Lesson Overview & Objectives

Cisco Unified Wireless Network Administration: Roaming and Mobility Cisco Unified Wireless Network Administration: Roaming and Mobility © 2010 Cisco ...
Author: Dortha Johnson
77 downloads 0 Views 505KB Size
Cisco Unified Wireless Network Administration: Roaming and Mobility Cisco Unified Wireless Network Administration: Roaming and Mobility

© 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-1

Lesson Overview & Objectives  Overview –This lesson provides a detailed discussion of client roaming between APs and controllers in a Cisco Unified Wireless Network environment.

 Objectives - Upon completing this lesson, you will be able to establish and configure mobility groups to support roaming. This ability includes being able to meet these objectives:

– List three of the Cisco Best Practices for roaming – Describe client roaming within a Layer 2 subnetwork – Describe client roaming within a Layer 3 subnetwork – Describe the configuration of the Mobility Group – Describe IRCM – Identify the two caveats to be aware when using IRCM – Explain how to configure Mobility Anchors © 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

CUWN v7.0—3-2

Cisco Wireless Roaming  Roaming refers to movement of clients across Cisco APs, Cisco REAPs, and third-party APs.  A mobility group is a group of WLAN controllers that are set up to allow roaming amongst themselves.  The Cisco WLC can belong to only a single mobility group.

 A maximum of 24 Cisco WLCs may belong to a single mobility group.  Roaming supported across mobility groups.  Cisco wireless requires the following for mobility groups: – Consistent mobility group membership – Consistent ACLs configured on all member Controllers  Two types of roaming. – Layer 2 (intra-subnet) roaming – Layer 3 (inter-subnet) roaming © 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-3

Roaming Best Practices  All controllers in the mobility group should use the same IP address for their virtual interface, and the virtual interface IP address must not be routable.  IP connectivity must exist between the management interfaces of all controllers in the mobility group.  In most situations, all controllers must be configured with the same mobility group name.  You must have gathered the MAC and IP addresses for each controller in a mobility group.  Do not create unnecessarily large mobility groups. Include only controllers that are in the area in which a client can roam. – Try to accommodate the AP distribution across controllers in the mobility group. Avoid salt-and-pepper AP placement. – If using version 5.x or later, take advantage of the multicast mobility feature. © 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

CUWN v7.0—3-4

© 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-5

Cisco Wireless Layer 2 Roaming  Single Cisco WLC or multiple Cisco WLCs are in the same subnetwork.  Roaming is transparent to the client.  The session is sustained during connection to the new AP.  The client continues using the same DHCP-assigned or static IP address.  Reauthentication is required if the client sends a DHCP discover with a 0.0.0.0 client IP address or a 169.254.*.* client auto-IP address or when the operator-set session timeout is exceeded.

© 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

CUWN v7.0—3-6

Client Roaming within a Subnet Layer 2 Roam VLAN X WLC-1 Client Database Client Data

WLC-2 Client Database

(MAC, IP, QoS, Security)

WLC-1

WLC-2

Mobility Message Exchange

Pre Roaming Data Path

© 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-7

Client Roaming within a Subnet Layer 2 Roam (Cont.) VLAN X WLC-1 Client Database

WLC-1

Client Data (MAC, IP, QoS, Security)

WLC-2 Client Database

WLC -2

Mobility Message Exchange

Roaming Data Path

Client roams to different AP © 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

CUWN v7.0—3-8

Cisco Wireless Layer 3 Roaming  Multiple Cisco WLCs in different subnetworks.  Transparent to the client.  The session is sustained during connection to the new AP.  Tunnel between the anchor Cisco WLC and foreign Cisco WLC and special handling of the client traffic by both controllers allows the client to continue using the same DHCP or client-assigned IP address while the session remains active.  Reauthentication is required if the client sends a DHCP discover with a 0.0.0.0 client IP address or a 169.254.*.* client auto-IP address or when the operator-set session timeout is exceeded.  Set up via a symmetric tunnel between the anchor WLC and the foreign WLC.

© 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-9

Client Roaming Between Subnets Layer 3 Roam VLAN X

VLAN Z

WLC-1 Client Database Client Data (MAC, IP, QoS, Security) WLC-1

WLC-2 Client Database Client Data (MAC, IP, QoS, Security)

Mobility Message Exchange

WLC-2

Pre Roaming Data Path

© 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

CUWN v7.0—3-10

Client Roaming Between Subnets Layer 3 Roam (Cont.) VLAN X

VLAN Z

WLC-1 Client Database

WLC-2 Client Database

Client Data (MAC, IP, QoS, Security)

Client Data (MAC, IP, QoS, Security)

Mobility Message Exchange

WLC-1 Anchor Controller

Encrypted Data Tunnel

WLC-2 Foreign Controller

Pre Roaming Data Path

Client roams to different AP © 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-11

Mobility Group Configuration

© 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

CUWN v7.0—3-12

Creating and Managing Mobility Group Members

Two methods for defining the mobility group—add a member using either the New or Edit All option, in which all members are represented in a text format. © 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-13

Mobility Group Communications  Whenever a new client joins a controller, the controller sends out a message to all of the controllers in the mobility group. – In release 5.0 and later, this messaging can be setup to use multicast, rather than unicast.

 The controller to which the client was previously connected passes on the status of the client.  All mobility message exchanges between controllers are carried out using UDP packets on port 16666 (if using IPSec encryption, port 16667).

