Dear all,
I have been working on L3 Roaming between two ACs. The result I have got is that I see the station roaming from the Home AP to the Foreing AP but the station has no IP connectivity to neither its default gateway, neither stations in the same subnets.
My scenario includes L3 roaming in direct forwarding. I have two AC6005 version V200R006C10SPC100 with two AP6010DN version V200R006C10SPC800.
Here there are the config.
AC1 is the Master Controller
<AC1>dis cu
#
sysname AC1
#
http secure-server ssl-policy default_policy
http server enable
#
vlan batch 10 to 14 100 801
#
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
dot1x-access-profile name dot1x_access_profile
mac-access-profile name mac_access_profile
#
master-controller enable
#
dhcp enable
#
diffserv domain default
#
radius-server template default
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
ip pool ap
gateway-list 10.1.10.1
network 10.1.10.0 mask 255.255.255.0
option 43 sub-option 2 ip-address 10.1.201.100
#
ip pool sta1
gateway-list 10.1.11.1
network 10.1.11.0 mask 255.255.255.0
#
ip pool sta2
gateway-list 10.1.12.1
network 10.1.12.0 mask 255.255.255.0
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password irreversible-cipher %^%#gVua".Ei/PhZ;1T,S%wFl:sx&F8f|=VzRcS%i(yEtboIW-Wn"3W-A"B!5gb1%^%#
local-user admin privilege level 15
local-user admin service-type ssh http
#
interface Vlanif1
ip address 169.254.1.1 255.255.0.0
#
interface Vlanif10
ip address 10.1.10.100 255.255.255.0
dhcp select global
#
interface Vlanif11
ip address 10.1.11.100 255.255.255.0
dhcp select global
#
interface Vlanif12
ip address 10.1.12.100 255.255.255.0
dhcp select global
#
interface Vlanif13
ip address 10.1.13.100 255.255.255.0
#
interface Vlanif14
ip address 10.1.14.100 255.255.255.0
#
interface Vlanif100
ip address 10.0.0.136 255.255.255.0
#
interface Vlanif801
ip address 10.1.201.100 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 to 14 801
#
interface NULL0
#
undo snmp-agent
#
stelnet server enable
undo telnet ipv6 server enable
ssh server secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128 3des
ssh server secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5 md5_96
ssh client secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128 3des
ssh client secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5 md5_96
#
ip route-static 0.0.0.0 0.0.0.0 10.1.201.1
#
capwap source interface vlanif801
#
user-interface con 0
authentication-mode password
set authentication password cipher %^%#7vMvTuXokLj)eLJAOH}4{wOBLTee_.]ci#)y=]FX[Y8Q-O{>#:,~yD(o2T4H%^%#
idle-timeout 15 0
user-interface vty 0 4
authentication-mode password
user privilege level 3
set authentication password cipher %^%#dLmsU,W\4L!^'HMa=*/B|/.`1knYH:p$rT5&&j+5F|wh=$^X8U{:(6Q{&}ZS%^%#
protocol inbound telnet
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-phrase %^%#`oL'23(GwAYT{>5IU~rQEr0I&oD=U~o8|6X7I3vS%^%# aes
security-profile name default-mesh
security wpa2 psk pass-phrase %^%#9:fQP<JC54&sLi3j7G$<L,wo&<PSI$@K1}"X8Wx6%^%# aes
security-profile name employee1
security wpa2 psk pass-phrase %^%#$)&v*QhVtC#1FT,*fQWFK=sG!e\WjBBg9r@tl;)*%^%# aes
ssid-profile name default
ssid-profile name employee1
ssid Employee1
vap-profile name default
vap-profile name employee1
service-vlan vlan-id 11
ssid-profile employee1
security-profile employee1
vap-profile name employye1
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
regulatory-domain-profile name domain1
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-profile name default
ap-system-profile name default
provision-ap
port-link-profile name default
wired-port-profile name default
ap-group name default
ap-group name ap-group1
regulatory-domain-profile domain1
radio 0
vap-profile employee1 wlan 1
eirp 1
radio 1
vap-profile employee1 wlan 1
radio disable
ap-id 1 type-id 19 ap-mac 2831-5259-4840 ap-sn 2102354196W0D4000513
ap-name ap1
ap-group ap-group1
#
master controller
ac id 1 ip 10.1.201.100
ac id 2 ip 10.1.202.100
mobility-group name mobility
member ac id 1
member ac id 2
#
undo ntp-service enable
#
return
AC2 is the other Controller in the Mobility Group
<AC2>dis cu
#
ftp server enable
sysname AC2
#
http secure-server ssl-policy default_policy
http server enable
#
vlan batch 20 to 24 100 802
#
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
dot1x-access-profile name dot1x_access_profile
mac-access-profile name mac_access_profile
#
dhcp enable
#
diffserv domain default
#
radius-server template default
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
ip pool ap
gateway-list 10.1.20.1
network 10.1.20.0 mask 255.255.255.0
option 43 sub-option 2 ip-address 10.1.202.100
#
ip pool sta1
gateway-list 10.1.21.1
