Reset Search



Layer 3 Roaming Configuration in HiveManager

« Go Back


TitleLayer 3 Roaming Configuration in HiveManager
Layer-3 roaming can happen when a client is roaming among APs with the same SSID configured in following 2 scenarios:

Inter-gateway layer-3 roaming.

This is the normal user case, AP A and B is separated by a layer-3 router, when a client roams from A to B, if configured to do so, layer-3 roaming will happen, so that a GRE tunnel will build up from B back to A for back-hauling client’s traffic without ip-address changed required.

Intra-gateway layer-3 roaming.

Some networks may have the following deployment; 2 APs plugged into the same switch but they will assign different vlans when client associate to the same SSID (through assignment rules). In this case, when a client roams, even though the 2 APs are plugged into same layer-2 broadcast domain, layer-3 roaming still need to happen to provide the client a non-interrupted IP connection (Without the client being issued a new IP address), if the AP is configured to do so.

In both scenarios, whether or not layer-3 roaming will happen is independent of the AP’s mgt ip-address assignment. It’s decided if the client will be assigned to the same vlan or not.

Roaming mechanism

Layer-3 roaming may occur only when the “home AP� is configured to do so. A “home AP� is the first AP in the WiFi network a client associates to in a hive.

After the client is associated to its “home-AP�, the client’s dnxp (Dynamic Network Extension Protocol) cache information will be propagated to its immediate radio neighbor (or static neighbor if configured). When this client roams to its neighbor AP, the “roam-to� AP will check the client’s mac-addr against the dnxp cache to decide if a layer-3 roaming tunnel should be built for this client. Then the “roam-to� AP will propagate the roaming cache to its neighbors as well. If the client moves further away from the “home-AP�, similar logic happens at the new “roam-to� AP.

When a layer-3 roaming tunnel is first setup, the tunnel end point will be selected as one of the portal APs in the client’s home-LAN. Typically the DA (Designated AP) will select the least busy AP. The dnxp-cache will have the layer-3 tunnel information as well as the client’s original VLAN information. Once a tunnel has been built, if a client keeps roaming further from the “home-AP�, the tunnel will try to keep the same end point; unless it’s the “home-AP� maximum tunnel capacity is reached. If this occurs, then a new tunnel end point will be selected using the same logic as when tunnel first was established. Should the client keep roaming into other subnet, the layer3-roaming will continue to occur until this client roams back to an AP in its home-LAN. When this occurs, the client is assigned the same VLAN as the client’s original vlan in dnxp-cache, and layer-3 roaming will stop.
Configuration of Layer 3 Roaming Object for use in HiveManager

Enabling Layer 3 Roaming on User Profile

User-added image

Considerations to be made:
  • With layer 3 roaming the APs will open a GRE tunnel between an AP in the Home Network and the AP the client roams to.
  • Therefore, if APs are hosted in separate management networks, there must be a route between the networks.
  • In order for layer 3 roaming to work correctly,  APs  that a client would mesh to, need to know if a L3 link is needed.
    • This is achieved through the use of the DNXP (Dynamic Network Extension Protocol). Just as  AMRP is passed between AP is radio range, so is DNXP.
    • Therefore, if  a WiFi clients roams to an AP that is not receiving DNXP information from the previous AP, the AP will treat the WiFi client as a new client . A New IP address will likely be issued.

  • The most common issue with Layer 3 roaming is the roaming client being issued a new IP address rather than retaining the original IP address the client received when the client first joined the SSID.
  • Need to identify the last AP which correctly hosted the client and the AP where the client was issued a new IP address.
  • The command “show amrp dnxp neiâ€� will show all the APs that the current AP is passing DNXP information to.

User-added image
  • If the AP the WiFi client roamed to when it received a new IP address is not in the output, that would indicate that DNXP information is not be passed to the AP.
  • The “show amrp dnxp neiâ€� is generated based upon the other Aerohive APs heard (in radio range) by this AP.
    • You may need to manually add the the â€�problematicâ€� AP to this APs neighbor list.

User-added image
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255