Cisco Cisco NAC Appliance 4.1.0
17-2
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 17 Device Management: Roaming (Deprecated)
Overview
•
Each Clean Access Server that supports roaming needs to be on a different subnet.
•
Clean Access Servers acting as virtual gateways only support roaming with other virtual gateway
Servers. Roaming can occur between Clean Access Servers that are operating as real-IP gateways
and NAT gateways, but not between these types and virtual gateways.
Servers. Roaming can occur between Clean Access Servers that are operating as real-IP gateways
and NAT gateways, but not between these types and virtual gateways.
How Roaming Works
When users first access a roaming-enabled network, they associate with a particular access point and
acquire an IP address. Also, authentication and security encryption parameters for the session are
established.
acquire an IP address. Also, authentication and security encryption parameters for the session are
established.
Figure 17-1
Session Established
When the user moves to the range of the new access point, the IP address of the user device allows the
second Clean Access Server to identify which Clean Access Server originated the session.
second Clean Access Server to identify which Clean Access Server originated the session.
All traffic from the user is tunneled to the original Server, and traffic for the client is tunneled from the
original Server to the current Server. From there, any filtering or other traffic handling measures or
policies are enforced.
original Server to the current Server. From there, any filtering or other traffic handling measures or
policies are enforced.
The traffic is then routed to the network as appropriate:
AP
AP
CAS-1
subnet
10.1.2.0
subnet
10.1.3.0
10.1.3.23
SSID=uninet
SSID=uninet
CAS-2
CAM
to the network