network 10.1.21.0 mask 255.255.255.0
#
ip pool sta2
gateway-list 10.1.22.1
network 10.1.22.0 mask 255.255.255.0
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password irreversible-cipher %^%#{XkV$8^f-(IbLIKjFj|N]g:w.'ma!9`iusUeore@A;2<.f!":3`.2WHq3&\X%^%#
local-user admin privilege level 15
local-user admin ftp-directory sdcard:
local-user admin service-type ssh ftp http
#
interface Vlanif1
ip address 169.254.1.1 255.255.0.0
#
interface Vlanif20
ip address 10.1.20.100 255.255.255.0
dhcp select global
#
interface Vlanif21
ip address 10.1.21.100 255.255.255.0
dhcp select global
#
interface Vlanif22
ip address 10.1.22.100 255.255.255.0
dhcp select global
#
interface Vlanif23
ip address 10.1.23.100 255.255.255.0
#
interface Vlanif24
ip address 10.1.24.100 255.255.255.0
#
interface Vlanif100
ip address 10.0.0.137 255.255.255.0
#
interface Vlanif802
ip address 10.1.202.100 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
port link-type trunk
port trunk allow-pass vlan 20 to 24 802
#
interface NULL0
#
undo snmp-agent
#
stelnet server enable
undo telnet ipv6 server enable
ssh server secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128 3des
ssh server secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5 md5_96
ssh client secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128 3des
ssh client secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5 md5_96
#
ip route-static 0.0.0.0 0.0.0.0 10.1.202.1
#
capwap source interface vlanif802
#
user-interface con 0
authentication-mode password
set authentication password cipher %^%#|3U"8>+Gh58w#)P&2m&3aV9E/xP'A/U.E|>4(ro0I'!MX(`;mBs5-X,puVrU%^%#
idle-timeout 15 0
user-interface vty 0 4
authentication-mode password
user privilege level 3
set authentication password cipher %^%#c1-5NMOGr/~wklTj}FvHY{MQP#jadLsf7&@!xh#Gr.Mq"To|y8bu}Y6LF%u9%^%#
protocol inbound telnet
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-phrase %^%#LjrB77Ms!%#'JD8wn,WFgqcy8*o1OThPT:+5GyxP%^%# aes
security-profile name default-mesh
security wpa2 psk pass-phrase %^%#p-,YW'N9,W<YIwYk4~K6g$KRJ*5UgW6FKsH"P|xX%^%# aes
security-profile name employee2
security wpa2 psk pass-phrase %^%#3z\1>miCY=0Y}hO_&0{W[EBRIm-B+SIl5#D-#s@=%^%# aes
ssid-profile name default
ssid-profile name employee2
ssid Employee1
vap-profile name default
vap-profile name employee2
service-vlan vlan-id 21
ssid-profile employee2
security-profile employee2
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
regulatory-domain-profile name domain2
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-profile name default
ap-system-profile name default
provision-ap
port-link-profile name default
wired-port-profile name default
master-controller ip 10.1.201.100
ap-group name default
ap-group name ap-group2
regulatory-domain-profile domain2
radio 0
vap-profile employee2 wlan 1
radio 1
vap-profile employee2 wlan 1
radio disable
ap-id 2 type-id 19 ap-mac 2831-5259-4b80 ap-sn 2102354196W0D4000539
ap-name ap2
ap-group ap-group2
#
undo ntp-service enable
#
return
This is the state of the mobility group
<AC1>display mobility-group name mobility
--------------------------------------------------------------------------------
AC ID State IP address
--------------------------------------------------------------------------------
1 normal 10.1.201.100
2 normal 10.1.202.100
--------------------------------------------------------------------------------
Total: 2
[AC2-wlan-group-radio-ap-group2/0]display station all
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
-------------------------------------------------------------------------------------------------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address SSID
-------------------------------------------------------------------------------------------------
f823-b2f7-a547 2 ap2 0/1 2.4G 11n 64/57 -58 11 10.1.11.254 Employee1
-------------------------------------------------------------------------------------------------
Total: 1 2.4G: 1 5G: 0
[AC2-wlan-group-radio-ap-group2/0]disp stat roam-track sta-mac f823-b2f7-a547
Access SSID:Employee1
Rx/Tx: link receive rate/link transmit rate(Mbps)
------------------------------------------------------------------------------
L2/L3 AC IP AP name Radio ID
BSSID TIME In Rx/Tx RSSI Out Rx/Tx RSSI
------------------------------------------------------------------------------
-- 10.1.201.100 ap1 0
2831-5259-4840 2017/03/23 16:05:31 65/65 -54 60/62 -59
L3 10.1.202.100 ap2 0
2831-5259-4b80 2017/03/24 07:08:38 65/65 -63 -/- -
------------------------------------------------------------------------------
Number of roam track: 1
So Station roams but when I ping the default gateway or any other stations I have no response. Can anyone help me in this?
Regards
Mirko
