Chapter 19. Understanding Wireless Roaming and Location Services

This chapter covers the following subjects:

Roaming Overview: This section discusses client mobility from the AP and controller perspectives.

Roaming Between Centralized Controllers: This section explains the mechanisms that allow wireless devices to roam from one AP/controller pair onto another.

Locating Devices in a Wireless Network: This section explains how the components of a wireless network can be used to compute the physical location of wireless devices.

Wireless client devices are inherently mobile, so you should expect them to move around. This chapter discusses client mobility from the AP and controller perspectives. You should have a good understanding of client roaming so that you can design and configure your wireless network properly as it grows over time. In addition, you can leverage real-time location services to track client devices as they move around.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read the entire chapter. If you miss no more than one of these self-assessment questions, you might want to move ahead to the “Exam Preparation Tasks” section. Table 19-1 lists the major headings in this chapter and the “Do I Know This Already?” quiz questions covering the material in those headings so you can assess your knowledge of these specific areas. The answers to the “Do I Know This Already?” quiz appear in Appendix A, “Answers to the ‘Do I Know This Already?’ Quiz Questions.”

Table 19-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section	Questions
Roaming Overview	1–2
Roaming Between Centralized Controllers	3–8
Locating Devices in a Wireless Network	9

1. When a client moves its association from one autonomous AP to another, it is actually leaving and joining which one of the following?

1. SSID

2. BSS

3. ESS

4. DS

2. Which one of the following makes the decision for a device to roam from one AP to another?

1. The client device

2. The original AP

3. The candidate AP

4. The wireless LAN controller

3. Ten lightweight APs are joined to a wireless LAN controller. If a client roams from one of the APs to another, which one of the following correctly describes the roam?

1. Autonomous roaming

2. Intercontroller roaming

3. Intracontroller roaming

4. Indirect roaming

4. Which of the following provides the most efficient means for roaming, as measured by the time to complete the roam?

1. Layer 2 intercontroller roaming

2. Layer 3 intercontroller roaming

3. Intracontroller roaming

4. All of the above; they all take equal amounts of time.

5. Which of the following is used to cache authentication key information to make roaming more efficient?

1. PGP

2. CCNA

3. CCKM

4. EoIP

6. In a Layer 2 roam, what mechanism is used to tunnel client data between the two controllers?

1. GRE tunnel

2. EoIP tunnel

3. CAPWAP tunnel

4. None of these answers

7. A client roams from controller A to controller B. If it undergoes a Layer 3 roam, which one of the following best describes the role of controller A?

1. Foreign controller

2. Host controller

3. Master controller

4. Anchor controller

8. A network consists of four controllers: A, B, C, and D. Mobility group 1 consists of controllers A and B, while mobility group 2 consists of controllers C and D. Which one of the following answers describes what happens when a client tries to roam between controllers B and C?

1. Roaming is seamless and efficient.

2. Roaming is not possible.

3. Roaming is possible, but CCKM and key caching do not work.

4. Only Layer 3 roaming is possible.

9. Which of the following parameters is useful for computing a client device’s location with respect to an AP?

1. BSS

2. GPS

3. RSS

4. Channel

Answers to the “Do I Know This Already?” quiz:

1 B

2 A

3 C

4 C

5 C

6 D

7 D

8 C

9 C

Foundation Topics

When a wireless client moves about, the expectations are simple: good, seamless coverage wherever the client goes. Clients know how to roam between access points (APs), but they are ignorant about the wireless network infrastructure. Even in a large network, roaming should be easy and quick, and it should not disrupt the client’s service.

Cisco wireless networks offer several roaming strategies. From your perspective as a network professional, roaming configuration is straightforward. The inner workings can be complex, depending on the size of the wireless network, as measured by the number of APs and controllers. As you work through the sections in this chapter, you will review roaming fundamentals and then learn more about how the Cisco wireless controllers handle client roaming. You will also learn more about the network design aspects and functions that can be used to track and locate mobile client devices.

Roaming Overview

To understand how wireless roaming works, you should start simple. The following two sections discuss roaming between access points when no controller is present and when only one controller is present. More complex scenarios are covered later in the chapter.

