WLAN roaming enables clients to seamlessly roam among wireless services in the same ESS while retaining their IP address and authorization information during the roaming process.

WLAN roaming mechanism

As shown in Figure1-1, the client roams from radio 1 to radio 2 as follows:

1. The client comes online from radio 1, and the AP creates a roaming entry for the client.

The entry records the initial SSID at association, PMKID, authentication method, security mode, and roaming VLAN.

2. The client roams to radio 2. The AP examines the roaming entry for the client.

3. The client performs reauthentication and then comes online from radio 2.

Figure1-1 WLAN roaming mechanism

‌

Setting the roaming entry aging time

About this task

Client roaming entries record client PMKs, VLAN, and other authorization information. If a disconnected client connects to an AP before its roaming entry expires, the client can inherit authorization recorded in the entry and achieve fast roaming.

If a disconnected client cannot come online before its entry expires, the system deletes the entry.

Restrictions and guidelines

Setting the roaming entry aging time to 0 allows the system to delete the roaming entry of a client once the client goes offline. Fast roaming cannot be performed.

The aging time is applicable only to intra-AC roaming entries. It does not take effect on inter-AC roaming entries.

Procedure

1. Enter system view.

system-view

2. Enter service template view.

wlan service-template service-template-name

3. Set the roaming entry aging time.

client cache aging-time aging-time

By default, the roaming entry aging time is 180 seconds.

Display and maintenance commands for WLAN roaming

Execute display commands in any view.

Task	Command
Display roam-track information for a client.	display wlan mobility roam-track mac-address mac-address

‌

Example: Configuring WLAN roaming

Network configuration

As shown in Figure1-2, configure WLAN roaming to enable the client to roam from radio 1 to radio 2.

Figure1-2 Network diagram

‌

Procedure

# Create a service template named service1, set the SSID to trade-off, and enable the service template.

<AP> system-view

[AP] wlan service-template service1

[AP-wlan-st-service1] ssid trade-off

[AP-wlan-st-service1] service-template enable

[AP-wlan-st-service1] quit

# Bind the service template to interface WLAN-Radio 1/0/1 of the AP.

[AP] interface wlan-radio 1/0/1

[AP-WLAN-Radio1/0/1] undo shutdown

[AP-WLAN-Radio1/0/1] service-template service1

[AP-WLAN-Radio1/0/1] quit

# Bind the service template to interface WLAN-Radio 1/0/2 of AP 2.

[AP] interface wlan-radio 1/0/2

[AP-WLAN-Radio1/0/2] undo shutdown

[AP-WLAN-Radio1/0/2] service-template service1

[AP-WLAN-Radio1/0/2] quit

Verifying the configuration

# Enable the client to come online from radio 1. (Details not shown.)

# Verify that the client has associated with radio 1, and the roaming status is N/A, which indicates that the client has not performed any roaming.

[AP] display wlan client verbose

Total number of clients: 1

MAC address : bce2-659a-3232

IPv4 address : 192.168.0.5

IPv6 address : N/A

Username : N/A

AID : 978

Radio ID : 1

SSID : trade-off

BSSID : 74ea-c8fd-c1e0

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 25

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Disabled

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

Beamformee STS capability : 1

Number of Sounding Dimensions : 0

SU beamformee capability : Supported

MU beamformee capability : Supported

Block Ack : TID 0 Both

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8, 9

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 3

RSSI : 40

Rx/Tx rate : 263.3/325 Mbps

Authentication method : Open system

Security mode : PRE-RSNA

AKM mode : Not configured

Cipher suite : N/A

User authentication mode : Bypass

Authorization ACL ID : N/A

Authorization user profile : N/A

Authorization CAR : N/A

Roam status : N/A

Key derivation : N/A

PMF status : N/A

Forwarding policy name : Not configured

Online time : 0days 0hours 0minutes 28seconds

FT status : Inactive

# Verify that the AP has a roaming entry for the client.

[AP] display wlan mobility roam-track mac-address bce2-659a-3232

Total entries: 1

Current entries: 1

BSSID Created at Online time AP IP address RID AP name

74ea-c8fd-c1e0 2016-02-06 02:40:09 00h 09m 34s 127.0.0.1 1 fatap

# Enable the client roam to radio 2. (Details not shown.)

# Verify that the client has associated with radio 2, and the roaming status is Intra-AP roam.

[AP] display wlan client verbose

Total number of clients: 1

MAC address : bce2-659a-3232

IPv4 address : 192.168.0.5

IPv6 address : N/A

Username : N/A

AID : 978

Radio ID : 2

Channel : 36

SSID : trade-off

BSSID : 74ea-c8fd-c200

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 49

Wireless mode : 802.11gn

Channel bandwidth : 20MHz

20/40 BSS Coexistence Management : Not supported

SM power save : Disabled

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

STBC RX capability : Supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

Block Ack : TID 0 In

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7

Supported rates : 1, 2, 5.5, 6, 9, 11,

12, 18, 24, 36, 48, 54 Mbps

QoS mode : WMM

Listen interval : 3

RSSI : 40

Rx/Tx rate : 6.5/6.5 Mbps

Authentication method : Open system

Security mode : PRE-RSNA

AKM mode : Not configured

Cipher suite : N/A

User authentication mode : Bypass

Authorization ACL ID : N/A

Authorization user profile : N/A

Authorization CAR : N/A

Roam status : Intra-AP roam

Key derivation : N/A

PMF status : N/A

Forwarding policy name : Not configured

Online time : 0days 0hours 0minutes 54seconds

FT status : Inactive

# Verify that the AP has updated the roaming entry for the client.

[AP] display wlan mobility roam-track mac-address bce2-659a-3232

Total entries: 2

Current entries: 2

BSSID Created at Online time AP IP address RID AP name

74ea-c8fd-c200 2016-02-06 03:04:09 00h 04m 49s 127.0.0.1 2 fatap

74ea-c8fd-c1e0 2016-02-06 03:00:21 00h 01m 02s 127.0.0.1 1 fatap

2 Configuring enhanced roaming

About enhanced roaming

WLAN supports the following enhanced roaming technologies:

· 802.1X fast roaming—Allows users to come online from a new AP or radio without being reauthenticated. It is applicable only when RSN+802.1X authentication is used.

· 802.11r—Shortens roaming latency to reduce client disconnection rate and improve the service quality.

· 802.11v—Helps 802.11v clients to connect to the optimal AP to improve the service quality.

