H3C MSR 50 User Manual
Table of Contents
1 WLAN Service Configuration ···················································································································1-1
WLAN Service Overview·························································································································1-1
Terminology·····································································································································1-1
Client Access···································································································································1-2
802.11 Overview·····································································································································1-5
CAPWAP Overview·································································································································1-5
Introduction to CAPWAP·················································································································1-5
CAPWAP Link Backup ····················································································································1-5
WLAN Topologies···································································································································1-7
WLAN Topologies for ACs ··············································································································1-7
WLAN Topologies for Fat APs ······································································································1-10
Protocols and Standards·······················································································································1-11
Configuring WLAN Service···················································································································1-12
Configuration Task List··················································································································1-12
Enabling WLAN Service (only supported on ACs)········································································1-12
Configuring Global WLAN Parameters (only supported on fat APs)·············································1-12
Specifying the uplink interface (only supported on fat APs)··························································1-13
Specifying a Country Code············································································································1-14
Configuring Software Version Automatic Update··········································································1-14
Configuring a WLAN Service Template·························································································1-14
Configuring an AP (only supported on ACs)·················································································1-16
Configuring Auto AP······················································································································1-17
Configuring CAPWAP Dual-Link (Supported only on ACs)···························································1-17
Configuring the Radio of an AP·····································································································1-18
Configuring a Radio Policy on an AC or the Radio of a Fat AP····················································1-19
Configuring 802.11n······················································································································1-20
Displaying and Maintaining WLAN Service···················································································1-21
Configuring AP Group (only supported on ACs)···················································································1-22
Configuring an AP Group··············································································································1-23
Applying the AP Group in a User Profile·······················································································1-23
Displaying and Maintaining AP Group···························································································1-24
Configuring SSID-Based Access Control······························································································1-24
Specifying a Permitted SSID in a User Profile··············································································1-24
WLAN Service Configuration Examples ·······························································································1-25
WLAN Service Configuration Example (On an AC)······································································1-25
WLAN Auto-AP Configuration Example (On an AC)·····································································1-27
CAPWAP Dual-Link Configuration Example (On an AC)······························································1-28
802.11n Configuration Example····································································································1-29
WLAN Service Configuration Example (on a FAT AP) ·································································1-30
AP Group Configuration Examples·······································································································1-31
AP Group Configuration without Roaming····················································································1-31
AP Group Configuration for Inter-AC Roaming·············································································1-34
i
z Support for some features varies by router model.
z Refer to the command manual of this module for command and parameter support, default values
and value ranges of the MSR series routers.
z All the models of the MSR series routers are centralized devices.
z The MSR series routers can serve as APs only.
1 WLAN Service Configuration
WLA
Wh n configuring WLAe N service, go to these sections for information you are interested in:
z WLAN Service Overv
z 802.11 Overview
z CAPWAP Overview
z WLAN Topologies
z Protocols and Standards
z Configuring WLAN Service
z Configuring AP Group (only supported on ACs)
z Configuring SSID-Based Access Co
z
WLAN Service Configuration Examples
z AP Group Configuration Exam
iew
ntrol
ples
N Service Overview
Wireless Local Area Networks (WLAN) have become very popular because they are very easy to setup
and use, and have low maintenance cost. Generally, one or more access points (APs) can cov
g or an area. A WLAN is not completely wireless becau
buildin se the servers in the backbone are fixed.
The WLAN solution allows you to provide the following wireless LAN services to yo
z WLAN client connectivity to conventional 802.3 LANs
z Secured WLAN access with different authentication and encryption methods
z Seam
less roaming of WLAN clients in the mobility domain
ur customers:
er a
Terminology
Client
A handheld compute
Acce
ss point (AP)
An AP bridges frames between wireless and wired networks.
r or laptop with a wireless Network Interface Card (NIC) can be a WLAN client.
1-1
Access controller (AC)
An AC can control and manage all APs in a WLAN. The AC communi cates with an authentication server
for WLAN client authentication.
Fat AP
A fat AP controls an d mana ges all as soci at ed wirele ss stations and bridges frames between wired and
wireless networks.
SSID
Service set identifier. A client scans all networks at first, and then selects a specific SSID to con nect to a
specific wireless network.
Wireless medium
A medium that is used for transmitting frames between wireless client s. Radio f requency is use d as the
wireless medium in the WLAN system.
Distribution system
A distribution system is used to forward frames to their destinations. It is the backbone to transmit
frames between access points.
Split MAC
In split MAC mode, APs and ACs manage different services. An AP manages real-time services, such
as beacon generation, power management, fragmentation and defragmentation. An AC manages
services related to packet distribution, association, dissociation and reassociation.
Client Access
A client access process involves three steps: active/passive scanning, authentication and association.
Figure 1-1 Establish a client acces
s
Scanning
1) Active scanning
1-2
Active scanning is used by clients to scan surrounding wireless net wo rks an d locate a com p ati ble one.
Active scanning falls into two modes according to whether a specified SSID is carried in a probe
request.
z A client sends a probe request (with the SSID null): The client prepares a list of channels and
broadcasts a probe request frame on each of them. APs that receive the probe request send a
probe response. The client associates with the AP with the strongest signal. This active scanning
mode enables a client to know whether an AP can provide wireless services.