Roaming Between Autonomous APs

Recall that a wireless client must associate and authenticate with an AP before it can use the AP’s BSS to access the network. A client can also move from one BSS to another by roaming between APs. A client continuously evaluates the quality of its wireless connection, whether it is moving around or not. If the signal quality degrades, perhaps as the client moves away from the AP, the client will begin looking for a different AP that can offer a better signal. The process is usually quick and simple; the client actively scans channels and sends probe requests to discover candidate APs, and then the client selects one and tries to reassociate with it.

Note

A client can send Association Request and Reassociation Request frames to an AP when it wants to join the BSS. Association Requests are used to form a new association, while Reassociation Requests are used to roam from one AP to another, preserving the client’s original association status.

Figure 19-1 shows a simple scenario with two APs and one client. The client begins with an association to AP 1. Because the APs are running in autonomous mode, each one maintains a table of its associated clients. AP 1 has one client; AP 2 has none.

Figure 19-1 Before Roaming Between Autonomous APs

Two APs (AP-1 and AP-2) are connected to a multilayer switch. Both the APs are identified by the same SSID (staff) and the assigned subnet is 192.168.100.0/24. The Client-1 associates to AP-1. The table of the APs' associated clients is shown below. Client-1 is listed under AP-1 associations but no client is mentioned under the AP-2 associations table.

Suppose that the client then begins to move into AP 2’s cell. Somewhere near the cell boundary, the client decides that the signal from AP 1 has degraded and it should look elsewhere for a stronger signal. The client decides to roam and reassociate with AP 2. Figure 19-2 shows the new scenario after the roam occurs. Notice that both APs have updated their list of associated clients to reflect Client 1’s move from AP 1 to AP 2. If AP 1 still has any leftover wireless frames destined for the client after the roam, it forwards them to AP 2 over the wired infrastructure—simply because that is where the client’s MAC address now resides.

Figure 19-2 After Roaming Between Autonomous APs

The two APs, AP-1 and AP-2 are connected to a multi-layer switch. The client roams from AP-1 and re-associates to AP-2. Both the APs are identified by the same SSID (staff) and the assigned subnet is 192.168.100.0/24. A dotted line with an arrowhead from AP-1 to AP-2 represents the leftover wireless frames (client-1's buffered data) transferred from AP-1 to AP-2. The table for AP-1 associations shows no clients, while the table for AP-2 associations shows client-1.

Naturally, roaming is not limited to only two APs; instead, it occurs between any two APs as the client moves between them, at any given time. To cover a large area, you will probably install many APs in a pattern such that their cells overlap. Figure 19-3 shows a typical pattern. When a wireless client begins to move, it might move along an arbitrary path. Each time the client decides that the signal from one AP has degraded enough, it attempts to roam to a new, better signal belonging to a different AP and cell. The exact location of each roam depends on the client’s roaming algorithm. To illustrate typical roaming activity, each roam in Figure 19-3 is marked with a dark ring.

Figure 19-3 Successive Roams of a Mobile Client

The client is shown to be associated with an AP having an SSID (The SSID is represented as a bubble or circle within which the AP is present). Similarly, multiple APs are shown. A dotted line shows an arbitrary path the wireless client moves during roaming. Rings are shown along the arbitrary pathway indicating the roaming activity.

Intracontroller Roaming

In a Cisco wireless network, lightweight APs are bound to a wireless LAN controller through CAPWAP tunnels. The roaming process is similar to that of autonomous APs; clients must still reassociate to new APs as they move about. The only real difference is that the controller handles the roaming process, rather than the APs, because of the split-MAC architecture.

Figure 19-4 shows a two-AP scenario where both APs connect to a single controller. Client 1 is associated to AP-1, which has a Control and Provisioning of Wireless Access Points (CAPWAP) tunnel to controller WLC 1. The controller maintains a client database that contains detailed information about how to reach and support each client. For simplicity, Figure 19-4 shows the database as a list of the controller’s APs, associated clients, and the wireless LAN (WLAN) being used. The actual database also contains client MAC and IP addresses, quality of service (QoS) parameters, and other information.

