Meraki

Community

Roaming behaviour with an SSID with several VLANs

Solved
Ben0391
Here to help
‎Jul 5 2023 7:33 AM
‎Jul 5 2023 7:33 AM

Roaming behaviour with an SSID with several VLANs

Hi everyone,

we have one SSID which is distributed to all access points and uses its own VLAN per building. This means that I distribute a separate tag to the access points per building, so that only a specific VLAN is used at this point. This works so far fine.
What is the behavior when a device moves from one building to another? Does the corresponding VLAN (of the "home-building") also have to be present at the switch port to which the access point is connected? Or does the access point tunnel the connection in some way?

 

Thanks for your answers,

Ben

Labels:
0 Kudos
1 Accepted Solution
In response to Ben0391
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 5 2023 10:52 AM
‎Jul 5 2023 10:52 AM

It will depend, is the VLAN extended from one building to another? Or For each building this VLAN has a different IP Range?
If it's a different IP range you can use L3 roaming.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

4 Replies 4
Sander
Here to help
‎Jul 5 2023 7:46 AM
‎Jul 5 2023 7:46 AM

Just to be clear, you mean that under Wireless - Access control at VLAN tagging you have tagged the AP per building and specified the VLAN ID to be used by building? In this case the VLAN for the SSID has to be present on the switch port. So that means if the users roams he needs to have his IP renewed to the new VLAN, did you test that, what happens if you move around (I never used this feature) Solution is you have to turn on Layer 3 roaming under the External DHCP - Bridged option. Maybe try that one. If you have an MX you could also go to tunnelled mode instead of bridged. 

0 Kudos
Ben0391
Here to help
‎Jul 5 2023 9:34 AM
‎Jul 5 2023 9:34 AM

Hi Sander,

thanks for your reply.

At the moment this is our configuration:

Ben0391_0-1688574247299.png


Each VLAN is the ip address range for one building. All APs in this building are configured with the tag use_vlanxx.

If a client is roaming now from one building to another, the IP address keeps initially the same (as in old VLAN) and no communication is possible. 

Is this the expected behaviour?

At the moment, only the required VLAN of the building of the corresponding MR-device is configured on the switch.

Would it work if I make all VLANs known on the switch port? Or can the tagged access point actually only work with the VLAN assigned to it?

 

Thanks,

Ben

 

0 Kudos
In response to Ben0391
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 5 2023 10:52 AM
‎Jul 5 2023 10:52 AM

It will depend, is the VLAN extended from one building to another? Or For each building this VLAN has a different IP Range?
If it's a different IP range you can use L3 roaming.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to Ben0391
Sander
Here to help
‎Jul 5 2023 1:11 PM
‎Jul 5 2023 1:11 PM

Yes this is expected behaviour, traffic is bridged to the lan port of the AP tagged with the VLAN, if that does not exist it cannot reach its gateway so no traffic will be possible. After a while the client does a DHCP renew and then it works again.

 

Do you need different vlan per building due to size or links between? If not make it in 1 VLAN, if yes use layer3 roaming or use a MX as a WiFi concentrator.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.