· Cooperative roaming—Uses IEEE802.11k and IEEE802.11v to support seamless roaming of clients in an ESS.

802.1X fast roaming

802.1X fast roaming mechanism

As shown in Figure2-1, 802.1X fast roaming operates as follows:

1. The client comes online from radio 1 after passing RSN+802.1X authentication. The AP creates a roaming entry for the client.

For more information about 802.1X authentication, see User Access and Authentication Configuration Guide.

2. The client roams to radio 2. The AP examines the roaming entry for the client and triggers 802.1X fast forwarding if the client carries the same PMKID as the AP.

The system uses the cached PMK to perform key negotiation and the client can associate with radio 2 without reauthentication.

NOTE:

The system supports using the following methods to cache PMKID:

· Sticky Key Caching (SKC)—Directly caches the PMKIDs generated during 802.1X authentication of clients.

· Opportunistic Key Caching (OKC)—Uses the currently associated BSSID, client MAC address, and cached PMK to generate a PMKID.

Both methods support 802.1X fast roaming without manual intervention.

‌

Figure2-1 802.1X fast roaming

‌

Restrictions and guidelines: 802.1X fast forwarding configuration

802.1X fast roaming supports only roaming between radios on the same fat AP.

802.11r

About 802.11r

802.11r fast BSS transition (FT) minimizes the delay when a client roams from a BSS to another BSS within the same ESS. During 802.11r FT, a client needs to exchange messages with the target radio.

FT provides the following message exchanging methods:

· Over-the-air—The client communicates directly with the target radio for pre-roaming authentication. This method is applicable to scenarios that have high requirements for roaming compatibility. As a best practice, use this method.

· Over-the-DS—The client communicates with the target radio through the current radio for pre-roaming authentication. This method is applicable to scenarios that have high requirements for roaming performance.

Intra-AP roaming through over-the-air FT

As shown in Figure2-2, the client has been associated with radio 1. Intra-AP roaming through over-the-air FT uses the following process:

1. The client sends an FT authentication request to radio 2.

2. Radio 2 sends an FT authentication response to the client.

3. The client sends a reassociation request to radio 2.

4. Radio 2 sends a reassociation response to the client.

5. The client roams to radio 2.

Figure2-2 Intra-AP roaming through over-the-air FT

‌

Inter-AP roaming through over-the-air FT

As shown in Figure2-3, inter-AP roaming through over-the-air FT uses the following process:

1. The client associates with AP 1.

2. AP 1 synchronizes client roaming information such as PMK and VLAN to AP 2.

3. The client sends an FT authentication request to AP 2.

4. AP 2 sends an FT authentication response to the client.

5. The client sends a reassociation request to AP 2.

6. AP 2 sends a reassociation response to the client.

7. The client roams to AP 2.

Figure2-3 Inter-AP roaming through over-the-air FT

‌

Intra-AP roaming over-the-DS FT

As shown in Figure2-4, intra-AP roaming through over-the-DS FT uses the following process:

1. The client associates with radio 1.

2. The client sends an FT authentication request to radio 1.

3. Radio 1 sends an FT authentication response to the client.

4. The client sends a reassociation request to radio 2.

5. Radio 2 sends a reassociation response to the client.

6. The client roams to AP 2.

Figure2-4 Intra-AP roaming through over-the-DS FT

‌

Restrictions and guidelines: 802.11r configuration

When you configure 802.11r, follow these restrictions and guidelines:

· To enable a client that does not support FT to access the WLAN, create two service templates using the same SSID: one enabled with FT and the other not.

· To prevent a client from coming online every time the periodic re-authentication timer expires, do not enable FT and 802.1X periodic re-authentication for the same service template. For more information about 802.1X periodic re-authentication, see User Access and Authentication Configuration Guide.

· PTK updates are not supported for clients that have been associated with a WLAN through FT. For more information about PTK updates, see WLAN Security Configuration Guide.

· To use FT, you must also specify an AKM mode.

· To use 802.11r, make sure APs carry the RSN IE in beacon frames and probe requests, a non-local authentication method is used, and the CCMP cipher suite is enabled.

· 802.11r takes effect only on clients associated with the AC.

· Before configuring 802.11r, make sure the service template is disabled.

· Do not enable 802.11r FT and set the WPA3 security mode or enable enhanced open system authentication at the same time. If you do so, the service template cannot be enabled. For more information about 802.11r, see "Configuring WLAN security."

· Roaming through over-the-DS FT allows only roaming between radios on the same AP.

Configuring 802.11r

1. Enter system view.

system-view

2. Enter service template view.

wlan service-template service-template-name

3. Enable FT.

ft enable

By default, FT is disabled.

4. (Optional.) Set the FT method.

ft method { over-the-air | over-the-ds }

By default, the FT method is over-the-air.

5. (Optional.) Set the reassociation timeout timer.

ft reassociation-timeout timeout

By default, the association timeout timer is 20 seconds.

The roaming process is terminated if a client does not send any reassociation requests before the timeout timer expires.

Example: Configuring over-the-DS FT (PSK authentication)

Network configuration

As shown in Figure2-5, configure intra-AP roaming through over-the-DS FT to enable the client to roam between radio 1 and radio 2. Configure PSK as the authentication and key management mode.

