202 CCNA Wireless Official Exam Certification Guide
Controller A
Primary WLAN A
Secondary WLAN B
Tertiary WLAN C
Controller B Controller C
Primary WLAN B
Secondary WLAN C
Tertiary WLAN A
Primary WLAN C
Secondary WLAN A
Tertiary WLAN B
Figure 11-8 Controller Redundancy
controller for WLAN A. Each WLAN has a different primary, secondary, and tertiary con-
troller.
Another form of controller redundancy is using link aggregation (LAG) or multiple AP
managers.
You can also have a primary and backup port on a controller. If the primary goes down,
you can use the backup.
Common designs for controller redundancy include the following:
■ N+1:This design has a single backup for multiple controllers. If you have five con-
trollers with one backup for all of them to share, the backup can easily become over-
whelmed if more than one controller is down at a time.
■ N + N: This design allows each controller to back up the other. For example, AP-1
points to WLC1 as its primary and WLC2 as its secondary. AP-2 points to WLC2 as
its primary and WLC1 as its secondary. Load balancing is desired between APs and
controllers. Also, if one controller is maxed out with APs, the design is no good.
■ N + N + 1: This is the most redundant design. Each controller backs up the other, and
an extra is designed as a backup. Take the same example as N + N but add a third
controller, WLC-BACKUP, that every AP points to as the tertiary.
The AP Is Joined, Now What?

You can change the mode by navigating to Wireless > APs > All APs > Detail.
Now that you have an AP joined with a controller, what can it do? Most people expect it
to get them to the Internet. Your AP can actually serve numerous roles based on the mode
13_1587202115_ch11.qxp 9/29/08 2:41 PM Page 202
Chapter 11: Controller Discovery and Association 203
it is in. Different APs support different modes. An AP can operate in each of the following
modes:
■ Local
■ Monitor
■ Sniffer
■ Rogue Detector
■ Hybrid REAP
■ Bridge
The sections that follow describe each of these modes in greater detail.
Local Mode
This is business as usual for an AP. In this mode, the AP scans all channels over a 180-sec-
ond period for monitoring services, and it inspects management packets for intrusion de-
tection system (IDS) signature matches.
You can also use this mode for site surveys.
When the AP scans channels, it jumps to each unassigned channel for 60 ms and then goes
back to its assigned channel for 13 seconds. The purpose of scanning channels is to moni-
tor traffic.
Monitor Mode
Monitor mode is passive. When in this mode, the AP does not send traffic out of its ra-
dios, and it does not allow client connections. This mode is used for finding rogue APs or
IDS matches, troubleshooting, or site surveys. Monitor mode APs can be used with the lo-
cation appliance to increase accuracy. Scanning is based on the country, and the command
config advanced 802.11b monitor channel-list can change the value of the channels mon-
itored.
Sniffer Mode

This mode operates with an OmniPeak, Airmagnet, or Wireshark server to capture data.
The encapsulation of the captured data is specific to the product with which it is used.
The AP sends the data to the specified device for review. This mode is used to gather time
stamps, signal strength, packet size, and other relevant information. You can use this mode
as a troubleshooting tool for forensics.
Rogue Detection Mode
This special role communicates rogue AP information between WLCs. In this mode, the
radios on the AP are turned off, and it listens for ARP messages on the wired network. It
compares the MAC information to a rogue AP and client MAC list that it receives from
the controller. The AP forwards this to other controllers. If an ARP is heard on the wired
LAN, the controller generates an alarm.
13_1587202115_ch11.qxp 9/29/08 2:41 PM Page 203
204 CCNA Wireless Official Exam Certification Guide
H-REAP Mode
H-REAP mode is designed to be used when you have APs across a WAN and you want to
use the controller at a central site. The big issue is that the controller is connected via a
WAN link, so you must follow certain guidelines:
■ The link cannot be any slower than 128 kbps.
■ Roundtrip latency cannot be more than 100 ms roundtrip.
■ The AP needs to get a 4-MB code update across the WAN link.
The AP needs to communicate with the controller for only a short time during the initial
phase, and then it can function without it but with reduced functionality. The two modes
of operation are as follows:
■ Connected mode: In Connected mode, the AP can communicate with the con-
troller.
■ Standalone mode: In Standalone mode, the AP is disconnected and is unable to
reach the controller. All client requests are based on a configuration that is local to
the AP. This mode is supported on the AP 1130, AP 1240, and AP 1250.
Bridge Mode
In Bridge mode, the AP can act as a bridge and allow client access. APs can use point-to-

