Information about Client Roaming Policy Profile
In Cisco Catalyst 9800 Series Wireless controller, each WLAN must be associated to a policy profile using a policy tag. Since the policy profile represent the policy defined by the administrator, the general rule is that the controller will not allow seamless roaming between same WLAN associated with different policy profile. The client will be disconnected hence disrupting seamless roaming and client will be required to join again and the new policy can be evaluated and implemented.
When you enable roaming across policy profile, if the two policy profiles differ only in the settings as listed, then client seamless roaming is allowed to same wlan associated to different policy profiles.
A typical use case is when clients roaming across two APs that belong to different policy tag and have WLAN associated with different policy profiles with different VLAN setting for each policy profile. If roaming across policy profile is enabled, the controller allows seamless roaming to another policy profile even if the VLAN is different and the client retains the original IP address. The controller applies all other attributes except VLAN from the new policy profile to which client has joined.
Client roaming across policy profiles is not allowed if there are different policy profile configurations. However; the following are the exceptions:
-
Accounting list
-
CTS
-
DHCP-TLV-caching
-
Dot11 5 Ghz airtime-fairness
-
Dot11 24 Ghz airtime-fairness
-
ET-analytics enable
-
http-TLV-caching
-
Idle-threshold
-
Idle-timeout
-
MDnS-SD service policy
-
IPv4 ACL
-
IPv6 ACL
-
QBSS load
-
RADIUS profiling
-
Session timeout
-
SIP CAC disassociation client
-
SIP CAC send-486busy
-
VLAN
You must execute the configuration in the global configuration mode. When a client roam across policy profile is attempted, the roam is either a success or a failure. However; the total roam across policy profiles counter under client global statistics section increments. But when the roam across policy profile is denied then roam across policy profile deny delete reason counter is incremented.
Note |
This feature is not supported on fabric and on Cisco 9800 FlexConnect. |
The following is an example in which case a client roams across policy profiles PP1 and PP2 will be denied.
wireless profile policy PP1
vlan 42
no shutdown
wireless profile policy PP2
aaa-override
vlan 43
no shutdown