config)# wireless mobility dscp 46
           

          Sets the DSCP value for mobility control packet.

          You can configure the DSCP value in a range from 0 through 63. The default value is 46.

           

          Step 10wireless mobility group keepalive {count | interval}


          Example:
          Switch(config)# wireless mobility group keepalive count
           

          Configures the wireless mobility group keepalive count which is the number of keepalive retries before a member status is termed DOWN and keepalive interval which is interval between two keepalives.

           

          Step 11wireless mobility group name name


          Example:
          Switch(config)# wireless mobility group name group1
           

          Specifies the case sensitive wireless mobility group name which can be ASCII printable string up to 31 characters.

           

          Step 12wireless mobility oracle ipmo-ip-address


          Example:
          Switch(config)# wireless mobility oracle ip 10.0.0.5
           

          Configures the mobility oracle IP address.

           

          Step 13wireless management interface interface-name


          Example:
          Switch(config)# wireless management interface Vlan21
           

          Configures the wireless management interface.

           

          Step 14end


          Example:
          Switch(config)# end
           

          Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

           

          Configuring Mobility Agent

          SUMMARY STEPS

            1.    configure terminal

            2.    wireless mobility controller ip ip-address

            3.    wireless mobility load-balance

            4.    wireless mobility load-balance threshold threshold -value

            5.    wireless management interface interface-name

            6.    end


          DETAILED STEPS
             Command or ActionPurpose
            Step 1 configure terminal


            Example: 
            Switch# configure terminal
             

            Enters global configuration mode.

             
            Step 2wireless mobility controller ip ip-address


            Example:
            Switch(config)# wireless mobility controller ip 10.10.10.20
             

            Sets the IP address of the mobility controller.

             

            Step 3wireless mobility load-balance


            Example:
            Switch(config)# wireless mobility load-balance
             

            Configures wireless mobility load balancing.

             

            Step 4wireless mobility load-balance threshold threshold -value


            Example:
            Switch(config)# wireless mobility load-balance threshold 100
             

            Configures the number of clients that can be local or anchored on the MA. You can configure the threshold value in a range from 100 to 2000. The default value is 1000.

             

            Step 5wireless management interface interface-name


            Example:
            Switch(config)# wireless management interface Vlan21
             

            Configures wireless management interface for the mobility agent.

             

            Step 6end


            Example:
            Switch(config)# end
             

            Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

             

            Monitoring Client Roaming Parameters

            This section describes the new commands for the client parameters.

            The following commands can be used to monitor the client roaming parameters on the switch.

            Table 1 Monitoring Client Roaming Parameters Commands

            Command

            Purpose
            show ap dot11 {5ghz | 24ghz} l2roam rf-param

            Displays the current RF parameters configured for client roaming for the 802.11a or 802.11b/g network.
            show ap dot11 {5ghz | 24ghz} l2roam statistics

            Displays the CCX Layer 2 client roaming statistics for the 802.11a or 802.11b/g network.
            show ap dot11 {5ghz | 24ghz} l2roam mac-address mac-address statistics

            Displays the CCX Layer 2 client roaming statistics for a particular access point.

            Monitoring Mobility Configurations

            This section describes the new commands for monitoring mobility configurations.

            The following command can be used to monitor mobility configurations on the Mobility Oracle, Mobility Controller, and Mobility Agent.

            Table 2 Monitoring Mobility Configuration Commands on the Mobility Controller and Mobility Agent

            Command

            Purpose

            show wireless mobility summary

            Displays the summary information for the Mobility Controller and Mobility Agent.

            show wireless mobility statistics

            Displays mobility statistics.

            show wireless mobility dtls connections

            Displays established DTLS connections.

            Table 3 Monitoring Mobility Configuration Commands on the Mobility Oracle

            Command

            Purpose

            show wireless mobility oracle summary

            Displays the status of the Mobility Controllers known to the Mobility Oracle.

            show wireless mobility oracle client summary

            Displays the information of a list of clients in the Mobility Oracle database.

            show wireless mobility oracle client detail client -mac-address

            Displays the detailed information of a particular client in the Mobility Oracle database.

            show wireless mobility oracle mc-ip

            Displays the information of a list of clients in the Mobility Oracle database that are anchored or associated to a specified Mobility Controller.

            Table 4 Monitoring Mobility Configuration Commands on the Mobility Controller

            Command

            Purpose

            show wireless mobility controller client summary

            Displays a list of clients in the subdomain.

            show wireless mobility controller client mac-address detail

            Displays detailed information for a client in a subdomain.

            show wireless mobility agent ma-ip client summary

            Displays a list of clients anchored or associated to a specified Mobility Agent.

            show wireless mobility ap-list

            Displays the list of Cisco APs known to the mobility group.

            Table 5 Monitoring Mobility Configuration Commands on the Mobility Agent

            Command

            Purpose

            show wireless mobility load-balance summary

            Displays the summary of mobility load-balance properties.

            Additional References for Configuring Client Roaming

            Related Documents

            Related Topic Document Title
            Mobility configuration

            Mobility Configuration Guide, Cisco IOS XE Release 3SE (Cisco WLC 5700 Series)
            Mobility-related commands

            Mobility Command Reference Guide, Cisco IOS XE Release 3SE (Cisco WLC 5700 Series)

            Standards and RFCs

            Standard/RFC Title
            None

            MIBs

            MIB MIBs Link
            All supported MIBs for this release.

            To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

            http:/​/​www.cisco.com/​go/​mibs

            Technical Assistance

            Description Link

            The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

            To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

            Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

            http:/​/​www.cisco.com/​support

            Feature History and Information For Performing Client Roaming Configuration

            Release Feature Information
            Cisco IOS XE 3.3SECisco IOS XE 3.3SE This feature was introduced.