Figure2-5 Network diagram

‌

Procedure

# Create service template acstname.

<AP> system-view

[AP] wlan service-template acstname

# Set the SSID to service.

[AP-wlan-st-acstname] ssid service

# Set the authentication and key management mode to PSK, and configure simple string 12345678 as the PSK.

[AP-wlan-st-acstname] akm mode psk

[AP-wlan-st-acstname] preshared-key pass-phrase simple 12345678

# Set the CCMP cipher suite and enable the RSN IE in the beacon and probe responses.

[AP-wlan-st-acstname] cipher-suite ccmp

[AP-wlan-st-acstname] security-ie rsn

# Enable FT.

[AP-wlan-st-acstname] ft enable

# Set the reassociation timeout timer to 50 seconds.

[AP-wlan-st-acstname] ft reassociation-timeout 50

# Set the FT method to over-the-DS.

[AP-wlan-st-acstname] ft method over-the-ds

# Enable the service template.

[AP-wlan-st-acstname] service-template enable

[AP-wlan-st-acstname] quit

# Bind service template acstname to WLAN-Radio 1/0/1 of the AP.

[AP] interface wlan-radio 1/0/1

[AP-WLAN-Radio1/0/1] undo shutdown

[AP-WLAN-Radio1/0/1] service-template acstname

[AP-WLAN-Radio1/0/1] quit

# Bind service template acstname to WLAN-Radio 1/0/2 of the AP.

[AP] interface wlan-radio 1/0/2

[AP-WLAN-Radio1/0/2] undo shutdown

[AP-WLAN-Radio1/0/2] service-template acstname

Verifying the configuration

# Verify that the service template is correctly configured.

[AP] display wlan service-template acstname verbose

Service template name : acstname

Description : Not configured

SSID : service

SSID-hide : Disabled

User-isolation : Disabled

Service template status : Enabled

Maximum clients per BSS : Not configured

Frame format : Dot3

Seamless-roam status : Disabled

Seamless-roam RSSI threshold : 50

Seamless-roam RSSI gap : 20

VLAN ID : 1

Service VLAN ID : N/A

Service VLAN TPID : dot1q

AKM mode : PSK

Security IE : RSN

Cipher suite : CCMP

TKIP countermeasure time : 0 sec

PTK lifetime : 43200 sec

PTK rekey : Enabled

GTK rekey : Enabled

GTK rekey method : Time-based

GTK rekey time : 86400 sec

GTK rekey client-offline : Disabled

WPA3 status : Disabled

PPSK : Disabled

PPSK Fail Permit : Disabled

Enhance-open status : Disabled

Enhanced-open transition-mode service-template : N/A

User authentication mode : Bypass

Intrusion protection : Disabled

Intrusion protection mode : Temporary-block

Temporary block time : 180 sec

Temporary service stop time : 20 sec

Fail VLAN ID : Not configured

802.1X handshake : Disabled

802.1X handshake secure : Disabled

802.1X domain : Not configured

MAC-auth domain : Not configured

Max 802.1X users per BSS : 4096

Max MAC-auth users per BSS : 4096

802.1X re-authenticate : Disabled

Authorization fail mode : Online

Accounting fail mode : Online

Authorization : Permitted

Key derivation : SHA1

PMF status : Disabled

Hotspot policy number : Not configured

Forwarding policy status : Disabled

Forwarding policy name : Not configured

Forwarder : AC

FT Status : Enable

FT Method : over-the-ds

FT Reassociation Deadline : 50 sec

QoS trust : Port

QoS priority : 0

QoS U-APSD mode : 1

BTM status : Disabled

# Verify that the roaming status is N/A and the FT status is Active.

[AP] display wlan client verbose

Total number of clients: 1

MAC address : fc25-3f03-8361

IPv4 address : 10.1.1.114

IPv6 address : N/A

Username : N/A

AID : 1

AP ID : 1

AP name : 1

Radio ID : 1

Channel : 36

SSID : service

BSSID : 000f-e266-7788

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 242

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Enabled

SM power save mode : Dynamic

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Not supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

SU beamformee capability : Not supported

MU beamformee capability : Not supported

Beamformee STS capability : N/A

Block Ack : TID 0 In

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,

8, 9, 10, 11, 12, 13, 14,

15, 16, 17, 18, 19, 20,

21, 22, 23

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 10

RSSI : 62

Rx/Tx rate : 130/11

Authentication method : Open system

Security mode : RSN

AKM mode : PSK

Encryption cipher : CCMP

User authentication mode : Bypass

Authorization ACL ID : 3001(Not effective)

Authorization user profile : N/A

Roam status : N/A

Key derivation : SHA1

PMF status : Enabled

Forward policy name : Not configured

Online time : 0days 0hours 1minutes 13seconds

FT status : Active

# Move the client to the coverage of another radio. (Details not shown.)

# Verify that the authentication method is FT and the roaming status is Intra-AC roam.

[AP] display wlan client verbose

Total number of clients: 1

MAC address : fc25-3f03-8361

IPv4 address : 10.1.1.114

IPv6 address : N/A

Username : N/A

AID : 1

AP ID : 2

AP name : 2

Radio ID : 1

Channel : 36

SSID : service

BSSID : 000f-e211-2233

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 242

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Enabled

SM power save mode : Dynamic

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Not supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

SU beamformee capability : Not supported

MU beamformee capability : Not supported

Beamformee STS capability : N/A

Block Ack : TID 0 In

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,

8, 9, 10, 11, 12, 13, 14,

15, 16, 17, 18, 19, 20,

21, 22, 23

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 10

RSSI : 62

Rx/Tx rate : 130/11

Authentication method : FT

Security mode : RSN

AKM mode : PSK

Encryption cipher : CCMP

User authentication mode : Bypass

Authorization ACL ID : 3001(Not effective)

Authorization user profile : N/A

Roam status : Intra-AP roam

Key derivation : SHA1

PMF status : Enabled

Forward policy name : Not configured

Online time : 0days 0hours 5minutes 13seconds

FT status : Active

Example: Configuring over-the-DS FT (802.1X authentication)

Network configuration

Configure intra-AP roaming through over-the-DS FT to enable the client to roam between different radios. Configure 802.1X as the authentication and key management mode.

Procedure

# Create service template stname.

<AP> system-view

[AP] wlan service-template stname

# Set the SSID to service.

[AP-wlan-st-stname] ssid service

# Set the AKM mode to 802.1X.

[AP-wlan-st-stname] akm mode dot1x

# Enable the RSN IE in the beacon and probe responses.

[AP-wlan-st-stname] cipher-suite ccmp

[AP-wlan-st-stname] security-ie rsn

# Set the authentication mode to 802.1X for clients.

[AP-wlan-st-stname] client-security authentication-mode dot1x

[AP-wlan-st-stname] dot1x domain imc

# Enable FT.

[AP-wlan-st-stname] ft enable

# Set the FT method to over-the-DS.

[AP-wlan-st-stname] ft method over-the-ds

# Enable the service template.

[AP-wlan-st-stname] service-template enable

[AP-wlan-st-stname] quit

# Set the 802.1X authentication mode to EAP.

[AP] dot1x authentication-method eap

# Create RADIUS scheme imcc.

[AP] radius scheme imcc

# Set the IP address of the primary authentication and accounting servers to 10.1.1.3.

[AP-radius-imcc] primary authentication 10.1.1.3

[AP-radius-imcc] primary accounting 10.1.1.3

# Set the shared key for the AP to exchange packets with the authentication and accounting servers to 12345678.

[AP-radius-imcc] key authentication simple 12345678

[AP-radius-imcc] key accounting simple 12345678

# Configure the AP to remove the ISP domain name from usernames sent to the RADIUS server.

[AP-radius-imcc] user-name-format without-domain

[AP-radius-imcc] quit

# Create ISP domain imc, and configure the domain to use the RADIUS scheme imcc for authentication, authorization, and accounting.