Figure 19-4 Cisco Wireless Network Before an Intracontroller Roam

The Wireless LAN controller WLC-1 is shown. Two APs, AP-1 and AP-2 are connected to the WLC-1 via CAPWAP tunnels. Client-1 is associated with the AP-1. The address assigned for the SSID staff is 192.168.100.0/24. The database maintained by the controller is shown in the form of a table. The database shows associated clients and WLAN used by an AP. For AP-1, Client-1 is the associated client and the WLAN used is Staff. For AP-2, no data is provided in the table as it has no client.

When Client 1 starts moving, it eventually roams to AP 2, as shown in Figure 19-5. Not much has changed except that the controller has updated the client association from AP 1 to AP 2. Because both APs are bound to the same controller, the roam occurs entirely within the controller. This is known as intracontroller roaming.

Figure 19-5 Cisco Wireless Network After an Intracontroller Roam

The Wireless LAN controller WLC-1 is shown. Two APs, AP-1 and AP-2 are connected to the WLC-1 via CAPWAP tunnels. Client-1 is associated with the AP-1. The address assigned for the SSID staff is 192.168.100.0/24. Client-1 roams from AP-1 and associates itself to AP-2. The database maintained by the controller is shown in the form of a table. The updated database shows no data for AP-1 but the associated client for AP-2 is shown as Client-1 and the WLAN used is Staff.

If both APs involved in a client roam are bound to the same controller, the roaming process is simple and efficient. The controller has to update its client association table so that it knows which CAPWAP tunnel to use to reach the client. Thanks to the simplicity, an intracontroller roam takes less than 10 ms to complete—the amount of processing time needed for the controller to switch the client entry from AP 1 to AP 2. From the client’s perspective, an intracontroller roam is no different from any other roam. The client has no knowledge that the two APs are communicating with a controller over CAPWAP tunnels; it simply decides to roam between two APs based on its own signal analysis.

Efficient roaming is especially important when time-critical applications are being used over the wireless network. For example, wireless phones need a consistent connection so that the audio stream is not garbled or interrupted. When a roam occurs, there could be a brief time when the client is not fully associated with either AP. So long as that time is held to a minimum, the end user probably will not even notice that the roam occurred.

Along with the client reassociation, a couple other processes can occur:

• DHCP: The client may be programmed to renew the DHCP lease on its IP address or to request a new address.

• Client authentication: The controller might be configured to use an 802.1x method to authenticate each client on a WLAN.

To achieve efficient roaming, both of these processes should be streamlined as much as possible. For instance, if a client roams and tries to renew its IP address, it is essentially cut off from the network until the Dynamic Host Configuration Protocol (DHCP) server responds.

The client authentication process presents the biggest challenge because the dialog between a controller and a RADIUS server, in addition to the cryptographic keys that need to be generated and exchanged between the client and an AP or controller, can take a considerable amount of time to accomplish. Cisco controllers offer three techniques to minimize the time and effort spent on key exchanges during roams:

• Cisco Centralized Key Management (CCKM): One controller maintains a database of clients and keys on behalf of its APs and provides them to other controllers and their APs as needed during client roams. CCKM requires Cisco Compatible Extensions (CCX) support from clients.

• Key caching: Each client maintains a list of keys used with prior AP associations and presents them as it roams. The destination AP must be present in this list, which is limited to eight AP/key entries.

• 802.11r: This 802.11 amendment addresses fast roaming or fast BSS transition; a client can cache a portion of the authentication server’s key and present that to future APs as it roams. The client can also maintain its QoS parameters as it roams.

Each of the fast-roaming strategies requires help on the part of the wireless client. That means the client must have a supplicant or driver software that is compatible with fast roaming and can cache the necessary pieces of the authentication credentials.

Roaming Between Centralized Controllers

As a wireless network grows, one controller might not suffice. When two or more controllers support the APs in an enterprise, the APs can be distributed across them. As always, when clients become mobile, they roam from one AP to another—except they could also be roaming from one controller to another, depending on how neighboring APs are assigned to the controllers. As a network grows, AP roaming can scale too by organizing controllers into mobility groups. The following sections cover intercontroller roaming, mobility groups, and the mechanisms used to coordinate roaming.

