Wireless Access

Reply
Occasional Contributor II

Vlan Mobility

Hi-

 

Our environment consists of (2) master tier controllers, (2) local controllers, and (2) guest (DMZ) controllers which serve as anchor points for GRE.  The (2) local controllers each have L2 GREs out to each guest controller.  The Guest Vlan resides on each local controller, however it is not trunked between them.  Clients hit the Guest ssid and are redirected through the GRE.

 

The problem:

The issue is with Guests (who connect via a simple Captive Portal page) are complaining of having to reauthenticate very often.  I've set the user-idle timeout setting to 10 min.  While investigating this, I realized that they were often switching between the (2) local controllers.  I've enabled Vlan mobility, however, we still appear to have the problem. Does the guest Vlan have to be trunked between both locals for this to work?  Both locals are trunking our internal Vlans via our Cisco infrastructure; The Guest Vlan is not for obvious reasons.  If this is required, could I simply connect the (2) locals via directly connected interfaces?  Are there any commands I can run to validate Vlan Mobility?

 

Thanks in advance for your help.

 

-Luis 

  

Re: Vlan Mobility

Please disable VLAN mobility on VAP profile as user`s are not moving or roaming from one local to another local controller.

As VLAN-Mobility feature basically helps if users are (L2 roam) roaming between controllers containing identical configuration.

 

We need to understand why the re-authentication occurs; do we have a clear pass at the back ground?

Enable debugging for user-debug on controller and do we have any airwave to look for the reason to see why the user is doing re-auth?

 

Make sure there is no re-authentication configured on the user-role or on the server side.

 

Please open up a TAC case to verify and validate as well. Thanks!

Occasional Contributor II

Re: Vlan Mobility

Thanks for the reply.  Well, thats just it...they are in fact switching between the two local controllers.  Some buildings terminate to one local while others terminate on the other.  I assume there is some overlap in coverage, therefore causing some guest clients to reauth when they connect to the other local.  This is a L2 guest Vlan which is the same on both local controllers, however we are not trunking this Vlan between the two locals as the only trunks configured currently are going down to our internal network infrastructure. 

 

Just curious what the requirements are for Vlan Mobility and if my assumption of a L2 trunk between locals is a requirment for it to work?  Are there any commands that i could use to verify Vlan Mobility?

 

Thanks again,

-Luis

Re: Vlan Mobility

Yes, if we need VLAN mobility L2 roam, then we have to make sure VLAN is being trunked between locals.

There is no commands as such however we could verify and get more info from user-debug. 

 

Thx

 

Occasional Contributor II

Re: Vlan Mobility

Thank you for the information!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: