Using Symmetric Mobility Tunneling - Cisco 2100 Series Configuration Manual

Using Symmetric Mobility Tunneling

Table 12-2
Security Hexadecimal Value
0x00000080
0x00000100
0x00000200
0x00000400
0x00000800
0x00001000
*Controllers running software release 5.2 do not support this security policy.
Using Symmetric Mobility Tunneling
Controller software releases 4.1 through 5.1 support both asymmetric and symmetric mobility tunneling.
Controller software release 5.2 supports only symmetric mobility tunneling, which is now always
enabled by default.
In asymmetric tunneling, client traffic to the wired network is routed directly through the foreign
controller, as shown in
Figure 12-17
Asymmetric tunneling breaks when an upstream router has reverse path filtering (RPF) enabled. In this
case, the client traffic is dropped at the router because the RPF check ensures that the path back to the
source address matches the path from which the packet is coming. When symmetric mobility tunneling
is enabled, all client traffic is sent to the anchor controller and can then successfully pass the RPF check,
as shown in
Cisco Wireless LAN Controller Configuration Guide
12-26
WLAN Mobility Security Values (continued)
Figure 12-17.
Asymmetric Tunneling or Uni-Directional Tunneling
Server
Router
Anchor
Mobile
Figure 12-18.
Chapter 12 Configuring Mobility GroupsWireless Device Access
Security Policy
Security_WPA_NotUsed
Security_Cranite_Passthrough*
Security_Fortress_Passthrough*
Security_L2TP_IPSec*
Security_802_11i_NotUsed*
Security_Web_Passthrough
Foreign
Mobile
OL-17037-01