Wireless Access

Inter controller seamless roaming(L2 roaming), options we brought up three controllers as, controller1: 7220 as master controller (192.168.241.20) controller2: MD1 7010 as Managed device (192.168.241.21) controller2: MD2 7010 as managed device(192.168.241.22) now in the master controller(7220) able to list MD1 and MD2, provided the IPsec key on the MC and configured Mobility Domain in the MC as, ip mobile domain default hat 192.168.241.21 255.255.255.0 1 10.1.1.245 description “Inter controller" ip mobile domain default hat 192.168.241.22 255.255.255.0 1 10.1.1.245 description “Inter controller" now AP1 is connected to MD1 and AP2 is connected to MD2, now i am trying FT roam between two controllers i.e MD1 and MD2, device is doing everytime full authentication between two controllers and   this is affecting my voice call, please let me know any configuration missing. 

OS version used is 8.3x in all the controllers

Try to use "Preserve Client VLAN" in the Virtual AP profile.  If the two controllers share the same layer 2 network for client VLANs, the second controller will attempt to see if the Client's mac address is in the ARP table and on what VLAN.  If the client's mac address exists, it will attempt to put that device into the same VLAN.

thanks for your response..

still iam observing the issue..

is cluster configuration required?

Do you have an MM?  If not, you cannot do a cluster configuration.

no i dont have MM, 

one master controller(7220) and two MD's(7010) are connected to MC, now i have to do the L2 seamless roaming, i need  configuration, 
please let me know any logs are required i can share with you.

If you don't have an MM, you cannot form a cluster.

Are the clients using the same layer 2 network on both controllers for that SSID?

Are you using VLAN pooling?

What authentication and encryption are you using?

yes it is using the same L2 network on the both controllers, 

not using the VLAN pooling.

What authentication and encryption are you using?

802.1x with PEAP-MSCHAPV2 authentication and AES encryption

yes client is keeping the same IP address

Without cluster L2 seamless roaming is not possible?

We don't have MM . We configured on the controller as Master and other 2 controllers are MD1 and MD2.

We could see both MD's are displaying in Master.

Configurations made in Master are successfully pushed to both MD's

Even we didn't see client roams seamlessly.

You might want to try ip mobility, then:  https://www.arubanetworks.com/techdocs/ArubaOS_83_Web_Help/content/arubaframestyles/mobility/ip_mobili.htm

I have not personally tried ip mobility  for ArubaOS 8.x, because clustering makes roaming between controllers very easy.  I would say that in the past it has been encouraged to design the network to minimize roaming of clients between controllers, because it makes troubleshooting difficult.

Another thing you can do is enable the "FDB Update on Assoc" in the Virtual AP profile to update the cam tables when a client associates to see if that makes a difference:  https://www.arubanetworks.com/techdocs/ArubaOS_83_Web_Help/content/arubaframestyles/virtualaps/conf_vap_prof.htm?Highlight=fdb

Can both of your explain what tests you are running during roaming between controllers that do not work?

We have very basic setup to validate L2 seamless roaming.

One Master and 2 MD's.Both MD's jobed with Master.The configuration we created in Master is refleclecting in both MD's.

We have a profile with FT-802.1x configuration.

Each MD has one AP joined.

We have connected Client to AP1 which is with MD1. Our client slowly roaming form AP1 to AP2(which is on MD2).

During roam we are sending reassoc request,But AP2 is not honoring reassoc reuest.So the client is going for Full Authentication ,which is not correct.

We are expecting as per configured Fast roam (OKC or PMKID or FT)

As you mentioned clusetring supports in MM .Does the configuration of cluster is s/w based or specific hardware required to use cluster.

please find the attached screen shot for our infrastructre