WLAN Technologies

doi:10.1007/978-981-19-3029-4_12

Huawei Technologies Co., Ltd.

20k Accesses
1 Citations

Abstract

Wired LAN using wired cable or optical fiber as transmission medium is widely used, but wired transmission medium is subject to high laying cost, fixed the location and poor mobility. With the increasing demand for the portability and mobility of network, traditional wired network can no longer meet the demand, and Wireless Local Area Network (WLAN) technology comes into being.

You have full access to this open access chapter, Download chapter PDF

Wired LAN using wired cable or optical fiber as transmission medium is widely used, but wired transmission medium is subject to high laying cost, fixed the location and poor mobility. With the increasing demand for the portability and mobility of network, traditional wired network can no longer meet the demand, and Wireless Local Area Network (WLAN) technology comes into being.

At present, WLAN has become an economic and efficient way to access the network.

This chapter first introduces the development history of WLAN at different stages, then elaborates the concepts related to WLAN technology and the working principles of common networking architectures, and finally explains the basic configuration of common WLAN networking architectures and the future development trends of WLAN technologies.

12.1 Overview of WLAN

12.1.1 What Is WLAN

WLAN, that is Wireless LAN , is a wireless local area network built by wireless technology. WLAN in a broad sense refers to a network formed by replacing part or all of the transmission media in a wired LAN with wireless signals such as radio waves, lasers and infrared rays. Note: the wireless technology referred to here not only includes Wi-Fi, but also infrared rays, Bluetooth, ZigBee, etc.

Through WLAN technology, users can easily access wireless network and move freely within the area covered by wireless network, so that they are free from the bondage of wired network, as shown in Fig. 12.1.

According to the application scope, wireless network can be divided into Wireless Personal Area Network (WPAN), Wireless Local Area Network (WLAN), Wireless Metropolitan Area Network (WMAN) and Wireless Wide Area Network (WWAN).

The common technologies of WPAN include Bluetooth, ZigBee, NFC, HomeRF, and UWB.
The common technologies of WLAN include Wi-Fi. (WPAN related technologies are also used in WLAN.)
The common technologies of WMAN include WiMax.
The common technologies for WWAN include GSM, CDMA, WCDMA, TD-SCDMA, LTE, and 5G.

WLAN has the following main advantages over current wired broadband networks.

The network is used freely. Any free space can be connected to the network, not limited by the cable or port location. It is especially suitable for office buildings, airport terminals, resorts, business hotels, stadiums, coffee shops, etc.
The network is deployed flexibly. When wiring is difficult, such as in subways and for highway traffic monitoring, the use of WLAN for wireless network coverage eliminates or reduces complicated network wiring, and it is simple to implement, low cost, and has excellent scalability.

The WLAN introduced in this section specifically refers to the wireless LAN based on 802.11 standard series that utilizes WI-Fi technologies to use high frequency signals (such as 2.4 GHz or 5 GHz) as the transmission medium.

12.1.2 WLAN Standards and Wi-Fi Evolution

IEEE 802.11 is the current standard of wireless LAN. It is a wireless network communication standard defined by the International Institute of Electrical and Electronic Engineers (IEEE).

Wi-Fi in the context of wireless LANs means “wireless fidelity”, which is essentially a commercial certification and also a wireless networking technology. Wi-Fi is a trademark of wireless network communication technology owned by the Wi-Fi Alliance to improve interoperability of wireless network products based on the IEEE 802.11 standard. As the two systems are closely related, Wi-Fi is often used as a synonymous term for the IEEE 802.11 standard.

The various versions of the IEEE 802.11 standard and Wi-Fi are shown in Table 12.1.

Table 12.1 IEEE 802.11 standard and various versions of Wi-Fi

Full size table

The IEEE 802.11 standard focuses on the lower two layers of the TCP/IP peer-to-peer model. The data link layer is mainly responsible for channel access, addressing, data frame checksum, error detection, security mechanisms, etc. And the physical layer is mainly responsible for the transmission of bitstreams in the air interface, e.g., specifying the frequency band to be used.