[AP] domain imc

[AP-isp-imc] authentication lan-access radius-scheme imcc

[AP-isp-imc] authorization lan-access radius-scheme imcc

[AP-isp-imc] accounting lan-access radius-scheme imcc

[AP-isp-imc] quit

# Bind service template stname to WLAN-Radio 1/0/1 on the AP.

[AP] interface wlan-radio 1/0/1

[AP-WLAN-Radio1/0/1] undo shutdown

[AP-WLAN-Radio1/0/1] service-template stname

[AP-WLAN-Radio1/0/1] quit

# Bind service template stname to WLAN-Radio 1/0/2 on the AP.

[AP] interface wlan-radio 1/0/2

[AP-WLAN-Radio1/0/2] undo shutdown

[AP-WLAN-Radio1/0/2] service-template stname

Verifying the configuration

# Verify that the service template is correctly configured.

[AP] display wlan service-template stname verbose

Service template name : stname

Description : Not configured

SSID : service

SSID-hide : Disabled

User-isolation : Disabled

Service template status : Enabled

Maximum clients per BSS : Not configured

Frame format : Dot3

Seamless-roam status : Disabled

Seamless-roam RSSI threshold : 50

Seamless-roam RSSI gap : 20

VLAN ID : 1

Service VLAN ID : N/A

Service VLAN TPID : dot1q

AKM mode : 802.1X

Security IE : RSN

Cipher suite : CCMP

TKIP countermeasure time : 0 sec

PTK lifetime : 43200 sec

PTK rekey : Enabled

GTK rekey : Enabled

GTK rekey method : Time-based

GTK rekey time : 86400 sec

GTK rekey client-offline : Disabled

WPA3 status : Disabled

PPSK : Disabled

PPSK Fail Permit : Disabled

Enhance-open status : Disabled

Enhanced-open transition-mode service-template : N/A

User authentication mode : 802.1X

Intrusion protection : Disabled

Intrusion protection mode : Temporary-block

Temporary block time : 180 sec

Temporary service stop time : 20 sec

Fail VLAN ID : Not configured

802.1X handshake : Disabled

802.1X handshake secure : Disabled

802.1X domain : imc

MAC-auth domain : Not configured

Max 802.1X users per BSS : 4096

Max MAC-auth users per BSS : 4096

802.1X re-authenticate : Disabled

Authorization fail mode : Online

Accounting fail mode : Online

Authorization : Permitted

Key derivation : SHA1

PMF status : Disabled

Hotspot policy number : Not configured

Forwarding policy status : Disabled

Forwarding policy name : Not configured

Forwarder : AC

FT Status : Enable

FT Method : over-the-ds

FT Reassociation Deadline : 20 sec

QoS trust : Port

QoS priority : 0

QoS U-APSD mode : 1

BTM status : Disabled

# Verify that the roaming status is N/A and the FT status is Active.

[AP] display wlan client verbose

Total number of clients: 1

MAC address : fc25-3f03-8361

IPv4 address : 10.1.1.114

IPv6 address : N/A

Username : N/A

AID : 1

AP ID : 1

AP name : 1

Radio ID : 1

Channel : 36

SSID : service

BSSID : 000f-e266-7788

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 242

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Enabled

SM power save mode : Dynamic

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Not supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

SU beamformee capability : Not supported

MU beamformee capability : Not supported

Beamformee STS capability : N/A

Block Ack : TID 0 In

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,

8, 9, 10, 11, 12, 13, 14,

15, 16, 17, 18, 19, 20,

21, 22, 23

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 10

RSSI : 62

Rx/Tx rate : 130/11

Authentication method : Open system

Security mode : RSN

AKM mode : 802.1X

Encryption cipher : CCMP

User authentication mode : 802.1X

Authorization ACL ID : 3001(Not effective)

Authorization user profile : N/A

Roam status : N/A

Key derivation : SHA1

PMF status : Enabled

Forward policy name : Not configured

Online time : 0days 0hours 1minutes 13seconds

FT status : Active

# Move the client to the coverage of another radio. (Details not shown.)

# Verify that the authentication method is FT and the roaming status is Intra-AP roam.

[AP] display wlan client verbose

Total number of clients: 1

MAC address : fc25-3f03-8361

IPv4 address : 10.1.1.114

IPv6 address : N/A

Username : N/A

AID : 1

AP ID : 2

AP name : 2

Radio ID : 1

Channel : 36

SSID : service

BSSID : 000f-e211-2233

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 242

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Enabled

SM power save mode : Dynamic

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Not supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

SU beamformee capability : Not supported

MU beamformee capability : Not supported

Beamformee STS capability : N/A

Block Ack : TID 0 In

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,

8, 9, 10, 11, 12, 13, 14,

15, 16, 17, 18, 19, 20,

21, 22, 23

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 10

RSSI : 62

Rx/Tx rate : 130/11

Authentication method : FT

Security mode : RSN

AKM mode : 802.1X

Encryption cipher : CCMP

User authentication mode : 802.1X

Authorization ACL ID : 3001(Not effective)

Authorization user profile : N/A

Roam status : Intra-AP roam

Key derivation : SHA1

PMF status : Enabled

Forward policy name : Not configured

Online time : 0days 0hours 5minutes 13seconds

FT status : Active

802.11v

About 802.11v

802.11v defines BSS transition management (BTM), which enables clients to roam to the optimal AP if the signal strength of the current AP is low or if a better AP is discovered.

As shown in Figure2-6, BTM operates as follows:

1. If the RSSI of the currently associated AP is too low or the client discovered a better AP, the client sends a BTM query to the associated AP. Upon receiving the query, the AP responds with a BTM request.

A BTM request contains information about recommended BSSs.

2. Upon receiving the BTM request, the client determines whether to disconnect from the current AP and roam to a recommended AP.

3. If the client determines to perform a roaming, it sends a BTM response to the AP. If the client fails to leave the current BSS before the disassociation timer expires, the AP sends a disassociation request to the client and logs off the client.

Figure2-6 BSS transition

‌

Enabling BTM

Restrictions and guidelines

Make sure the service template is disabled before you perform this task.