Layer 2 Roaming

When a client roams from one AP to another and those APs lie on two different controllers, the client makes an intercontroller roam. Figure 19-6 shows a simple scenario prior to a roam. Controller WLC 1 has one association in its database—that of Client 1 on AP 1. Figure 19-7 shows the result of the client roaming to AP 2.

Figure 19-6 Before an Intercontroller Roam

Two WLCs, WLC-1 and WLC-2 are shown. Both the WLCs are connected to a multilayer switch through VLAN 100. The WLC-1 is connected to AP-1 via CAPWAP tunnel and WLC-2 is connected to AP-2 and CAPWAP tunnel is also present between them. Client-1 is associated with AP-1. The database maintained by the WLC-1 shows the client associated with AP-1, WLAN and VLAN used. The client associated with AP-1 is shown in the table as Client-1, WLAN used is Staff (SSID staff - 192.168.100.0/24) and VLAN 100. The database maintained by the WLC-2 shows no data for AP-2 as no client is associated with it.

Figure 19-7 After an Intercontroller Roam

Two WLCs, WLC-1 and WLC-2 are shown. Both the WLCs are connected to a multilayer switch through VLAN 100. The WLC-1 is connected to AP-1 via CAPWAP tunnel and WLC-2 is connected to AP-2 and CAPWAP tunnel is also present between them. Client-1 roams from AP-1 and associates to AP-2. The database maintained by the WLC-1 shows no data for AP-1 but the database maintained by the WLC-2 updates associations as Client-1, WLAN as Staff (SSID Staff - 192.168.100.0/24) and VLAN 100 for AP-2.

The roam itself is fairly straightforward. When the client decides to roam and reassociate itself with AP 2, it actually moves from one controller to another, and the two controllers must coordinate the move. One subtle detail involves the client’s IP address. Before the roam, Client 1 is associated with AP 1 and takes an IP address from the VLAN and subnet that are configured on the WLAN supplied by controller WLC 1. In Figure 19-6, WLAN Staff is bound to VLAN 100, so the client uses an address from the 192.168.100.0/24 subnet.

When the client roams to a different AP, it can try to continue using its existing IP address or work with a DHCP server to either renew or request an address. Figure 19-7 shows the client roaming to AP 2, where WLAN Staff is also bound to the same VLAN 100 and 192.168.100.0/24 subnet. Because the client has roamed between APs but stayed on the same VLAN and subnet, it has made a Layer 2 intercontroller roam. Layer 2 roams (commonly called local-to-local roams) are nice for two reasons: The client can keep its same IP address, and the roam is fast (usually less than 20 ms).

Layer 3 Roaming

What if a wireless network grows even more, such that the WLAN interfaces on each controller are assigned to different VLANs and subnets? Breaking a very large WLAN up into individual subnets seems like a good idea from a scalability viewpoint. However, when a wireless client roams from one controller to another, it could easily end up on a different subnet from the original one.

Clients will not usually be able to detect that they have changed subnets. They will be aware of the AP roam but little else. Only clients that aggressively contact a DHCP server after each and every roam will continue to work properly. But to make roaming seamless and efficient, time-consuming processes such as DHCP should be avoided.

No worries—the Cisco wireless network has a clever trick up its sleeve. When a client initiates an intercontroller roam, the two controllers involved can compare the VLAN numbers that are assigned to their respective WLAN interfaces. If the VLAN IDs are the same, nothing special needs to happen; the client undergoes a Layer 2 intercontroller roam and can continue to use its original IP address on the new controller. If the two VLAN IDs differ, the controllers arrange a Layer 3 roam (also known as a local-to-foreign roam) that will allow the client to keep using its IP address.

Figure 19-8 illustrates a simple wireless network containing two APs and two controllers. Notice that the two APs offer different IP subnets in their BSSs: 192.168.100.0/24 and 192.168.200.0/24. The client is associated with AP-1 and is using IP address 192.168.100.199. On the surface, it looks like the client will roam into subnet 192.168.200.0/24 if it wanders into AP 2’s cell and will lose connectivity if it tries to keep using its same IP address.

Figure 19-8 Before a Layer 3 Intercontroller Roam

Two WLCs, WLC-1 and WLC-2 are shown. Both the WLCs are connected to a multilayer switch through VLAN 100 and VLAN 200. The WLC-1 is connected to AP-1 via CAPWAP tunnel and WLC-2 is connected to AP-2 and CAPWAP tunnel is also present between them. The two APs offer different IP subnets in their BSSs and they are 192.168.100.0/24 and 192.168.200.0/24. Client-1 with IP 192.168.100.199 is associated with AP-1. The database maintained by the WLC-1 shows the associated clients, WLAN, and VLAN used for AP-1. For AP-1, the table shows Client-1 for associations, Staff for WLAN and 100 for VLAN. The database maintained by WLC-2 shows no data as AP-2 has no associations.

A Layer 3 intercontroller roam consists of an extra tunnel that is built between the client’s original controller and the controller it has roamed to. The tunnel carries data to and from the client as if it is still associated with the original controller and IP subnet. Figure 19-9 shows the results of a Layer 3 roam. The original controller (WLC 1) is called the anchor controller, and the controller with the roamed client is called the foreign controller. Think of the client being anchored to the original controller no matter where it roams later. When the client roams away from its anchor, it moves into foreign territory.

Recall that Cisco controllers use CAPWAP tunnels to connect with lightweight APs. CAPWAP tunnels are also built between controllers for Layer 3 roaming. The tunnel tethers the client to its original anchor controller (and original IP subnet), regardless of its location or how many controllers it roams through.

Figure 19-9 After a Layer 3 Intercontroller Roam

Two WLCs, WLC-1 and WLC-2 are shown. The WLC-1 is labeled as the anchor controller and the WLC-2 is labeled as the foreign controller. Both the WLCs are connected through a multilayer switch and VLAN 100, VLAN 200. The multilayer switch is embedded with the CAPWAP tunnel. The anchor controller is connected to the AP-1 via the CAPWAP tunnel and the foreign controller is connected to the AP-2 via CAPWAP tunnel. The Client-1 with IP, 192.168.100.199 roams from AP-1 to AP-2. The subnet offered by AP-1 is 192.168.100.0/24 and the subnet offered by AP-2 is 192.168.200.0/24. The Client-1 is always anchored or connected to the WLC-1 via the CAPWAP tunnel pathway (represented using a dotted line with arrowheads connecting AP-2 and anchor controller). The database maintained by the WLC-1 updates the AP as WLC-2, associations as Client-1 (Mobile), WLAN as Staff and VLAN as 100. The database maintained by the WLC-2 updates the AP as AP-2, associations as Client-1, WLAN as Staff.

Anchor and foreign controllers are normally determined automatically. When a client first associates with an AP and a controller, that controller becomes its anchor controller. When the client roams to a different controller, that controller can take on the foreign role. Sometimes you might not want a client’s first controller to be its anchor. For example, guest users should not be allowed to associate with just any controller in your network. Instead, you might want guests to be forced onto a specific controller that is situated behind a firewall or contained in a protected environment. You can configure one controller to be a static anchor for a WLAN so that other controllers will direct clients toward it through Layer 3 roaming tunnels.

Scaling Mobility with Mobility Groups

Cisco controllers can be organized into mobility groups to facilitate intercontroller roaming. Mobility groups become important as a wireless network scales and there are more centralized controllers cooperating to provide coverage over a large area.

If two centralized controllers are configured to belong to the same mobility group, clients can roam quickly between them. Layer 2 and Layer 3 roaming are both supported, along with CCKM, key caching, and 802.11r credential caching. If two controllers are assigned to different mobility groups, clients can still roam between them, but the roam is not very efficient. Credentials are not cached and shared, so clients must go through a full authentication during the roam.

Mobility groups have an implied hierarchy, as shown in Figure 19-10. Each controller maintains a mobility list that contains its own MAC address and the MAC addresses of other controllers. Each controller in the list is also assigned a mobility group name. In effect, the mobility list gives a controller its view of the outside world; it knows of and trusts only the other controllers configured in the list. If two controllers are not listed in each other’s mobility list, they are unknown to each other and clients will not be able to roam between them. Clients will have to associate and authenticate from scratch.

Figure 19-10 Mobility Group Hierarchy

The mobility groups exist within the mobility domain. 3 mobility groups are shown in the figure. The Mobility Group "Group 1" comprises of the WLCs 1,2,3, and 4. The Mobility Group "Group 2" comprises of the WLCs 5,6, and 7. The Mobility Group "Group 3" comprises of the WLCs 8 and 9.

Locating Devices in a Wireless Network

Wireless networks are usually designed to provide coverage and connectivity in all areas where client devices are expected to be located. For example, a hospital building will likely have seamless wireless coverage on all floors and in all areas where users might go. Usually a user’s exact location is irrelevant, as long as wireless coverage exists there. Locating a user or device is important in several use cases, and a wireless network can be leveraged to provide that information.

Device location can be an important part of tracking assets in a business. For instance, a large store might be interested in tracking potential customers as they walk around and shop. The store might like to offer online advertising as customers enter various areas or walk near certain product displays. The same could be true of a museum that wants to present relevant online content as people move to each exhibit. A healthcare enterprise might want to track critical (and valuable) medical devices or patients as they move about the facility so that they can be quickly located. By tracking user locations, a large venue can provide way-finding information on mobile devices to help people navigate through buildings.

Recall that before each wireless client can use the network, it must first be authenticated and associated by an AP. At the most basic level, a client can then be located according to the AP to which it is currently joined. That may not be granular enough for every use case because one AP might cover a large area. In addition, a client device might not roam very aggressively, so it could well stay associated with one AP that is now far away, even though another AP with a better signal is very near.

To locate a device more accurately, an AP can use the received signal strength (RSS) of a client device as a measure of the distance between the two. Free space path loss causes an RF signal to be attenuated or diminished exponentially as a function of its frequency and the distance it travels. That means a client’s distance from an AP can be computed from its received signal strength. If the distance is measured from a single AP only, it is difficult to determine where the client is situated in relation to the AP. In the case of an indoor AP with an omnidirectional antenna, the client could be located anywhere along a circular path of fixed distance because the received signal strength would be fairly consistent at all points on the circle. A better solution is to obtain the same measurement from three or more APs, then correlate the results and determine where they intersect. Figure 19-11 illustrates the difference in determining a client’s location with a single and multiple APs.

Figure 19-11 Locating a Wireless Device with One AP (left) and Three APs (right)

In the first case, when 1 AP is used the received signal strength is negative 60 dBm. The distance is calculated with the help of the received signal strength and the radius or distance from the AP is found out to be x meters. Multiple devices on a circle are shown to represent that the device can be anywhere on the circumference of the circle. In the second case, the device is located with 3 APs and 3 signal strengths are found. The received signal strengths are negative 58 dBm, negative 40 dBm, and negative 69 dBm. With this, the distance from each device is calculated and the device is located correctly.

The components of a wireless network can be coupled with additional resources to provide real-time location services (RTLS). Cisco APs and WLCs can integrate with management platforms like Cisco Prime Infrastructure or DNA Center, along with location servers like Cisco Mobility Services Engine (MSE), Cisco Connected Mobile Experiences (CMX), or Cisco DNA Spaces to gather location information in real time and present that information in a relevant way.

Real-time location is not something inherent in a wireless network infrastructure. Through the familiar split-MAC architecture, the APs interface directly with the client devices at the lowest real-time layer, while the WLCs learn about the clients from the APs and handle normal data forwarding to and from them. The WLCs must keep a management platform like Cisco Prime Infrastructure or Cisco DNA Center informed as clients probe, join, and leave the network, and pass along wireless statistics such as each client’s RSS value. The actual real-time location for each device must be computed on a separate location server platform.

The simple location example shown in Figure 19-11 is intuitive, but it is based on the assumption that the APs and client devices are located in open free space, with nothing but free space path loss to attenuate the client’s RF signal. In a normal environment, the APs and clients exist in buildings where physical objects, such as walls, doors, windows, furniture, cubicles, and shelving, also exist and get in the way of the RF signals. Usually the signals can pass through various materials, but get attenuated along the way. That further complicates determining device location accurately.

The Cisco approach is to leverage RF fingerprinting, where each mapped area is influenced by an RF calibration template that more closely resembles the actual signal attenuation experienced by the APs and clients. The calibration applied to a map can be manually determined by walking through the area with a device and taking actual RF measurements. It can also be applied through a set of models that represent how the construction of a mapped area might affect signal propagation. Example models include cubes and walled offices, drywall offices, indoor high ceiling, and outdoor open space.