The first version of IEEE 802.11 was published in 1997. Since then, more complementary standards based on IEEE 802.11 have been gradually defined, among which the widely known standards are the ones that have influenced the intergenerational evolution of Wi-Fi, such as 802.11b, 802.11a, 802.11g, 802.11n and 802.11ac.

When the IEEE 802.11ax standard was introduced, the Wi-Fi Alliance simplified the name of the new Wi-Fi specification to Wi-Fi 6, and the mainstream IEEE 802.11ac was renamed Wi-Fi 5, IEEE 802.11n was renamed Wi-Fi 4, and so on for the other versions.

12.1.3 Development of Wi-Fi in Office Scenarios

The development of Wi-Fi in office scenarios has gone through the following three stages.

1.
Primary mobile office era when wireless connection is a complement to wired connection.

The application of WaveLAN technology can be considered as the earliest prototype of enterprise WLAN. Wi-Fi was born in this period, and the early Wi-Fi technology was mainly used in IOT devices like “wireless radios”, but with the introduction of 802.11a/b/g standards, the advantages of wireless connection became increasingly obvious. Businesses and consumers began to recognize the potential of Wi-Fi technology, and wireless hotspots began to appear in coffee shops, airports, and hotels.

This is the first stage of WLAN application, the main purpose of which was to solve the problem of “wireless access”, and the core value was to get rid of the constraints of wires so as to enable the devices to move freely within a certain range, and cover the area uncovered by the wired network using wireless network. However, WLAN at this stage did not pose clear requirements for security, capacity and roaming, and the form of access point (AP) is still a single access point, which is used for single-point network coverage. Usually, the AP of single access point architecture is called FAT AP.
2.
Wireless office era when wired and wireless connection was integrated.

With the further popularization of wireless devices, WLAN evolved from being a mere supplement to wired networks to being as indispensable as wired networks, thus entering the second phase.

In this stage, WLAN, as part of the network, also needs to provide network access for enterprise visitors.

In office scenarios, there are a large number of large bandwidth services such as video and voice services, which imposes a greater demand for WLAN bandwidth. Since 2012, the 802.11ac standard has matured and made many improvements on the operating frequency band, channel bandwidth, modulation and coding methods. Compared with the previous Wi-Fi standards, it has higher throughput rate, less interference, and allows more users to access.
3.
All-wireless office era with wireless connection as the center.

At present, WLAN has entered the third phase, where wired networks are completely replaced by wireless networks in office environments. The office area is fully covered by Wi-Fi, and the office cubicles are no longer equipped with wired network ports, making the office environment more open and intelligent.

In the future, large-bandwidth services such as cloud desktop office, intelligent and simulated meeting, and 4K video will migrate from wired to wireless networks, while new technologies such as VR/AR will be deployed directly based on wireless networks. New application scenarios put forward higher requirements for the design and planning of WLAN.

In 2018, the new generation Wi-Fi standard Wi-Fi 6 (named as 802.11ax by IEEE, and it is named as Wi-Fi 6 by Wi-Fi Alliance) was released, which is another major milestone in the history of Wi-Fi development. The core value of Wi-Fi 6 is the further expansion of capacity, leading wireless communication into the 10Gbit/s era. Multi-user concurrent performance is improved by four times, allowing the network to maintain excellent service capability despite high density access and heavy service load.

12.2 WLAN Devices and Networking

12.2.1 Introduction to WLAN Devices

Huawei wireless LAN products come in a variety of forms, covering various application scenarios such as indoor-outdoor, home, and enterprise, providing fast, secure and reliable wireless network connections, as shown in Fig. 12.2.

WLAN products for home include Wi-Fi routers for home, which enable wireless Internet access by converting wired network signals into wireless signals to be received by computers, cell phones, and other devices at home.

WLAN products for enterprise include wireless access points (APs), wireless access controllers (ACs), Power over Ethernet (PoE) switches, and stations (SATs). Wireless access points and wireless access controllers have been introduced in Chap. 1 and will not be repeated here. The following is a brief introduction to PoE switches and stations.

PoE refers to power over Ethernet, also known as Power over LAN (PoL) or Active Ethernet. PoE allows electrical power to be transmitted to terminal devices over the lines that transmit data or over idle lines. In WLAN networks, power can be supplied to AP devices through PoE switches.

Stations refer to terminal devices that support 802.11 standard, such as computers with wireless network interface cards, and WLAN-enabled cell phones.

12.2.2 Basic WLAN Networking Architecture

WLAN network architecture is divided into two parts, the wired side and wireless side, as shown in Fig. 12.3. The wired side is the network from the AP uplink to the Internet, which uses Ethernet protocol. And the wireless side is the network from STA to AP, which uses 802.11 standard.

The WLAN network architecture for wireless access is a centralized architecture. It has evolved from the initial FAT AP architecture to an AC+FIT AP architecture.

1.
FAT AP architecture.

This architecture can complete the functions of wireless user access, encryption of service data and forwarding of service data messages without using special devices for centralized control. Therefore, it is also called autonomous network architecture. It is suitable for wireless coverage at home. If the WLAN coverage area increases and more users access the network, the number of FAT APs to be deployed will also increase. However, the FAT APs work independently and there is no unified control device, so it is troublesome to manage and maintain these FAT APs.
2.
AC + FIT AP architecture.

In this architecture, the AC is responsible for WLAN access control, forwarding and statistics, configuration monitoring of APs, roaming management, network management agent of APs and security control. FIT APs are responsible for 802.11 message encryption and decryption, 802.11 physical layer functions, and being managed by the AC. This architecture has various features and requires network operation and maintenance personnel to be skillful. It is suitable for wireless coverage in medium and large enterprises.

In this book, we mainly use AC+FIT AP architecture as an example to explain.

12.2.3 Agile Distributed AP Architecture

Over the past 5 years, the number of access terminals in Wi-Fi networks has increased by 10 times, the amount of data traffic carried has increased by four times, and meanwhile, 70% of data transmission occurs indoors. Although numerous new WLAN products and protocols have been introduced in recent years, the problem of weak indoor coverage has not been properly addressed. The main reason for this is the formation of blind spots after the signal goes through the wall in traditional installation solutions. When deployed in large hotels or advanced school dormitories with a large number of rooms, more than thousands of APs need to be deployed, which increases the management difficulty.

To fundamentally solve this problem, a change in wireless network architecture is key. Huawei has introduced an agile distributed Wi-Fi solution, as shown in Fig. 12.4, which changes the traditional AC+FIT AP architecture from a Layer 2 architecture to a Layer 3 distributed architecture of AC + central AP+ remote radio frequency units (RF units). Among them, the central AP uniformly processes the service, configuration and roaming functions to improve performance and save management nodes; meanwhile, the distributed architecture sends RF units into rooms through network cable to achieve signal coverage free of dead ends, increasing the user capacity of each room from 32 to 80 and the bandwidth of each user from 10 Mbit/s to 20 Mbit/s; moreover, RF units are only responsible for wireless access and data forwarding, which improves the performance by 20% compared to traditional APs.

Agile distributed Wi-Fi solution solves the multi-room signal coverage problem in hotels or dormitories and the management problem caused by a large number of APs through distributed coverage.

12.2.4 Concepts of Wired Networking

The concepts involved in wired networking include CAPWAP protocol, AP-AC networking method and AC connection method.

1.
CAPWAP protocol

In order to meet the requirements of large-scale networking, a unified management of multiple APs in the network is necessary, so IETF established the Control and Provisioning of Wireless Access Points Protocol (CAPWAP) working group, and finally developed CAPWAP protocol. The protocol defines a specific method for AC for the management and service configuration of APs: CAPWAP tunnels will first be established between AC and APs, and then AC will centrally manage and control APs through the CAPWAP tunnel, as shown in Fig. 12.5.

