What is Layer 2 Mobility and how it works
07-06-2014 10:47 PM
The Layer 2 Mobility or Vlan Mobility was introduced in late 2005 and is currently supported in 2.5 and 3.x ArubaOS.
When a user roams (associated to a single SSID), vlan mobility ensures that the user remains in the same vlan and keeps the same IP address when he moves across AP's and controllers.
Vlan mobility is needed when:
· The same ssid is configured with one vlan in one AP location (building, floor) and another vlan in another AP location. Example: The SSID guest is configured with vlan 100 in building A (location 1.0.0) and with vlan 200 in building B (location 2.0.0)
· IP mobility is not desired
· Vlan pooling is not desired
All vlan's where layer 2 mobility is required need to be present on all affected controllers, typically the vlan's should be allowed on the trunk connecting the controllers to the backbone layer 2 switches.
How does it work:
By default, vlan mobility is disabled. When a user associates to an SSID, his wireless NIC mac address goes into the datapath (Sibyte) bridge table. If the user stays idle for 8 minutes, the entry is aged out from that table.
If that user roams to another AP location configured with a different vlan, controller checks its bridge table and finds no entry for that user mac. Based on the ssid configuration, the controller places that user in the new vlan and the user acquires a new IP address, thus terminating all his existing ip sessions.
When vlan mobility is enabled, the age-out time of that user mac address changes to a large value (8*90 minutes).
Such long time allows that entry to go into other controllers bridge tables through the external switches.When a user roams to another AP location, the controller checks the bridge table and finds that mac address associated with the old vlan. The user is kept in the same vlan and the same IP address and data traffic flows through the trunk that allows the old vlan.