Controllerless Networks

 View Only
last person joined: 19 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

L3 Mobility Domain with same VLANs for SSID

This thread has been viewed 25 times

  • 1.  L3 Mobility Domain with same VLANs for SSID

    Posted Jul 06, 2022 07:46 AM
    Hello Everyone,

    I open this discussion to have some help about roaming between two IAP cluster and L3 Mobility Domain.

    First of all, some technical elements :
    OLD Cluster :
    - IAP models : 204 and 304
    - Version : 6.5.4.21
    New Cluster :
    - IAP models : 504
    - Version : 8.7.1.9
    Each cluster has its own "APs VLAN".

    Context :
    Renew of a cluster of 91 AP in a factory. In this factory, there is moving robot which transport parts. Robots are highly criticals and need to roam often.
    Density of AP in this factory is really high.
    Current APs (model 204, 90% of old cluster), because of the firmware, are not compatible with new APs (504) and cannot form a cluster.
    A big bang migration isn't possible because of the huge number of APs, their accessibility and the 24/7 activity of this factory.
    A scenario of progressive migration have been chose. With, APs by APs replacement.
    For this scenario we need an highly effective roaming for robots. We use L3 Mobility Domain between old an new clusters.
    SSID's VLAN remains the same between clusters.

    I have read some documentations and discussions about L3 Mobility Domain.
    In particular, these :
    https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=0c0d55c0-e6e7-4767-96d4-95871e6745e1
    https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=23941#bme131b5da-9e3f-4a5d-aa2d-d28d7e053faf
    https://community.arubanetworks.com/community-home/digestviewer/viewthread?GroupId=7&MID=21085&CommunityKey=867d34a4-1e6a-4b9a-9349-df7b4c84b3cb&tab=digestviewer

    In fact, our L3 roaming fail. And, by reading these documents, I understand that L3 Mobility Domain needs SSID VLAN deployed only on a single cluster. Which isn't compatible with my case.

    So my questions are these :
    • SSID's VLAN on only one side of the domain is mandatory, or not ?
    If not, is a L3 Mobility Domain configuration example available ?
    If yes, except a "classic" roaming between two clusters unknown to each other, Is there another way to facilitate roaming in this scenario?

    Thanks for your help everyone.

    ------------------------------
    Regards

    Guillaume
    ------------------------------


  • 2.  RE: L3 Mobility Domain with same VLANs for SSID

    EMPLOYEE
    Posted Jul 06, 2022 09:58 AM
    I don't believe inter-cluster roaming is going to be supported between an AOS8 and AOS6 cluster although it would be an interesting experiment.

    However you should make sure you've got the simple part of the config right first as the clients may authenticate efficiently enough when moving from one cluster to the other for your purpose. Do you have a client VLAN configured that is trunked to all the AP's across both clusters? This allows the client devices to move between clusters without having to change subnets. This would be the starting point that I would recommend. The client will attempt to roam gracefully and if this fails then it will re-authenticate. 


    Original Message


  • 3.  RE: L3 Mobility Domain with same VLANs for SSID

    Posted Jul 06, 2022 11:17 AM
    Hello,

    Yes, client VLAN are configured as trunk for both clusters.​
    Roaming from cluster to another cluster without subnet change and complet reassociation is the target.
    This have been tested and validated with PCs and smartphone.
    Original Message


  • 4.  RE: L3 Mobility Domain with same VLANs for SSID

    EMPLOYEE
    Posted Jul 06, 2022 07:57 PM
    As I suggested I don't believe roaming between clusters on such widely different versions will be supported. This is what is required to achieve the goal of not having to complete a full association and authentication process during the roam. With that said it's worth testing just in case it works.

    This is an old video but may be worth a review: Instant Access Point: Module 8 - Roaming

    If you can get inter cluster communication to work and the client subnet does not change then an assisted roam will take place.


    Original Message


  • 5.  RE: L3 Mobility Domain with same VLANs for SSID

    Posted Jul 08, 2022 05:50 AM
    Hello,

    Thanks for this video. It's very instructive.
    But, if I understand well, my case doesn't apply to roaming between cluster with same L2 for clients ?

    Original Message


  • 6.  RE: L3 Mobility Domain with same VLANs for SSID

    EMPLOYEE
    Posted Jul 08, 2022 09:08 AM
    When you stated "Roaming from cluster to another cluster without subnet change and complet reassociation is the target" I assumed that the clients would stay within the same Layer 3 subnet and same Layer 2 broadcast domain. This keeps things as simple as possible from a network perspective as it avoids any need to tunnel traffic back to an anchor location.

    If you see the diagram above the suggestion is that the same client VLAN be used in the configuration of the SSID/Network on both Virtual Controllers and be tagged accordingly on all switch ports going to all Access Points. This way as the client migrates from one cluster to the other it will be able to maintain IP connectivity without the network having to facilitate any fancy cluster to cluster tunnelling solution. If the non-similar clusters are unable to facilitate a roam where the client doesn't leave it's subnet then I would doubt they would be able to establish tunnels to guide traffic back to a Home AP. I haven't had a chance to test these between 6.x and 8.x.
    Original Message