The following lists the functions of CAPWAP tunnels.
- State maintenance between APs and the AC.
- The AC manages and distributes service configuration to APs through CAPWAP tunnels.
- When tunnel mode forwarding is used, APs forward the data sent by the STA to interact with the AC through CAPWAP tunnels.
  
  CAPWAP is an application layer protocol based on UDP for transmission. The CAPWAP protocol transmits two types of messages at the transport layer.
- Service data traffic, which encapsulates and forwards wireless data frames.
- Management traffic, which manages the management messages exchanged between APs and the AC.
  
  CAPWAP data and control messages are sent based on different UDP ports. The traffic management port is UDP port 5246 and the service data traffic port is UDP port 5247.
2.
AP-AC networking methods

The networking between APs and the AC is divided into Layer 2 and Layer 3 networking, as shown in Fig. 12.6.

Layer 2 networking means that the network between AP and AC is a directly connected network or Layer 2 network. Layer 2 networking AP enable an AP to be immediately applicable once it is plugged in and on line through Layer 2 broadcast or DHCP process. Layer 2 networking is relatively simple. It is suitable for simple temporary networking, and the networking configuration is relatively fast, but it is inappropriate for large networking architecture.

Layer 3 networking means that the network between AP and AC is a Layer 3 network. APs cannot discover the AC directly. It needs to discover the AC dynamically through DHCP or DNS, or to be configured with static IPs. In the actual networking, one AC can connect dozens or even hundreds of APs, and the network is generally complex. For example, in an enterprise network, APs can be placed in offices, conference rooms, waiting rooms, etc., while the AC can be placed in the company server room. In this way, the network between AP and AC is a complex Layer 3 network. Therefore, in large networks, Layer 3 networks are generally used.
3.
AC connection method

The AC connection method is divided into direct networking and networking in bypass mode, as shown in Fig. 12.7.

In direct networking, AC is deployed in the user’s forwarding path, and the traffic of directly connected user needs to pass through the AC, which consume the forwarding capacity of AC, posing relatively high requirements for AC’s throughput and data processing capacity. If the AC has poor performance, it may become the bottleneck of the entire wireless network bandwidth. However, with this way of networking, the network architecture is clear and the networking is simple to implement.

In networking in bypass mode, the AC is deployed in the direct network between the AP and the uplink network, and are no longer directly connected to the APs. APs’ service data can reach the uplink network directly without going through the AC.

As in the actual networking, most of the wireless network is not planned at an early stage, and the wireless network coverage is mostly extended in the existing network at a later stage, so it is easier to expand the network by using the network in bypass mode, which only needs to put the AC in the existing network, such as on the aggregation layer switch, to manage terminal APs. Therefore, this networking method is more used.

In the bypass-mode network, the AC is only able to manage APs, and the management traffic is encapsulated in the CAPWAP tunnel and transmitted. Data service traffic can be forwarded through the CAPWAP data tunnel via AC, or directly forwarded without AC. For the latter, wireless user service traffic passes the aggregation layer switch and is transmitted to the upper layer network by the aggregation layer switch.

12.2.5 Concepts of Wireless Networking

1.
Wireless communication system

In wireless communication system, the information can be image, text, sound and so on. As shown in Fig. 12.8, the information needs to be firstly converted into digital signal that is convenient for circuit calculation and processing by source coding, and then it is transmitted after being converted into radio wave by channel coding and modulation. The receiver receives it and then demodulates and decodes it to get the information.

Some concepts involved in wireless communication are introduced below.

Source coding: the process of converting the most primitive information into a digital signal through corresponding coding.

Channel coding: a technology for error correction and error detection of information, which can improve the reliability of channel transmission. Information is prone to be disturbed by noises during wireless transmission, resulting in errors in the received information. The introduction of channel coding can maximize the recovery of information and reduce the error rate of the receiving device.