© 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

CUWN v7.0—3-14

Seamless Roaming Between Mobility Groups  Controllers can communicate and clients can roam between mobility groups.  Release 5.1 or later supports up to 24 controllers in a mobility group and up to 72 controllers in the mobility list.  When a client crosses a mobility group boundary, the client is fully authenticated, but the IP address is maintained, and Ethernet IP tunnel is initiated for Layer 3 roaming.  Cisco Centralized Key Management and PKC are supported only for intra-mobility-group roaming.

© 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-15

Client Roaming Between Subnets Layer 3 Roam Different Mobility Groups VLAN X WLC-1 Client Database

Mobility Group 1

VLAN Z WLC-2 Client Database

Client Data (MAC, IP, QoS, Security)

Client Data (MAC, IP, QoS, Security)

Mobility Message Exchange

WLC-1

Encrypted Data Tunnel

Anchor Controller

Mobility Group 2 WLC-2

Foreign Controller

Pre Roaming Data Path

Client roams to different AP © 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

Controller in a different mobility group, client reauthentication required CUWN v7.0—3-16

Inter-release Controller Mobility  Available in release 6.0  Supports seamless mobility and Cisco Unified wireless network services across controllers with different software versions.  Allows features such as mobility (Layer2/Layer3 roaming, CCKM Fast Roaming), RRM, AP Fallback, Guest Access, WCS, MFP, and Rogue Detection.  For example, two controllers—one running version 4.2.x and another controller running version 6.0.x code—will be able to support roaming and AP Fallback across the two controllers.

© 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-17

Scenarios Where IRCM Would Be Used  During controller upgrade—where certain sections of the network may still be on old code  End of Life support for APs—certain sections of the network cannot be upgraded until the older EoL APs are replaced

 Guest Access across geographical locations—remote and anchor controllers may be running on different code version

© 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

CUWN v7.0—3-18

Mobility Features Affected By IRCM  Layer 2 and Layer 3 roaming – Supported between 4.2.207 and 6.0.188 code. – Version number of the mobility packet was incremented in 5.2 and later releases. – Controller will keep track of the mobility version number of other controllers in its mobility list and communicate accordingly. – Feature support across controllers in the mobility list would be of the lowest common denominator.  Guest access termination – Ether-over-IP (EoIP) tunnels for guest access will be supported between 4.2.x and 6.0.x controllers. – Anchor and remote controller can have different software versions. © 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-19

Caveats For IRCM  Controllers on version 5.1 or earlier code support both symmetric tunneling and asymmetric tunneling. Controllers on version 5.2 or later code support only symmetric tunneling. – Version 5.1 and earlier controllers need to be configured for symmetric tunneling to support layer 3 roaming with controllers running 5.2 or later code.  Controllers on version 5.0 or later code support mobility multicast, but controllers on 4.2.207 (4.2.MR4) do not support mobility multicast. – Version 4.2 controllers cannot be in a mobility group that is using mobility multicast.

© 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

CUWN v7.0—3-20

Cisco Wireless Mobility Anchor C cc

Anchor Controller

bb

3.3.3.3 dd

4.4.4.2

Foreign Controller

ee

5.5.5.2

A

Client traffic travels a symmetric path. aa

4.4.4.4

© 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-21

Cisco Wireless Mobility Anchor Guest Tunneling Example C

Internet

Anchor Controller

Foreign Controller

4.4.4.2

Tunnels are not per user but per SSID (for the inside Controller), which requires a mobility anchor Controller.

© 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

SSID: Internal SSID: GUEST

Guest Client 4.4.4.4

CUWN v7.0—3-22

Cisco Wireless Mobility Anchor Message Flow Normal Mobility Event Client Announce Foreign Controller

No Handoff Client Announce

Anchor Controller

No Handoff Client Announce No Handoff Timeout; Foreign Now Becomes Anchor for Client

Mobility Anchor Event (Guest Tunneling Example) Export Anchor Request

Foreign Controller

Export Anchor Request ACK Export Foreign

Anchor Controller

Export Anchor

© 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-23

Cisco Wireless Mobility Anchor Considerations  Initial contact Controller may receive a handoff for the client during the client announce. – If the handoff does not specify a configured anchor Controller, the handoff will be discarded.

 A foreign session to the anchor is set up ahead of client IP address determination. – The foreign Controller will have no knowledge of Layer 3 client information.  Web Authentication is supported, but authentication will occur on the mobility anchor as opposed to the local Controller.  Not supported on 2xxx Series Controllers or Cisco WLCM.

© 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

CUWN v7.0—3-24

Configuring Mobility Anchors in WLANs

© 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-25

Controller > Mobility Management > Mobility Statistics Viewing Mobility Statistics

© 2010 Cisco Systems, Inc. All rights reserved.

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.

CUWN v7.0—3-26

Summary  The Cisco Unified Wireless Network environment allows for roaming between APs.  Layer 2 roaming occurs whenever a client roams between APs on the same Controller.  A Layer 3 roam event requires more processing power and controller coordination than a Layer 2 roam event.  All controllers that will be part of the same mobility group must be configured to have the same default mobility domain name.  Inter-release Controller Mobility (IRCM) is a new feature that allows seamless roaming.  There are two caveats to be aware of when taking advantage of the IRCM feature.  Mobility anchors in WLANs need to be configured.

© 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-27

© 2010 Cisco Systems, Inc. All rights reserved.

CUWN v7.0—3-28

© 2008, Cisco Systems, Inc. All rights reserved. Printed in USA.