WLAN Intercontroller Layer 2 and Layer 3 Roaming

A single controller may be insufficient to accommodate wireless network growth. When two or more WLAN controllers (WLCs) support the Access Points in the wireless network, the APs can be distributed between them. When the clients become mobile, they roam from one AP to another, and they can also roam from one WLC to another through Layer 2 or Layer 3 roaming.


Layer 2 Intercontroller Roaming

When a mobile client roams from one Access Point to a new one, and if those APs are on different WLCs, then the client makes an intercontroller roam. The image below shows two controllers, with WLC-1 having one database entry for Client-1.

Layer 3 Roaming

The client reassociates with AP-2, roaming from one WLC to another. The move is coordinated by the two WLCs and involves the client’s IP address. Before roaming, the client associates with AP-1 and obtains an IP address from the subnet and VLAN configurations on the WLAN provided by WLC-1. Since the WLAN Staff is designated to VLAN 10, the client uses an IP address from the subnet range.

When a client roams to a different Access Point, it will attempt to continue using its existing IP address or renew or request a new IP address from a DHCP server. The image below shows the client roaming to AP-2. The WLAN Staff has the same VLAN 10 and subnet, the same as WLC-2.

The client roamed between different APs but stayed on the same subnet and VLAN, which is considered a Layer 2 intercontroller roam. Layer 2 or local-to-local roams allows the client to keep its IP address, and the roaming process is fast, usually less than 20 ms.

Layer 2 WLC Roaming


Layer 3 Intercontroller Roaming

WLAN interfaces on WLCs can also be assigned to different VLANs and subnets. So when a wireless client roams from one WLC to another, it could end up on a different subnet. Wireless clients are unlikely to recognize that they have switched subnets. They’ll be aware of the AP roam but not much else. The clients that query a DHCP server persistently after each roam will continue working. However, the DHCP process should be minimized for seamless and efficient roaming.

Cisco came up with a solution. When a client starts an intercontroller roam, the two WLCs compare the VLAN IDs allocated to their WLAN interfaces. If the VLAN IDs are the same, then the client performs a Layer 2 intercontroller roam and keeps using its original IP address on the new AP and WLC. If the VLAN IDs are different, the WLCs will arrange a Layer 3 or local-to-foreign roam, allowing the client to continue using its current IP address.

In the example below, there are two APs and two controllers. The APs have different IP subnets in their BSSs, AP-1 with /24 and AP-2 with /24. Client-1 is associated with AP-1 and currently has the IP address If Client-1 roams into the subnet from AP-2 using its current IP address, it will lose connectivity.

Layer 3 WLC Roaming

A Layer 3 intercontroller roam involves building an additional CAPWAP tunnel between the client’s initial WLC and the WLC to which it has roamed. The tunnel transmits the data to and from the client just like it is still associated with the original IP subnet and WLC.

When a Layer 3 roam happens, the original WLC is called the anchor controller, and the current WLC where the roamed client is reassociated is called the foreign controller. The client is anchored to the original WLC even if it roams to different controllers.

Layer 3 WiFi Roaming

Typically, anchor and foreign controllers are automatically selected. When a client initially connects to an AP and a WLC, that WLC is designated as the client’s anchor controller. When the client roams to a different WLC, that WLC can be assigned a foreign role.

However, there are times when the client’s initial controller is not ideal as its anchor. For example, the guest users in the network should not be able to connect with any other WLCs. The guest clients can use a specific WLC behind a firewall or in a protected environment. A specific WLC can be configured as a static anchor for a WLAN, with the other controllers directing guest clients to it via Layer 3 roaming tunnels.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: