fast secure roaming

Unanswered Question
Jun 6th, 2007


I was trying to answer this question and was wondering whether WLSM was necessary :

What components are necessary when implementing fast secure L3 roaming?

A. AP, CCX clients

B. AP, CCX clients, WLSM



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rob.huffman Thu, 06/07/2007 - 08:07

Hi Navid,

The answer is B. Have a look at why;

With Layer 2 (L2) roaming, the wireless client roams between two APs that are part of the same subnetwork on the wired side. AP-based WDS provides this functionality. With AP-based WDS, you must configure the APs to be in the same VLAN.

With L3 roaming, the wireless client roams between two APs that reside in two different subnetworks. Therefore, the client roams between two different VLANs on the wired side. This removes the creation of VLANs that span the entire campus, which the AP-based WDS create. Client devices use multipoint generic routing encapsulation (mGRE) tunnels in order to roam to APs that reside on different L3 subnetworks. The roaming clients remain connected to your network without the need to change IP addresses.

The introduction of switch-based WDS and the WLSM facilitates Layer 3 (L3) fast secure roaming (FSR) and provides a highly scalable solution for L3 mobility in the campus. Switch-based WDS centralizes the functionality of WDS in the WLSM blade in a central switch and provides these benefits:

Increased WDS scalability The scalability increases to 300 APs and 6000 users across a campus wireless LAN (WLAN) network.

Simplified design and implementation No VLANs span the campus network. With the use of multipoint generic routing encapsulation (mGRE) architecture, no changes to the current network wired infrastructure are necessary.

Manageability for a large WLAN deployment This solution provides a single point of ingress for both WLAN control and user data into the wired network for which to apply security and quality of service (QoS) policies.

L3 mobility between floors and across multiple buildings

The ability to use advanced features on the Cisco Catalyst 6500, which includes other Catalyst 6500 service modules

Enhanced end-to-end security and QoS by integration with the Catalyst 6500 platform

Components Required for Layer 3 Mobility

The Layer 3 mobility wireless LAN solution consists of these hardware and software components:

1100 or 1200 series access points participating in WDS

Catalyst 6500 switch with Supervisor Module and WLSM configured as the WDS device


Note: You must use a WLSM as your WDS device to properly configure Layer 3 mobility. Layer 3 mobility is not supported when your WDS device is an access point.


Cisco (or Cisco compatible) client devices

From this doc;

Hope this helps!



This Discussion