Controller-less WLANs

Why client changes the role when doing L3 Roaming with IAP?

Aruba Employee

IAP Cluster


The client roams to IAP1 from IAP2 and the client’s user-role “internet” didn't transffered and it changed to "External CP"


IAP2# show clients  


Client List
Name                        IP Address   MAC Address        OS      Network       Access Point  Channel  Type  Role         Signal    Speed (mbps)  
----                        ----------   -----------        --      -------       ------------  -------  ----  ----         ------    ------------ 40:b3:95:33:72:9a  iPhone  aruba-guest   IAP2          11       GN    internet     41(good)  1(poor)       
Info timestamp      :6477


IAP1# show clients 


Client List
Name                        IP Address   MAC Address        OS      Network       Access Point  Channel  Type  Role         Signal    Speed (mbps)  
----                        ----------   -----------        --      -------       ------------  -------  ----  ----         ------    ------------  40:b3:95:33:72:9a iPhone  aruba-guest   IAP1          6        GN    External CP  48(good)  1(poor)       
Info timestamp      :14497

On L3 roaming, firewalling continues to happen on Home AP (Home Agent) instead of foreign agents (Other IAP's), role assignment and firewall functionality is always on Home AP (Home Agent). Even when clients roam to Foreign AP's, all traffic is tunnelled to Home AP (Home Agent), so user role on Foreign AP is not relevant. Only the user role on Home AP matters.

We should be able to verify functionality by checking “#show datapath session” and “show datapath acl” on the home AP.


Version history
Revision #:
1 of 1
Last update:
‎06-26-2014 05:54 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.