We are using a 4404 controller with 3 different subnets (interfaces), all using the same SSID (using AP Groups VLANS). The thing here is that when a client roams from one AP to another AP of different subnet, the IP remains the same, even after resetting the interface on the client. I think this is a normal behavior, I mean, layer 3 roaming. But I want to make sure, and also I would like to know if this behavior can be disabled.
Also, the client doesn't go from one AP to another immediately, I mean, the client stays some time without signal, so I think it should get an IP from the new subnet, not the one it had.
The DHCP server is external, I dont know if this behavior has something to do with lease times on the server or something like that.
No this feature cannot be disabled because it will break the whole purpose of roaming.
Coming to your second question that if client is deauthenticated from the AP and controller also looses its entry and then client comes up and joins new AP which is in different AP group it will get an ip address from new subnet to which that AP is binded.
It sounds like, although the client is no longer associated, the controller still has an entry for it. I am not sure these two elements are the same (i.e. the controller may hold onto the client info longer than the actual RF state).
I am having the exact same issues. Just wondering if you have resolved this issue? We have a situation where our library wants students to access the internet, but everywhere else on the campus, they are not accessing the internet. Therefore I used AP Groups VLAN feauture. Problem is, if they leave the library and re-assosiate, they get an IP address that can get on the internet???
Could this be a timer issue?
It would be fine if the controller lost the client after 2 or 3 minutes, but it is taking a very long time for the controller to loose the client....
The default session timeout for a WLAN using authentication is 1800 seconds (30 minutes). I think the controller may be considering this client as still having an active session and not timing out their entry, although I would expect it to do so if it loses connectivity. In the IOS days there was a station timeout whereby the controller would send keepalives to verify activity before disassociating the client. I'm not sure what the equivalent keeplive mechanism is now, if there is one.
If the client is on a new subnet the (old) DHCP renew request should be rejected as it would not be served by the (new) interface its sourced on. This should be in a different scope, so the client should obtain a new address sepecific to the scope served by the new source interface (router interface). Unless the client itself is holding onto the address, regardless of the DHCP process.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...