Wireless Roaming - SonicWALL SonicPoint Administrator's Manual

WiFiSec Enforcement and the Trust WPA Traffic as WiFiSec settings are only available on Wireless
Zones. Because Wireless Zones only accept SonicPoint traffic, only SonicPoints can provide this
feature; it is not possible to provide this security feature with any other WPA-capable OTS Access
Point.

Wireless Roaming

As wireless clients move through a distributed wireless network, it is necessary to support roaming
from one SonicPoint to another in as non-interruptive a manner as possible. The SonicWALL Secure
Wireless Solutions/Architecture was designed such that client connections, even across multiple
SonicPoint Access Points, traverse a single point--whether it is the physical interface on the SonicOS
device, or a Virtualized Adapter using the Global VPN Client (GVC). This method helps to ensure that
even as a client moves through the wireless network in nomadic fashion that applications will
experience minimal if any interruption, providing a virtually seamless wireless client experience.
Roaming decisions are made by the wireless client, and are done so in a non-prescribed fashion,
meaning that different wireless client card vendors can implement different types of roaming decision
algorithms. Generally, the roaming process involves the following components:
• The client decides to roam: When the wireless device moves or the signal strength changes for
some reason, the client enters into a roaming state based on such factors as signal strength,
missed beacons, or acknowledgements, the client will enter into a roaming state.
• The client determines where to roam: Once the client has decided to roam, it must then decide
where to roam to. Finding an eligible Access Point to roam to is accomplished using some sort of
scanning technique, either active or passive, and the scan may be performed either preemptively
(before the decision to roam) or reactively (after the decision to roam). The scanning technique
employed may or may not affect the client's ability to send and receive data during the scanning
process. This varies from vendor to vendor. Some clients cleverly employ power-saving to make
this process more seamless--they signal the Access Point to which they're attached that they are
entering a Power-Save Mode before starting the scanning process. The client and Access Point
then attempt to queue data for the "sleeping" client. During this respite, the client performs its
scan. When the client finds a new Access Point, it wakes up, and exchanges queued data with the
Access Point.
• The client roams: by de-associating with the old access point, and re-associating with the new
access point. Layer 2 connectivity is severed and re-established during this process.
• The client's applications resume: Layer 3 (and higher) communications can resume after layer 2
connectivity is restored. The effect this has on the continuity of the application depends on
whether the application is connection-oriented (such as a telnet or SSH session), or stateless
(such as Web-browsing). Connection-oriented applications will generally be interrupted by
roaming while stateless applications will exhibit no ill-effects. Many client-server applications, such
as a Microsoft Outlook client connection to an Exchange Server, use higher layer logic to
automatically re-establish the client-server connection after layer 2/3 connectivity is restored, and
these will operate with relative seamlessness.
There are many factors that can affect the roaming process, and the effect it will have on the user
application. For example, using WPA introduces additional latency as a result of the 4-way
handshake that must occur during association or re-association with the new Access Point. Latency
can introduce a significant amount of interruption, especially to connection-oriented or streaming/
multimedia applications.
Roaming from one Access Point to another can occur across different boundaries, within the same
layer 2 segment, across layer 2 segments, and across layer 3 segments. Generally, remaining within
the same layer 2 segment while roaming presents the least potential for interruption, crossing layer 2
segments presents more, and crossing layer 3 segments presents the most.
S WALL S P
ONIC ONIC OINT
A ' G
DMINISTRATOR S UIDE
SonicPoint Overview
17