Knowledge Search


×
 

[WLA/WLC] Understanding why users get assigned to different VLAN after roaming to another WLC

  [KB34058] Show Article Properties


Summary:

This article explains why wireless users get assigned to a different VLAN after roaming to another WLC.

Solution:

In some cases, a user is assigned to a different VLAN after roaming to another WLC. There are different ways in which a VLAN is assigned to a user after roaming from one WLC to another.

VLAN Assignment after Roaming from one WLC to another is possible as per the following table:

Note: "Yes" in the table above indicates the VLAN is set on the roamed-to WLC, by the mechanism indicated by the column header. "No" means the VLAN is not set. "Yes or No" means the mechanism does not affect the outcome, because another mechanism is set.

The VLAN Assigned by each of the column as per the above table clearly indicates the mechanism used by the roamed-to WLC to assign the VLAN, based on the various ways the VLAN is set on that WLC.

  • Location Policy means the VLAN is assigned by a location policy on the roamed-to WLC. (The VLAN is assigned by the vlan vlanid option of the set location policy permit command.)

  • AAA means the Vlan-name attribute is set on for the user or the user group, in the roamed-to WLC local database or on a RADIUS server used by the roamed-to WLC to authenticate the user. (The VLAN is assigned by the vlan-name vlanid option of the set user attr, set usergroup attr, set mac-user, or set mac-usergroup command.)

  • keep-initial-vlan means that the VLAN is not reassigned. Instead, the VLAN assigned on the first WLC is retained. (The keep-initial-vlan option is enabled by the set service-profile name keep-initial-vlan enable command, entered on the roamed-to WLC. The name is the name of the service profile for the associated user SSID.)

  • SSID means the VLAN is set on the roamed-to WLC, in the service profile for the associated user SSID. (The Vlan-name attribute is set by the set service-profile name attr vlan-name vlanid command, entered on the roamed-to WLC. The name is the name of the service profile for the SSID the user is associated with.)

In addition, even after configuring keep-initial-vlan, a user VLAN can be reassigned by AAA or a location policy as per the priority mentioned in the above table.

Informational Note: The keep-initial-vlan option does not apply to Web-Portal clients. Instead, VLAN assignment for roaming Web-Portal clients automatically works as when keep-initial-vlan is enabled. The VLAN initially assigned to a Web-Portal user is not changed except by a location policy, AAA, or SSID default setting on the roamed-to switch.

 

Related Links: