L3 roaming

niwai
Conversationalist

L3 roaming

Hi,

 

We have one MR AP on the HO site & 101 VLAN tagged for the SSID1. The other AP is on the branch site and the branch and HO will communicate through the MPLS. The VLAN101 is not available on the branch site. Will the user receive the same client database (IP, mac, VLAN)  which is on HO AP when he connects to the branch AP through the dynamic tunnel in L3 roaming?

 

What are the UDP ports that use to create a dynamic tunnel between HO & Branch AP?

4 Replies 4
Bruce
Kind of a big deal

If they are two separate sites, why would you want to keep the same IP address across them? You’re not going to achieve client roaming between disparate sites. Is there a reason you want to keep the same IP address?

 

For the Layer 3 roaming to work the APs would need to be within the same Meraki network. Generally if these are two separate sites then you’d create a Meraki network for each site, so roaming wouldn’t work. You could create a single wireless network that spans both sites, but it’s really not ideal, and you need to think about the use case carefully.

 

If you really want keep IP addresses on the wireless networks at both sites the same then you could use a wireless Concentrator (a Meraki MX in VPN Concentrator mode). Then the SSID could be tunnelled back to the concentrator so the IP subnet/DHCP is assigned by a VLAN accessible from the wireless Concentrator. Note that this won’t achieve roaming between the Meraki networks, a full re-Auth will happen when they move between them, but it will mean that the same IP address range can be used. You also have to be sure that you understand the traffic flows (I.e. they are via the concentrator) so that you minimise traffic hair-pinning.

 

If you haven’t already, have a read through this document, https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

 

niwai
Conversationalist

We need to keep the same network segment for GUEST WLAN for all the branches. When guests connect to the Guest WLAN and try to access the internet we need to push the Meraki portal and the traffic should go via HO side internet. 

Bruce
Kind of a big deal

From what you’ve described, and to keep the same IP subnet for all the sites, your best approach will be a wireless Concentrator at the HO. That way you can tunnel all guest SSIDs back to HO and send them out to the internet from there.

 

This document, https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Tunneling_and_Layer_3_Roamin... explains the Concentrator operation a bit more and the UDP ports.

niwai
Conversationalist

Thanks for the comment.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels