The Layer 3 Roaming Process

As with Layer 2 roaming, the goal of Layer 3 roaming is for a client to roam transparently. The difference is that you are working with multiple controllers on different subnets. The catch is that although the controllers are on different subnets, the user does not change IP addresses. Instead, the controllers tunnel the traffic back to the original controller. So it's a smoke-and-mirrors configuration. You are literally making the network believe that the user hasn't roamed. The two tunneling methods are as follows:

■ Asymmetric tunneling: In asymmetric tunneling, traffic from the client is routed to the destination, regardless of its source address, and the return traffic is sent to its original controller, called an anchor, and is tunneled to the new controller.

■ Symmetric tunneling: In symmetric tunneling, all traffic is tunneled from the client to the anchor controller, sent to the destination, returned to the anchor controller, and then tunneled back to the client via the foreign controller.

The following sections discuss these two types of tunneling in more detail. Asymmetric Tunneling

When a client roams in an intercontroller roam, the database entry moves to the new controller. That's not the case with Layer 3 roaming. In the case of Layer 3 roaming, the client's entry in the original controller is marked as an anchor entry. Then the database entry is not moved; instead, it is copied to the foreign controller. On the foreign controller, the entry is marked "Foreign." The client is then reauthenticated, the entry is updated in the new AP, and the client is good to go. The client's IP address doesn't change. All this is transparent to the user. Figure 12-9 depicts this process.

(Anchor) Client 1

Client DB

(Anchor) Client 1

Client 1 (Foreign)

Local Controller

Client 1 (Foreign)

Client DB

Local Controller

Foreign Controller

10.10.0.227/24

Client 1

Roaming

10.10.0.227/24

Client 1

Roaming

Was this article helpful?

0 0

Post a comment