For BTM to take effect on all clients, use the bss transition-management disassociation command to enable BTM disassociation.

Procedure

1. Enter system view.

system-view

2. Enter service template view.

wlan service-template service-template-name

3. Enable BTM.

bss transition-management enable

By default, BTM is disabled.

Configuring BTM disassociation

About this task

With BTM disassociation configured, an AP sends a BTM request to a client upon receiving a BTM query from the client and guides the client for BSS transition. With forced BTM disassociation configured, the AP forcibly logs off the client if the client fails to leave the current BSS before the disassociation timer expires.

Restrictions and guidelines

Forced BTM disassociation will forcibly log off a client. Use this feature with caution.

For BTM disassociation to take effect, enable BTM first.

Procedure

1. Enter system view.

system-view

2. Enter service template view.

wlan service-template service-template-name

3. Enable BTM disassociation and configure forced disassociation.

bss transition-management disassociation { forced | recommended } [ timer time ]

By default, recommended BTM disassociation is enabled and the disassociation timeout is 90 seconds.

Example: Configuring 802.11v

Network configuration

As shown in Figure2-7, configure 802.11v for the AP to guide the client to an optimal AP.

Figure2-7 Network diagram

‌

Procedure

# Create service template service.

<AP> system-view

[AP] wlan service-template service

# Set the SSID to service.

[AP-wlan-st-service] ssid service

# Enable BTM.

[AP-wlan-st-service] bss transition-management enable

# Specify the BTM disassociation timeout as 45 seconds.

[AP-wlan-st-service] bss transition-management disassociation recommended timer 45

# Enable the service template.

[AP-wlan-st-service] service-template enable

[AP-wlan-st-service] quit

# Enable the AP to obtain BSS candidate information.

[AP] sacp roam-optimize bss-candidate-list enable

# Bind service template service to interface WLAN-Radio 1/0/1.

[AP] interface wlan-radio 1/0/1

[AP-WLAN-Radio1/0/1] undo shutdown

[AP-WLAN-Radio1/0/1] service-template service1

[AP-WLAN-Radio1/0/1] quit

Verifying the configuration

# Verify that BTM has been enabled.

[AP] display wlan service-template service verbose

Service template name : service

Description : Not configured

SSID : service

SSID-hide : Disabled

User-isolation : Disabled

Service template status : Disabled

Maximum clients per BSS : Not configured

Frame format : Dot3

Seamless roam status : Disabled

Seamless roam RSSI threshold : 50

Seamless roam RSSI gap : 20

VLAN ID : 1

Service VLAN ID : N/A

Service VLAN TPID : dot1q

AKM mode : Not configured

Security IE : Not configured

Cipher suite : Not configured

TKIP countermeasure time : 0 sec

PTK lifetime : 43200 sec

PTK rekey : Enabled

GTK rekey : Enabled

GTK rekey method : Time-based

GTK rekey time : 86400 sec

GTK rekey client-offline : Disabled

WPA3 status : Disabled

PPSK : Disabled

PPSK Fail Permit : Enabled

Enhance-open status : Disabled

Enhanced-open transition-mode service-template : N/A

User authentication mode : Bypass

Intrusion protection : Disabled

Intrusion protection mode : Temporary-block

Temporary block time : 180 sec

Temporary service stop time : 20 sec

Fail VLAN ID : Not configured

802.1X handshake : Disabled

802.1X handshake secure : Disabled

802.1X domain : Not configured

MAC-auth domain : Not configured

Max 802.1X users per BSS : 512

Max MAC-auth users per BSS : 512

802.1X re-authenticate : Disabled

Authorization fail mode : Online

Accounting fail mode : Online

Authorization : Permitted

Key derivation : SHA1

PMF status : Disabled

Hotspot policy number : Not configured

Forwarding policy status : Disabled

Forwarding policy name : Not configured

Forwarder : AC

FT status : Disabled

QoS trust : Port

QoS priority : 0

QoS U-APSD mode : 1

BTM status : Enabled

# Verify that the client has come online.

<AC> display wlan client

Total number of clients: 3

MAC address Username R IP address VLAN

4581-61ac-885a N/A 1 192.168.66.230 1

# Verify that the client has been logged off 45 seconds after the AP recommends an optimal AP for the client. (Details not shown.)

Cooperative roaming

About cooperative roaming

Cooperative roaming is defined by H3C to provide AP- and wireless client-guided roaming of wireless clients in an ESS by using IEEE802.11k and IEEE802.11v.

· 802.11k defines Beacon radio measurement, allowing monitoring of channel quality and resource performance on both 2.4 GHz and 5 GHz channels.

· 802.11v defines BSS Transition Management (BTM) to guide 802.11v clients to the optimal AP, improving the access service quality.

Cooperative roaming also supports using APs to monitor 802.11v client signal strength and can proactively guide clients to better services.

Configuring client anti-sticky

About this task

This feature enables APs to examine the signal strength of clients at the specified intervals. For an 802.11v client, its associated AP triggers a BSS transition to guide the client to a better BSS if the signal strength of the client is lower than the threshold. For a non-802.11v client, no action is performed.

Procedure

1. Enter system view.

system-view

2. Enter radio interface view.

interface wlan-radio interface-number

3. Configure client anti-sticky.

sacp anti-sticky { disable | enable [ rssi rssi-value ] [ interval interval ] }

By default, client anti-sticky is enabled.

Enabling an AP to obtain BSS candidate information

About this task

This feature enables an AP to send Beacon requests at specific intervals to clients that support Beacon measurement and obtain information about BSSs detected by the clients. Upon receiving such a request, a client responds with a Beacon Report frame to report BSS information.

With this feature disabled, the AP stops updating BSS candidate information and deletes all the candidates after the aging time expires.

If both this feature and BSS transition management are enabled, the system can guide clients to roam to better services based on BSS candidate information.

Restrictions and guidelines

This feature takes effect only on clients that come online after the feature is configured.

To examine if a client supports beacon measurement, use the display wlan client rm-capabilities command.

Procedure

1. Enter system view.

system-view

2. Enter radio interface view.

interface wlan-radio interface-number

3. Enable an AP to obtain BSS candidate information.

sacp roam-optimize bss-candidate-list { disable | enable [ interval interval ] }

By default, the BSS candidate obtaining feature is disabled.

Display and maintenance commands for cooperative roaming

Execute display commands in any view.