The most intuitive way to interpret location data is to view devices on a map that represents the building and floor where they are located. Figure 19-12 shows an example map of one floor of a building from Cisco DNA Spaces. The square icons represent AP locations, which were manually entered on the map. Device locations are indicated by small colored dots that are dynamically placed on the map at regular time intervals. Green dots represent wireless devices that have successfully associated with APs, and red dots represent devices that are not associated but are actively sending probe requests to find nearby APs.

Figure 19-12 An Example Map Showing Real Time Location Data for Tracked Devices

An icon with the wi-fi symbol represents the APs present in the building. Green dots are used to represent the wireless devices that are already associated with or connected to the APs. Few red dots are shown and they represent the devices that are not connected or associated with any AP. Seven APs have heard a connect request from a client. The device is correctly calculated with the help of received signal strength from the 7 APs. This is represented in the figure as red lines connecting a red dot and 7 APs.

One device has been selected in Figure 19-12, causing lines to be drawn to some of the APs that overheard the device. In this example, seven APs have recorded a current received signal strength measurement for the client, which is then used to derive an accurate location.

It might seem odd that so many different APs would be able to know about a device because it can associate and use only one AP at a time. In addition, the device and the AP where it is associated would communicate on only a single channel, while other APs would likely be using different channels. The secret is that wireless devices normally use 802.11 Probe Requests to discover any potential APs that might be nearby, either as a prelude to associating with an AP or in preparation for roaming to a different AP. A client will send Probe Requests on every possible channel and band that it is configured to support. Neighboring APs will receive the requests on their respective channels, all sourced by the same client MAC address.

The same real-time location service also supports wireless devices that might never actually associate with an AP. For example, you might be interested in locating or tracking a potential customer’s smartphone as he walks through a store. As long as Wi-Fi is enabled on the device, it will probably probe for available APs. RFID tags are another type of device that can be attached to objects so that they can be tracked and located. Some RFID tags can actively join a wireless network to exchange data, while others are meant to simply “wake up” periodically to send 802.11 Probe Requests or multicast frames to announce their presence.

Another interesting use case is locating rogue devices and sources of Wi-Fi interference. Rogue devices will likely probe the network and can be discovered and located. Interference sources, such as cordless phones, wireless video cameras, and other transmitters, might not be compatible with the 802.11 standard at all. Cisco APs can still detect the presence of interference with dedicated spectrum analysis and the Clean Air feature, and can determine the received signal strength on a channel. The location server can use this information to compute a probable location of the interference source and display it on a map.

Exam Preparation Tasks

As mentioned in the section “How to Use This Book” in the Introduction, you have a couple of choices for exam preparation: the exercises here, Chapter 30, “Final Preparation,” and the exam simulation questions in the Pearson Test Prep Software Online.

Review All Key Topics

Review the most important topics in this chapter, noted with the Key Topic icon in the outer margin of the page. Table 19-2 lists these key topics and the page number on which each is found.

Table 19-2 Key Topics for Chapter 19

Key Topic Element	Description	Page Number
Figure 19-2	After Roaming Between Autonomous APs	544
Figure 19-5	Cisco Wireless Network After an Intracontroller Roam	546
Figure 19-7	After an Intercontroller Roam	548
Figure 19-9	After a Layer 3 Intercontroller Roam	551
Figure 19-10	Mobility Group Hierarchy	552
Figure 19-11	Locating a Wireless Device with One AP (left) and Three APs (right)	553
Figure 19-12	An Example Map Showing Real Time Location Data for Tracked Devices	554

Complete Tables and Lists from Memory

There are no memory tables in this chapter.

Define Key Terms

Define the following key terms from this chapter and check your answers in the Glossary:

author controller

foreign controller

intercontroller roaming

intracontroller roaming

Layer 2 roam

Layer 3 roam

mobility agent (MA)

mobility controller (MC)

mobility domain

mobility group

point of attachment (PoA)

point of presence (PoP)

received signal strength (RSS)

RF fingerprinting