point or point-to-multipoint links. To determine the best path, the APs use a protocol
called Adaptive Wireless Path Protocol (AWPP). Cisco calls this an iMesh for indoor APs
and a mesh for outdoor APs.
13_1587202115_ch11.qxp 9/29/08 2:41 PM Page 204
Chapter 11: Controller Discovery and Association 205
Table 11-2 Key Topics for Chapter 11
Key Topic Item Description Page Number
List in the section “Understanding the
Different LWAPP Modes”
Steps of LWAPP 193
Figure 11-2 AP states 196
List in the section “How an LWAPP AP
Discovers a Controller”
AP states process 200
Figure 11-4 How the AP gets its image 199
Exam Preparation Tasks
Review All the Key Concepts
Review the most important topics from this chapter, noted with the Key Topics icon in the
outer margin of the page. Table 11-2 lists a reference of these key topics and the page
number where you can find each one.
Definition of Key Terms
Define the following key terms from this chapter, and check your answers in the Glossary:
Lightweight Access Point Protocol (LWAPP), Layer 3 LWAPP mode, LWAPP discovery re-
quest, LWAPP discovery response, AP priming, join request message, master controller, N
+ 1, N + N, N + N + 1, Local mode, Monitor mode, Sniffer mode, Rogue Detection mode,
Hybrid REAP mode, Bridge mode, over-the-air provisioning (OTAP)
13_1587202115_ch11.qxp 9/29/08 2:41 PM Page 205
This chapter covers the following subjects:
Understanding Roaming: Looks at the concept
of roaming and how it should work.

Types of Roaming: Discusses Layer 2 and Layer
3 roaming as well as mobility anchor configurations.
14_1587202115_ch12.qxp 9/29/08 2:38 PM Page 206
CHAPTER 12
Adding Mobility with Roaming
Table 12-1 “Do I Know This Already?” Section-to-Question Mapping
Foundation Topics Section Questions
Understanding Roaming 1–5
Types of Roaming 6–11
More and more frequently, end users are expecting the ability to begin a transfer and then
change locations seamlessly. This is where roaming functionality comes into play. Roaming
is a big part of wireless networks. To facilitate this process, you need to be aware of some
terms and options. This chapter introduces you to those terms and how the roaming
process is configured.
You should take the “Do I Know This Already?” quiz first. If you score 80 percent or
higher, you might want to skip to the section “Exam Preparation Tasks.” If you score be-
low 80 percent, you should review the entire chapter.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you determine your level of knowledge of this
chapter’s topics before you begin. Table 12-1 details the major topics discussed in this
chapter and their corresponding quiz questions.
1. Which of the following describes a mobility group?
a. A set of users with rights to roam
b. A group of controllers configured with the same hostname
c. A group of controllers configured in the same mobility group
d. A set of controllers that roam
14_1587202115_ch12.qxp 9/29/08 2:38 PM Page 207
2. Controllers that are aware of each other but that are in different mobility groups are
said to be in what?
a. Mobility chain

b. Mobility mode
c. Mobility-aware mode
d. Mobility domain
3. How many mobility domains can a controller be a member of?
a. One
b. Two
c. Three
d. Four
4. True or false: A client can roam from one mobility group to another in the same mo-
bility domain.
a. True
b. False
5. True or false: A client can roam between two controllers in different mobility do-
mains.
a. True
b. False
6. Which of the following are valid roaming types? (Choose two.)
a. Layer 2 roaming
b. Seamless AP roaming
c. Layer 3 roaming
d. Layer 4 roaming
7. Which of the following statements is not true?
a. For roaming to work, the controllers need to be in the same mobility domain.
b. For roaming to work, the controllers need to run the same code version.
c. For roaming to work, the controllers need to operate in the same LWAPP mode.
d. For roaming to work, the SSID (WLAN) does not necessarily need to be the
same.
208 CCNA Wireless Official Exam Certification Guide
14_1587202115_ch12.qxp 9/29/08 2:38 PM Page 208
Chapter 12: Adding Mobility with Roaming 209