Task	Command
Display client information.	display wlan client [ interface wlan-radio interface-number \| mac-address mac-address \| service-template service-template-name \| vlan vlan-id ] [ verbose ]
Display radio resource measurement capabilities reported by clients.	display wlan client rm-capabilities [ mac-address mac-address ]
Display service template information.	display wlan service-template [ service-template-name ] [ verbose ]

‌

NOTE:

For more information about the display wlan service-template and display wlan client commands, see WLAN access commands in WLAN Access Command Reference.

‌

3 Configuring mobility groups

About mobility groups

A mobility group contains multiple member devices among which clients can roam without IP or authorization changes. Mobility groups expand the scale in which clients can roam.

Terminology

· Inter Access Device Tunneling Protocol—IADTP is an H3C-proprietary protocol that provides a generic packet encapsulation and transport mechanism for devices to securely communicate with each other. Devices that provide roaming services establish an IADTP tunnel with each other to exchange control messages and client information.

· Home AP—An HA is an AP with which a wireless client associates for the first time.

· Foreign AP—An FA is an AP with which a client associates after inter-AP roaming.

· Mobility group—A group that contains multiple member devices among which clients can roam.

Mobility group mechanism

A mobility group enables clients to roam among different APs. These APs must be in the same mobility group and have established an IADTP tunnel with each other.

Figure3-1 Mobility group mechanism

‌

As shown in Figure3-1, inter-AP roaming uses the following procedure:

1. The client comes online from AP 1. AP 1 creates a roaming entry for the client and sends the information to AP 2 through the IADTP tunnel.

2. The client roams to AP 2. AP 2 examines the roaming entry for the client and determines whether to perform fast roaming.

If the client uses RSN + 802.1X authentication and carries the same PMKID as the AP, fast roaming is used, and the client can associate with AP 2 without reauthentication If it is not, the client must be reauthenticated before associating with AP 2.

3. The client associates with AP 2. AP 2 sends a roaming request to AP 1.

4. AP 1 verifies the roaming request and performs either of the following operations:

¡ Sends a roaming response that indicates roaming failure to AP 2 if the request is invalid. AP 2 logs off the client.

¡ Saves the roaming trace and roam-out information and sends a roaming response that indicates roaming success to AP 2 if the request is valid. AP 2 saves roaming-in information for the client.

IADTP tunnel establishment

A device in a mobility group can act as a client to initiate connection requests or act as a server to listen for and respond to the connection requests.

Figure3-2 Establishing an IADTP tunnel

‌

As shown in Figure3-2, two devices establish an IADTP tunnel by using the following procedure:

1. Device A sends a join request to Device B.

2. Upon receiving the join request, Device B uses the local configuration and packet content to identify whether Device A is in the same mobility group.

¡ If they are in the same mobility group, Device B returns a join response with a result code representing success.

¡ If they are in different mobility groups, Device A returns a join response with a result code representing failure.

3. Upon receiving the join response, Device A examines the result code in the response.

¡ If the result code represents failure, Device A does not return any packets.

¡ If the result code represents success, Device A sends a join confirm to Device B.

4. Upon receiving the join confirm, Device B establishes an IADTP tunnel with Device A.

Restrictions and guidelines: Mobility group configuration

You can configure APs by using the following methods:

· Configure APs one by one in AP view.

· Assign APs to an AP group and configure the AP group in AP group view.

· Configure all APs in global configuration view.

For an AP, the settings made in these views for the same parameter take effect in descending order of AP view, AP group view, and global configuration view.

For a service template where an AP is configured as the client authenticator, WLAN roaming is not supported. For more information about client authentication, see User Access and Authentication Configuration Guide.

For RSN + 802.1X clients from different VLANs to roam between devices within a mobility group, make sure uplink interfaces of the member devices permit all client VLANs.

Mobility group tasks at a glance

To configure a mobility group, perform the following tasks:

1. Creating a mobility group

2. (Optional.) Setting an authentication mode for IADTP control messages

3. Specifying an IP address type for IADTP tunnels

4. Specifying the source IP address for establishing IADTP tunnels

5. (Optional.) Setting the DSCP value for IADTP keepalive packets

6. Adding a mobility group member

Perform one of the following tasks:

¡ Manually adding a mobility group member

¡ Enabling automatic group member discovery

7. (Optional.) Specifying the mobility group member role of a device

8. (Optional.) Disabling IADTP data tunnels

9. Enabling a mobility group

10. (Optional.) Enabling tunnel isolation for mobility groups

11. (Optional.) Enabling SNMP notifications for mobility groups

Creating a mobility group

Restrictions and guidelines

For inter-device roaming to operate correctly, create the same mobility group and add members to each device in the mobility group.

You can create only one mobility group on a device.

Procedure

1. Enter system view.

system-view

2. Create a mobility group and enter its view.

wlan mobility group group-name

Setting an authentication mode for IADTP control messages

About this task

This feature enables the device to verify the integrity of control messages transmitted over IADTP tunnels. WLAN roaming supports only the MD5 algorithm.

Procedure

1. Enter system view.

system-view

2. Enter mobility group view.

wlan mobility group group-name

3. Set an authentication mode for IADTP control messages.

authentication-mode authentication-mode { cipher | simple } string

By default, the device does not verify the integrity of IADTP control messages.

Specifying an IP address type for IADTP tunnels

About this task

You must specify an IP address type for IADTP tunnels after you create a mobility group.

Procedure

1. Enter system view.

system-view

2. Enter mobility group view.

wlan mobility group group-name

3. Specify an IP address type for IADTP tunnels.

tunnel-type { ipv4 | ipv6 }

By default, the IP address type for IADTP tunnels is IPv4.

Specifying the source IP address for establishing IADTP tunnels

About this task

A device uses the specified source IP address to establish IADTP tunnels with other member devices within the same mobility group.

Restrictions and guidelines

You can specify one IPv4 address, one IPv6 address, or both, but only the IP address type that is the same as the IP address type for IADTP tunnels takes effect.

Make sure the mobility group is disabled before you specify the source IP address for establishing IADTP tunnels.

Procedure

1. Enter system view.

system-view

2. Enter mobility group view.

wlan mobility group group-name

3. Specify the source IP address for establishing IADTP tunnels.

source { ip ipv4-address | ipv6 ipv6-address }

By default, no source IP address is specified for establishing IADTP tunnels.

