This section approaches planning a large campus deployment from the ground up to explore how the topics discussed so far in this chapter can be applied in a real-world example scenario.
Defining Roaming
The first step to building and deploying a Meraki wireless network is to define your roaming domains. But before defining your roaming domains, you need to understand what types of roaming exist and how they can impact your roaming domain plans.
First, you have to understand that a roam is any client connection where the client reassociates from the currently connected AP to a new AP and remains connected to the same SSID without being required to complete a full association and authentication. When clients move to a connection outside of the current roaming domain, even with the same SSID, they are required to perform a full reauthentication. With that in mind, there are a few more specific types of roaming that you should be aware of:
• Seamless roaming: This is a roam where the client is able to maintain a stateful connection with a consistent IP and security policy applied both before and after the roam. A good example of this type of roaming is a basic Layer 2 roam between two different APs within the same VLAN with the same SSID/PSK. This allows clients to roam while maintaining any active/open sessions, albeit with the possibility for a slight interruption during the roaming process itself for any real-time traffic.
Note that if the client roaming requires crossing a Layer 3 boundary, the client will require a new IP assignment, which will result in a break in connectivity for any existing sessions and will no longer be considered seamless roaming, even if connecting to the same SSID.
• Fast and secure roaming: This is a more advanced type of seamless roaming with the primary goal of keeping the entire roaming process as short and secure as possible, ideally with an interruption of less than 10 ms. This is important any time clients may be roaming between APs while actively requiring real-time connectivity, such as while making a VoIP or video call. This type of roaming requires a slightly more advanced configuration, such as enabling 802.11r or Opportunistic Key Caching (OKC).
• Distributed Layer 3 roaming: This type of roaming allows devices to effectively perform a seamless roam between APs that cross Layer 3 boundaries without the use of a dedicated concentrator. This allows clients to roam across Layer 3 boundaries while also maintaining a consistent IP and security policy. This can be extremely useful for large deployments where, for whatever reason, it may not be feasible to place all APs in the same VLAN or Layer 2 domain but clients still require seamless roaming between APs, such as between floors in a large building.
In short, distributed Layer 3 roaming functions by designating the first AP to which a client connects as an “anchor” AP. Then, when the client roams to a new AP that does not have access to the original Layer 2 domain, a tunnel is automatically built between the new “host” AP and the last anchor AP to allow the client traffic to be forwarded from the host AP to the anchor AP and allow the client to maintain connectivity with the original Layer 2 domain and provide a seamless roaming experience to the client, despite the new host AP not having direct access to the original client VLAN/Layer 2 domain.
Defining Domains
Properly planning a wireless deployment requires properly understanding and defining the different domains for a network so they can each be properly scoped and planned. This section covers roaming domains, Layer 2 domains, and Layer 3 domains to help you better understand how to define and scope each domain to ensure optimal performance and manageability.
Roaming Domains
Now that you know the different types of client roaming that can happen within a roaming domain, you can begin looking to define the actual roaming domains for your deployment.
One of the most important aspects to know when defining roaming domains for an enterprise wireless network is the expected roaming requirements for clients using the network. By understanding where seamless or fast roaming is and is not required, you can properly designate roaming domains around the deployment and begin optimizing the user experience even before any hardware is deployed.
A roaming domain is determined by the need for clients to have uninterrupted RF coverage across a geographical area. As noted previously, a roaming domain is characterized by an area where clients are able to connect to the same SSID across multiple access points without requiring a complete reauthentication.
Pro Tip
The Meraki Dashboard exists as a hard boundary for client roaming. When roaming between access points in different Dashboard networks, clients are forced to perform a full authentication regardless of any existing connections or other configurations.
Roaming domains can be scaled to appropriately fit the needs of a deployment and can be based on physical, geographic, or other boundaries, such as different buildings or even floors within each building, depending on your expected deployment size and use case for wireless clients.
In the hypothetical large campus deployment depicted in Figure 8-18, roaming domains are designated based on building boundaries and outdoor areas around campus. For example, clients are unlikely to require seamless roaming as they move between different buildings around campus, or between different dorms, while they likely would want to seamlessly roam while moving from one room to another within the same building.
Figure 8-18 Example Campus Broken Down into Multiple Wireless Roaming Domains
This approach allows administrators to designate each building location as a unique roaming domain, while also designating large outdoor areas like a student courtyard or sports fields as separate roaming domains, allowing students to retain seamless connectivity in the areas they are most likely to require it while moving between APs. Since most students are not actively relying on important low-latency streams while walking around campus, the campus can be broken up into separate roaming domains to help ensure the best experience where it matters most.
Pro Tip
In a more traditional Catalyst environment, this type of network/roaming boundary may be mapped to a site tag instead.