Figure 1-2 Active scanning (the SSID of the probe request is nul
AP 1
t
s
e
u
eq
R
e
Client
b
o
Pr
SS
(
Pr
(
SSI
Pr
o
b
e
)
l
ul
n
=
D
I
o
b
e
R
e
qu
e
s
t
D
=
n
u
l
l
es
)
p
on
s
e
R
AP 2
l)
z A client sends a probe request (with a specified SSID): In this case, the client only unicasts a probe
request because the probe request it sends carries the specified SSID. When an AP receives the
probe request, it sends a probe response. This active scanning mo de enable s a client to acce ss a
specified wireless network.
Figure 1-3 Active scanning (the probe request carries the specified SSID)
2) Passive scanning
Passive scanning is used by clients to discover surrounding wireless networks through listening to the
beacon frames periodically sent by an AP. The client prepares a list of channels and list ens to beacons
on each of these channels. In this case, the AP needs to peri odically broadcast beacon frames. Passive
scanning is used by a client when it wants to save battery power. Typically, VoIP clients adopt the
passive scanning mode.
1-3
Authentication
To prevent illegal clients from accessing a network, authentication is needed between clients and ACs
or between clients and fat APs. There are two types of authentication:
z Open system authentication
z Shared key authentication
For details about the two types of authentication, refer to WLAN Security Configuration in the WLAN
Volume.
g Figure 1-4 Passive scannin
Association
A client that wants to access a wireless network via an AP must be associated with that AP. Once the
client chooses a compatible network with a specified SSID and authenticates to an AP, it sends an
association request frame to the AP. The AP sends an association response to the client and adds the
client’s information in its database. At a time, a client can associate with only one AP. An association
process is always initiated by the client, but not by the AP.
Other related frames
1) De-authentication
An AC or a fat AP sends a de-authentication frame to remove a client from the wireless system.
De-authentication can occur due to many reasons, such as:
z Receiving an association/disassociation frame from a client which is unauthenticated.
z Receiving a data frame from a client which is unauthenticated.
z Receiving a PS-poll frame from a client which is unauthenticated.
z The validity timer for a client expires and the port is not secured.
2) Dissociation
A client sends a dissociation frame to an AP to end the association between them. Dissociation can
occur due to many reasons, such as:
z Receiving a data frame from a client which is authenticated and unassociated.
z Receiving a PS-Poll frame from a client which is authenticated and unassociated.
A dissociation frame is either unicast or broadcast.
3) Re-association
When a client is roaming from one AP to another AP, it sends a re-association request to the new AP.
The AP relays this re-asso ciation request to the AC. The AC then informs the previous AP to delete the
client’s information from its datab ase, informs the ne w AP to add the client’s information in its d atabase
and conveys successful re-association information to the client.
1-4
When a client leaves the coverage of an AP, and then needs to re-join the AP, it must re-associate with
the AP.
802.11 Overview
The WLAN-MAC primarily includes the implementation of IEEE 802.11 MAC layer functionality. Various
modes of MAC are:
z Local-MAC Architecture
z Split-MAC Architecture
In local-MAC architecture, most WLAN services are provided by the AP only. Currently, local-MAC
architecture is not supported.
In split-MAC architecture, the AP and the AC manage different services.
CAPWAP Overview
Introduction to CAPWAP
Control And Provisioning of Wireless A ccess Points (CAPWAP) defines how an AP communicates with
an AC. It provides a generic encapsulati on and transport mechani sm between AP and AC, as shown in
Figure 1-5.
Figure 1-5 CAPWAP
CAPWAP runs on an AP and an AC to provide a secured connectio n in between. It is built on a standard
client/server model and employs UDP.
On an AP, CAPWAP provides a data tunnel to encapsulate data packets to be sent to the AC. These
packets can be raw 802.11 packets or 802.11 to 802.3 translated packets. On an AC, CAPWAP
provides a control tunnel to support remote AP config uration and m anagement, and WLA N and mobile
management.
With CAPWAP, the AC can dynamically configure an AP based on the information provided by the
administrator.
CAPWAP supports both IPv4 and IPv6.
CAPWAP Link Backup
Dual link establishment
To achieve AC backup, an AP can establish two tunnels with two ACs that must have the same AP
configurations. Only the AC which works in master mode provides services to all the APs in the network
and the slave AC acts as the backup AC. If the master AC fails, APs should quickly use the services
provided by the slave AC. A heartbeat mechanism is used between these two ACs, which ensures that
failure of the master will be detected quickly by the backup AC.
1-5
y Figure 1-6 LWAPP dual link topolog
AC 2
AP 1
AC 1
AP 2
AP 4
AP 3
In the above figure, AC1 is working in mast er mode and providing services to AP1, AP2, AP3 and AP4.
AC2 is working in slave mode. A Ps are connected to AC2 t hrough LW APP slave tunnels. AC1 and AC2
can be configured as backup for each other and should start master/slave detection. Whe n AC2 detects
AC1 is down, AC2 will convert the work mode from slave to master . All APs which are connected to AC2
through slave tunnels will transform the tunnels to master tunnels and use AC2 as the master AC. Once
AC 1 is reachable again, it will remain the backup.
Primary AC recovery
Figure 1-7 Primary AC recovery
Primary AC
AC 1
AP
AC 2
In the above figure, AC 1 acting as the primary AC is the master (which ha s the connection priority of 7),
and it establishes a CAPWAP connection with the AP; AC 2 acts as the slave AC. If AC 1 goes down,
AC 2 will act as the master until recovery of the CAPWAP. This means once AC 1 is reachable again,
the AP will establish a connection with AC 1 acting as the primary AC and disconnect from AC 2.
1-6
Dual work mode
Figure 1-8 Dual work mod
e
Dual work mode indicates that an AC can provide both mast er and slave connect ions. An AC will act as
the master for some APs and a ct as the slave for so me other APs. In the above scenario, AC 1 acts as
the master for AP 1 and slave for AP 2. Similarly, AC 2 acts as the master for AP 2 and slave for AP 1.
WLAN Topologies
WLAN Topologies for ACs
WLAN topologies for ACs consist of:
z Single BSS
z Multi-ESS
z VLAN-based WLAN
z Centralized WLAN
Single BSS
The coverage of an AP is called a basic service set (BSS). Each BSS is identified by a BSSID. The most
basic WLAN network can be established with only one BSS. All wireless cli ents associate with the same
BSS. If these clients have the same authorization, they can communicate with each other.
shows a single-BSS WLAN.
Figure 1-9
1-7
k Figure 1-9 Single BSS networ
The clients can communicate with each other and reach a host in the Internet. Communications
between clients within the same BSS are carried out through the AP and the AC.
Muti-ESS
All the clients under the same logical administration form an extended service set (ESS). This
multi-ESS topology describes a scenario where more than one ESS exists. When a mobile client joins
the AP, it can join one of the available ESSs.
Figure 1-10 shows a multi-ESS network.
Figure 1-10 Multi-ESS network
1-8
Generally, an AP can provide more than one ESS at the same time. The configuration of ESS is
distributed mainly from AC to AP, and the AP can broadcast the current information of ESS by beacon or
probe response frames. Clients can select an ESS it is interested to join.
Different ESS domains can be configured on the AC. The AC can be configured to allow associated
APs to accept clients in these ESS domains once their credentials are accepted.
Centralized WLAN
Centralized WLAN is a unified solution for wireless local area n etworks. Figure 1-1 1 shows a centralized
WLAN network.
Figure 1-11 Centralized WLAN network
In this network, there are two ACs and three APs. An AP can connect with an AC directly, or over a
Layer 2 or Layer 3 network. The other AC serves as the backup.
During initialization, an AP obtains its basic network configuration parameters, such as its own IP
address, gateway address, domain name and DNS server address from a DHCP server.
An AP uses a discovery mechanism to locate the AC. For example, using the unicast discovery
mechanism, the AP can request the DNS server to provide the IP address of the AC.
The following describes a basic communication process in the centralized WLAN network.
1) A client gets associated with an AP in the network.
2) The AP communicates with the AC for authenticating the client’s credential.
3) The AC contacts the authentication server to authenticate the client.
4) Once the wireless client passes authentication, it can access authorized WLAN services and
communicate with other wireless clients or wired devices.
1-9
WLAN Topologies for Fat APs
WLAN topologies for fat APs consist of:
z Single BSS
z Multi-ESS
z Single ESS Multi-BSS
Single BSS
The coverage of an AP is called a basic service set (BSS). Each BSS is identified by a BSSID. The most
basic WLAN network can be established with only one BSS. All wireless cli ents associate with the same
BSS. If these clients have the same authorization, they can communicate with each other.
shows a single BSS network.
Figure 1-12 Single BSS network
Figure 1-12
The clients can communicate with each other or reach a host in the Internet. Communi cations between
clients within the same BSS are carried out through the fat AP.
Muti-ESS
This topology describes a scenario where more than one ESS exists. When a mobile client joins the fat
AP, it can join one of the available ESSs.
Figure 1-13 shows a multi-ESS network.
1-10
k Figure 1-13 Multi-ESS networ
Generally a fat AP can provide more than one logical ESS at the same time. The fat AP can br oadcast
the current information of ESS by beacon or probe response frames. Clients can select an ESS it is
interested to join.
Different ESS domains can be configured on the fat AP. The fat AP can be configured to accept cl ients
in these ESS domains once their credentials are acceptable.
Single ESS Muti-BSS (The multi-radio case)
This topology describes a scenario where a fat AP has two radios that are in the same ESS but belong
to different BSSs.
Figure 1-14 Single ESS Multiple BSS network
This network scenario can be used when both 802.11a and 802.11b/g need to be supported.
1-14 shows two clients connected to different radios belong to the same ESS but different BSSs.
Protocols and Standards
z ANSI/IEEE Std 802.11, 1999 Edition
z IEEE Std 802.11a
Figure
1-11
Loading...