Setting the DSCP value for IADTP keepalive packets

About this task

The DSCP value of an IP packet specifies the priority level of the packet and affects the transmission priority of the packet. A greater DSCP value means a higher packet priority.

In a scenario where a device establishes IADTP tunnels with other devices across NAT devices, two devices use IPsec for tunnel encryption and establishment. To prevent IADTP tunnel disconnection because the device cannot receive any IADTP keepalive packets from the peer when the IADTP tunnel is busy, set the DSCP value by using this feature.

Restrictions and guidelines

As a best practice, set the DSCP value to 63 for IADTP keepalive packets.

Procedure

1. Enter system view.

system-view

2. Enter mobility group view.

wlan mobility group group-name

3. Set the DSCP value for IADTP keepalive packets.

tunnel-dscp dscp-value

The default setting is 0.

Adding a mobility group member

Manually adding a mobility group member

About this task

Members in a mobility group are identified by their IP addresses used to establish IADTP tunnels.

You can add both IPv4 and IPv6 members to a mobility group. Only members whose IP address type is the same as the IP address type of IADTP tunnels take effect.

You can specify VLANs for a member, so that other members in the mobility group can directly forward client data of the member from the specified VLANs. If you do not specify VLANs for the member, its client data cannot be directly forwarded by another member in the mobility group unless the clients roam to that member.

Restrictions and guidelines

A device can belong to only one mobility group.

You can add a maximum of 31 IPv4 members and 31 IPv6 members to a mobility group.

When you specify VLANs for a mobility group member, follow these restrictions and guidelines:

· If a mobility group has multiple members, make sure no loops exist among IADTP tunnels between members within the mobility group.

· Make sure the VLANs have not been used by interfaces or services.

· Do not assign VLANs that have been specified for a member to interfaces or services.

Procedure

1. Enter system view.

system-view

2. Enter mobility group view.

wlan mobility group group-name

3. Add a mobility group member.

member { ip ipv4-address | ipv6 ipv6-address } [ vlan vlan-id-list ]

Enabling automatic group member discovery

About this task

Members in a mobility group are identified by their IP addresses used to establish IADTP tunnels. You can add both IPv4 and IPv6 members to a mobility group. Only members whose IP address type is the same as the IP address type of IADTP tunnels take effect.

This feature enables a device to automatically discover member devices in a mobility group by broadcasting its source IP address in the group. Member devices in the group that receive the IP address automatically establish IADTP tunnels with the device. The device joins the mobility group after it establishes IADTP tunnels with all the other members.

Restrictions and guidelines

A device can belong to only one mobility group.

You can add a maximum of 31 IPv4 members and 31 IPv6 members to a mobility group. When the maximum number is reached, the device stops establishing IADTP tunnels with newly discovered devices.

The automatic discovery feature can add only devices in the same subnet as the source IP address.

Prerequisites

Execute the source command to specify the source IP address used for establishing IADTP tunnels.

Procedure

1. Enter system view.

system-view

2. Enter mobility group view.

wlan mobility group group-name

3. Enable automatic group member discovery.

member auto-discovery [ interval interval ]

By default, automatic group member discovery is disabled.

Specifying the mobility group member role of a device

About this task

This feature applies to a scenario where a device establishes an IADTP tunnel with another device in the same mobility group across a NAT device. In this scenario, the device with a lower IP address acts as the client to initiate a connection request to the device with a higher IP address. If the device with a lower IP address resides in the public network, the IADTP tunnel cannot be established. To ensure successful establishment of the IADTP tunnel in this case, specify the device in the private network as the client to initiate the connection request.

Procedure

1. Enter system view.

system-view

2. Enter mobility group view.

wlan mobility group group-name

3. Specify the mobility group member role of the device.

role { client | server }

By default, a member device with a higher IP address acts as the server, and a member device with a lower IP address acts as the client.

Disabling IADTP data tunnels

About this task

CAUTION:

To avoid data loss, do not disable IADTP data tunnels if no service ports are specified on the device for client VLANs.

‌

This feature enables a device to forward client traffic directly out of client VLANs' service ports, instead of through the IADTP data tunnel. This reduces the device's workload caused by processing broadcast packets received from IADTP data tunnels and saves resources for maintaining these tunnels.

Restrictions and guidelines

You must enable or disable IADTP tunnels on all devices in a mobility group.

You can configure this feature only when the mobility group is disabled.

Procedure

1. Enter system view.

system-view

2. Enter mobility group view.

wlan mobility group group-name

3. Disable IADTP data tunnels.

data-tunnel disable

By default, IADTP data tunnels are enabled.

Enabling a mobility group

About this task

This feature enables the device to establish IADTP tunnels and synchronize roaming entries with member devices.

Procedure

1. Enter system view.

system-view

2. Enter mobility group view.

wlan mobility group group-name

3. Enable the mobility group.

group enable

By default, a mobility group is disabled.

Enabling tunnel isolation for mobility groups

About this task

Tunnel isolation prevents devices from forwarding packets between tunnels in a mobility group and avoids broadcast storm when loops exist among devices in the mobility group.

Procedure

1. Enter system view.

system-view

2. Enable tunnel isolation for mobility groups.

wlan mobility-group-isolation enable

By default, tunnel isolation is enabled for mobility groups.

Enabling SNMP notifications for mobility groups

About this task

To report critical WLAN roaming events to an NMS, enable SNMP notifications for mobility groups. For mobility group event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

Procedure

1. Enter system view.

system-view

2. Enable SNMP notifications for mobility groups.

snmp-agent trap enable wlan mobility

By default, SNMP notifications for mobility groups are disabled.

Display and maintenance commands for mobility groups

Execute display commands in any view.

Task	Command
Display information about clients that have roamed to or from the device.	display wlan mobility { roam-in \| roam-out } [ member { ip ipv4-address \| ipv6 ipv6-address }]
Display mobility group information.	display wlan mobility group

‌

Mobility group configuration examples

Example: Configuring a mobility group

Network configuration

As shown in Figure3-3, configure a mobility group to enable the client to roam from AP 1 to AP 2.

