cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
468
Views
0
Helpful
6
Replies

4404 Controller roaming - retaining IP

omarmontes
Level 1
Level 1

Hi again guys!

I have this scenario:

We are using a 4404 controller with 3 different subnets (interfaces), all using the same SSID (using AP Groups VLANS). The thing here is that when a client roams from one AP to another AP of different subnet, the IP remains the same, even after resetting the interface on the client. I think this is a normal behavior, I mean, layer 3 roaming. But I want to make sure, and also I would like to know if this behavior can be disabled.

Also, the client doesn't go from one AP to another immediately, I mean, the client stays some time without signal, so I think it should get an IP from the new subnet, not the one it had.

The DHCP server is external, I dont know if this behavior has something to do with lease times on the server or something like that.

Thanks in advance!!

6 Replies 6

ankbhasi
Cisco Employee
Cisco Employee

Hi Friend,

No this feature cannot be disabled because it will break the whole purpose of roaming.

Coming to your second question that if client is deauthenticated from the AP and controller also looses its entry and then client comes up and joins new AP which is in different AP group it will get an ip address from new subnet to which that AP is binded.

HTH

Ankur

*Pls rate all helpfull post

Hi Ankur, thanks for the quick replay.

For the second question, thats what i though, but its not happening, even after deauthentication and reauthentication in the new AP, the client gets the previous IP address.

It sounds like, although the client is no longer associated, the controller still has an entry for it. I am not sure these two elements are the same (i.e. the controller may hold onto the client info longer than the actual RF state).

MIsatchenko
Level 1
Level 1

Hi There,

I am having the exact same issues. Just wondering if you have resolved this issue? We have a situation where our library wants students to access the internet, but everywhere else on the campus, they are not accessing the internet. Therefore I used AP Groups VLAN feauture. Problem is, if they leave the library and re-assosiate, they get an IP address that can get on the internet???

Could this be a timer issue?

It would be fine if the controller lost the client after 2 or 3 minutes, but it is taking a very long time for the controller to loose the client....

Thanks in advance

Remember DHCP addresses have a leased time, you should be able to modify this timer I assume in this case it is on the router not the controller that is supplying the dhcp address.

The default session timeout for a WLAN using authentication is 1800 seconds (30 minutes). I think the controller may be considering this client as still having an active session and not timing out their entry, although I would expect it to do so if it loses connectivity. In the IOS days there was a station timeout whereby the controller would send keepalives to verify activity before disassociating the client. I'm not sure what the equivalent keeplive mechanism is now, if there is one.

If the client is on a new subnet the (old) DHCP renew request should be rejected as it would not be served by the (new) interface its sourced on. This should be in a different scope, so the client should obtain a new address sepecific to the scope served by the new source interface (router interface). Unless the client itself is holding onto the address, regardless of the DHCP process.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: