During designing and implementation of wireless network you will come across on Layer 2 and 3 roaming. Both of them improve scalability of the wireless network and simplify end user life, but work differently.
Before we go over any designing, we have to make sure that our WLCs (Wireless Lan Controllers) are:
– agreed on CAPWAP protocol. CAPWAP is responsible for management, pushing firmware and configuration to APs
– agreed on the same Mobility Group (working in the same domain), only then WLCs will be able to exchange information about connected devices.
– agreed on the same Virtual IP address
– compatible with each other, but they don’t have to be the same devices
WLCs on regular basis exchange information about connected clients. The roaming enables us easy switching between APs in the same domain, without necessity to log on to the next APs. Thanks to this we don’t have to worry that we will be disconnected. If the signal to the first AP 1 will become to weak and from AP 2 will be stronger, then AP 2 takes over the client.
Layer 2 roaming
In case of layer 2 roaming the case is simple, when the client is moving from AP 1 towards AP 3 everything will go seamlessly because all 3 APs are in the same VLAN and subnet. WLC 1 just passes information about connected client to WLC 2 and WLC 3. IP address of the client doesn’t change itself.
Layer 3 roaming
In case of layer 3 roaming things get little bit complicated. As you see I added WLC 3 in different subnet, but still in the same Mobility Group. AP 3 is also in different subnet. Now when the client is moving further from the AP 2 and is getting close to the AP 3, because WLC 3 knows about the client thanks to WLC 2 is ready for taking over him. WLC 2 bacomes the Anchor because is the last AP in the subnet that the client came from and which the client was connected to. WLC 3 is called Foreign, because is from different subnet and doesn’t belong to the original subnet. Let’s assume that the client was connected to the server 10.10.10.10. and now is connected to the AP 3. What happend with original IP address of the client ? Nothing. The layer 3 address remain the same, AP 3 only forwards frames on layer 2.
Asymmetric and Symmetric Forwarding
Between WLC 2 and 3 there is created a logical tunnel.
Asymmetric forwarding takes place when the return traffic is going through WLC 2 in original subnet. This is very unefficient and may cause a lot of problems if we have any firewall and set up rules.
Symmetric forwarding takes place when the initial traffic and return traffic are going in the same way
Let’s assume we have GUEST network broadcasted in entire bulding by all APs, but we want only one WLC (let’s call him GUEST) deals with and authenticates the guests. Then between the WLC that the guest client is connected to is being build the tunnel to the specify GUEST WLC. This specify GUEST WLC is called Mobility Anchor
Static Address Tunneling
Is destined for user with static address, if user from one network let’s assume VLAN 10 has been cought by another AP owing to stronger signal but with VLAN 20, then WLC that the new AP wants connect to, sends the message to the other WLCs with inguiry “Which AP deals with particular network namely VLAN 10?” and of course tunnel is being build with WLC with a proper SSID and proper network VLAN 10, from now on WLC is acting like the Anchor. But the benefit of that is, we don’t have to have the SSID of the network VLAN 10 on the another WLC with VLAN 20