Figure3-3 Network diagram

‌

Procedure

1. Configure AP 1:

# Create a service template named service1, set the SSID to trade-off, and enable the service template.

<AP1> system-view

[AP1] wlan service-template service1

[AP1-wlan-st-service1] ssid trade-off

[AP1-wlan-st-service1] service-template enable

[AP1-wlan-st-service1] quit

# Bind the service template to interface WLAN-Radio 1/0/1.

[AP1] interface wlan-radio 1/0/1

[AP1-WLAN-Radio1/0/1] undo shutdown

[AP1-WLAN-Radio1/0/1] service-template service1

[AP1-WLAN-Radio1/0/1] quit

# Bind the service template to interface WLAN-Radio 1/0/2.

[AP1] interface wlan-radio 1/0/2

[AP1-WLAN-Radio1/0/2] undo shutdown

[AP1-WLAN-Radio1/0/2] service-template service1

[AP1-WLAN-Radio1/0/2] quit

# Create a mobility group named office.

[AP1] wlan mobility group office

# Specify the IP address type for IADTP tunnels as IPv4.

[AP1-wlan-mg-office] tunnel-type ipv4

# Specify the source IP address for establishing IADTP tunnels as 10.1.4.22.

[AP1-wlan-mg-office] source ip 10.1.4.22

# Add AP 2 to the mobility group.

[AP1-wlan-mg-office] member ip 10.1.4.23

# Enable the mobility group.

[AP1-wlan-mg-office] group enable

[AP1-wlan-mg-office] quit

2. Configure AP 2:

# Create a service template named service1, specify the SSID as trade-off, and enable the service template.

<AP2> system-view

[AP2] wlan service-template service1

[AP2-wlan-st-service1] ssid trade-off

[AP2-wlan-st-service1] service-template enable

[AP2-wlan-st-service1] quit

# Bind the service template to interface WLAN-Radio 1/0/1.

[AP2] interface wlan-radio 1/0/1

[AP2-WLAN-Radio1/0/2] undo shutdown

[AP2-WLAN-Radio1/0/2] service-template service1

[AP2-WLAN-Radio1/0/2] quit

# Bind the service template to interface WLAN-Radio 1/0/2.

[AP2] interface wlan-radio 1/0/2

[AP2-WLAN-Radio1/0/2] undo shutdown

[AP2-WLAN-Radio1/0/2] service-template service1

[AP2-WLAN-Radio1/0/2] quit

# Create a mobility group named office.

[AP2] wlan mobility group office

# Specify the IP address type for IADTP tunnels as IPv4.

[AP2-wlan-mg-office] tunnel-type ipv4

# Specify the source IP address for establishing IADTP tunnels as 10.1.4.23.

[AP2-wlan-mg-office] source ip 10.1.4.23

# Add AP 1 to the mobility group.

[AP2-wlan-mg-office] member ip 10.1.4.22

# Enable the mobility group.

[AP2-wlan-mg-office] group enable

[AP2-wlan-mg-office] quit

Verifying the configuration

# Verify that a mobility group has been created on AP 1.

[AP1] display wlan mobility group

Mobility group name: office

Tunnel type: IPv4

Source IPv4: 10.1.4.22

Source IPv6: Not configured

Authentication method: Not configured

Mobility group status: Enabled

Member entries: 1

IP address State Online time

10.1.4.23 Up 00hr 00min 12sec

# Verify that a mobility group has been created on AP 2.

[AP2] display wlan mobility group

Mobility group name: office

Tunnel type: IPv4

Source IPv4: 10.1.4.23

Source IPv6: Not configured

Authentication method: Not configured

Mobility group status: Enabled

Member entries: 1

IP address State Online time

10.1.4.22 Up 00hr 00min 05sec

# Get the client online on AP 1 and then make the client roam to AP 2. (Details not shown.)

# Display client roaming information on AP 1 to verify that the client has come online from AP 1 and roamed to AP 2.

[AP1] display wlan mobility roam-track mac-address bce2-659a-3232

Total entries : 2

Current entries: 2

BSSID Created at Online time AP IP address RID AP name

74ea-c8fd-c200 2016-06-14 11:12:28 00hr 06min 56sec 10.1.4.23 2 ap2

74ea-c8fd-c1e0 2016-06-14 11:11:28 00hr 03min 30sec 127.0.0.1 1 ap1

# On AP 1, verify that the client has roamed to AP 2.

[AP1] display wlan mobility roam-out

Total entries: 1

MAC address BSSID VLAN ID Online time FA IP address

bce2-659a-3232 74ea-c8fd-c200 1 00hr 01min 59sec 10.1.4.23

# On AP 2, verify that the client has associated with AP 2, and the roaming status is Inter-AP roam.

[AP2] display wlan client verbose

Total number of clients: 1

MAC address : bce2-659a-3232

IPv4 address : 192.168.0.5

IPv6 address : N/A

Username : N/A

AID : 978

Radio ID : 2

Channel : 36

SSID : trade-off

BSSID : 74ea-c8fd-c200

VLAN ID : 1

VLAN ID2 : N/A

Sleep count : 49

Wireless mode : 802.11gn

Channel bandwidth : 20MHz

20/40 BSS Coexistence Management : Not supported

SM power save : Disabled

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

STBC RX capability : Supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

Block Ack : TID 0 In

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7

Supported rates : 1, 2, 5.5, 6, 9, 11,

12, 18, 24, 36, 48, 54 Mbps

QoS mode : WMM

Listen interval : 3

RSSI : 40

Rx/Tx rate : 6.5/6.5 Mbps

Authentication method : Open system

Security mode : PRE-RSNA

AKM mode : Not configured

Cipher suite : N/A

User authentication mode : Bypass

Authorization ACL ID : N/A

Authorization user profile : N/A

Authorization CAR : N/A

Roam status : Inter-AP roam

Key derivation : N/A

PMF status : N/A

Forwarding policy name : Not configured

Online time : 0days 0hours 0minutes 54seconds

FT status : Inactive

# Verify that the client has roamed from AP 1 to AP 2.

[AP2] display wlan mobility roam-in

Total entries: 1

MAC address BSSID VLAN ID HA IP address

bce2-659a-3232 74ea-c8fd-c200 1 10.1.4.22

09-WLAN Roaming Configuration Guide

About this task

Restrictions and guidelines

Procedure

Network configuration

Procedure

Verifying the configuration

Intra-AP roaming through over-the-air FT

Inter-AP roaming through over-the-air FT

Intra-AP roaming over-the-DS FT

Network configuration

Procedure

Verifying the configuration

Network configuration

Procedure

Verifying the configuration

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

Network configuration

Procedure

Verifying the configuration

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Procedure

Specifying the source IP address for establishing IADTP tunnels

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Prerequisites

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Procedure

About this task

Procedure

Network configuration

Procedure

Verifying the configuration

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us