8. What is the term for roaming from one AP to another AP managed by the same con-
troller?
a. Same-controller roaming
b. Intercontroller roaming
c. Intracontroller roaming
d. This is not roaming.
9. What is the term for roaming from one AP to another AP managed by a different con-
troller?
a. Same-controller roaming
b. Intercontroller roaming
c. Intracontroller roaming
d. This is not roaming.
10. What is it called when client traffic is tunneled back to the anchor controller before
being sent to its destination?
a. Symmetric tunneling
b. Asymmetric tunneling
c. Anchor roaming
d. Layer 2 roaming
11. What is it called when client traffic is sent directly to a destination and return traffic
goes to an anchor controller before being sent back to the client on a foreign con-
troller?
a. Symmetric tunneling
b. Asymmetric tunneling
c. Anchor roaming
d. Layer 3 roaming
14_1587202115_ch12.qxp 9/29/08 2:38 PM Page 209
Foundation Topics
Understanding Roaming
It’s probably safe to say that most people understand the concept of roaming at a high
level. You want to move from your desk to the conference room. The conference room is

on the other side of the building, but you are in the middle of a large upload. You don’t
sweat it because you are on a wireless network and wireless is “everywhere”!
That sounds nice, and that’s what wireless networks have to offer, but how does wireless
get “everywhere”? From what you have learned so far, you know that a wireless signal
can’t travel “everywhere” because of absorption, refraction, scattering, and more. You’ve
also learned a little about roaming and how an AP needs some overlap to facilitate the
process. But there is still more to it. If you step back and look at the big picture, you start
to see that the controller has to be involved in this lightweight AP deployment. How is the
controller involved? To understand that, you need to understand mobility groups.
Understanding Mobility Groups
In simple terms, a mobility group is a setting on a controller that defines the controller as
a member of a group. Other controllers would also be members of that group. These con-
trollers share information about the clients that are roaming. In Figure 12-1, two con-
trollers are in the same mobility group. They can exchange information about the client
that is roaming. Figure 12-2 shows a network with three controllers. Controller1 and Con-
troller2 are in the same mobility group, and Controller3 is in a different one. When this
scenario occurs, the three controllers are considered to be in the same mobility domain.
A controller can be aware of another controller in a different mobility group as long as
they are in the same mobility domain. This allows them to exchange information regarding
their clients. This allows clients in different mobility groups to roam between the different
mobility domains. If the controllers were in different mobility groups and did not have
knowledge of each other, roaming could not occur. To provide this knowledge, you as an
administrator need to enter the MAC address and management IP address of the other
controller in the first controller, and vice versa. In other words, Controller2 needs to be
configured with Controller3’s MAC and management IP addresses, and Controller3 needs
to be configured with Controller2’s MAC and IP addresses.
To set this up in the controller, first you need to configure the controller’s mobility do-
main. Remember that multiple controllers share the same mobility group, and controllers
in different mobility groups can communicate with each other if they are part of the same
mobility domain. To configure the mobility domain using the controller web interface,

choose CONTROLLER > General.
A controller can be in only one mobility group and one mobility domain. To configure the
mobility group, choose CONTROLLER > Mobility Management. Controllers that are in
the same mobility group have the same virtual gateway IP address. You can add these con-
trollers by clicking New and then adding the IP address, MAC address, and mobility group
of the other controller, as shown in Figure 12-3. In Figure 12-3, Controller2 is added to
Controller1. If you have more than one controller to add, you can do it all at once. First
you create a text file that includes the controller MAC address and IP address for each
210 CCNA Wireless Official Exam Certification Guide
14_1587202115_ch12.qxp 9/29/08 2:38 PM Page 210
Roaming
Client
Wired
Network
AP2AP1
Mobility_1
Mobility
Messages
Controller1
Controller2
Figure 12-1 Mobility Group
AP3AP2
Mobility Domain_1
Controller2Controller1
Controller3
Mobility_2Mobility_1
Wired
Network
Roaming
Client

Mobility
Messages
AP1
Figure 12-2 Mobility Domain
Chapter 12: Adding Mobility with Roaming 211
Key
Topi
c
Key
Topi
c
14_1587202115_ch12.qxp 9/29/08 2:38 PM Page 211