Modulation: digital signal is superimposed on the high-frequency signal generated by the high-frequency oscillator circuit so that it can be converted into radio waves and transmitted through the antenna. The superimposition is the process of modulation.

Information channel: the channel to transmit information, and a wireless channel is radio waves in space.

Air interface: refers to the interface used by a wireless channel. Transmitting and receiving devices use the interface to be connected to the channel. For wireless communication, the interface is invisible, and is connected to invisible space.
2.
Wireless electromagnetic wave

Wireless electromagnetic waves are electromagnetic waves with frequencies between 3 Hz and 300 GHz. They are also known as radio frequency waves, or RF, radio for short, as shown in Fig. 12.9. Radio technology converts sound signals or other signals and uses wireless electromagnetic waves to communicate.

In Fig. 12.9, the specific descriptions about each frequency band are as follows.

Extremely low frequency (3–30 Hz): submarine communication or direct conversion to sound.

Superlow frequency (30–300 Hz): direct conversion to sound or AC transmission system (50–60 Hz).

Ultralow frequency (300 Hz–3 kHz): mine communication or direct conversion to sound.

Very low frequency (3–30 kHz): direct conversion to sound, ultrasound, geophysical research.

Low frequency (30–300 kHz): international broadcasting.

Medium frequency (300 kHz–3 MHz): amplitude modulation (AM) broadcasting, maritime and aviation communications.

High frequency (3–30 MHz): shortwave, civilian radio.

Very high frequency (30–300 MHz): frequency modulation (FM) broadcasting, TV broadcasting, aviation communication.

Ultrahigh frequency (300 MHz–3 GHz): TV broadcasting, wireless telephone communication, wireless network, microwave oven.

Superhigh frequency (3–30 GHz): wireless network, radar.

Extremely high frequency (30–300 GHz): radio astronomy, remote sensing, human body scanning security checker.

Above 300 GHz: infrared, visible light, ultraviolet, rays, etc.

WLAN technology is to transmit information in space through wireless electromagnetic waves. The currently used frequency bands are 2.4 GHz band (2.4–2.4835 GHz) and 5 GHz band (5.15–5.35 GHz, 5.725–5.85 GHz).
3.
Wireless information channel

An information channel is a channel for transmitting information, and the wireless information channel is the wireless electromagnetic wave in space. Wireless electromagnetic waves are everywhere. If the spectrum resources are used arbitrarily, it will result in interferences, so the wireless communication protocol should not only define the frequency band allowed, but also precisely divide the frequency band, and each frequency range is an information channel.

Wireless networks (routers, AP hotspots, computer wireless network interface cards) can operate in multiple channels. Various wireless network devices within the wireless signal coverage area are suggested to use different information channels to avoid interference between signals.

Figure 12.10 shows the information channel division in the 2.4 GHz (=2400 MHz) band. There are actually 14 information channels in total, and the 14th channel is marked in the figure, but this channel is often not used. The center frequency of the channel is given in the figure. The effective width of each channel is 20 MHz, and there is also a 2 MHz mandatory isolation band (similar to an isolation band on a highway). For example, for Channel 1 whose center frequency is 2412 MHz, the frequency range is 2401 to 2423 MHz.

The current mainstream wireless Wi-Fi network devices generally support 13 channels regardless of whether they are 802.11b/g standard or 802.11b/g/n standard. Although their center frequencies are different, they will have some overlap with each other due to certain frequency ranges they occupy. The frequency ranges of these 13 channels are given in Fig. 12.10. Knowing the frequency bands in which these 13 channels are located helps us understand what is meant by the three nonoverlapping channels people usually talk about.

From Fig. 12.10, it is easy to see that channels 1, 6 and 11 (marked in dark color) do not overlap with each other at all, which is often referred to as the three nonoverlapping channels. Each channel has 20 MHz bandwidth. It is also easy to see from the figure how the spectrums of other channels overlap with each other. In addition, apart from channels 1, 6 and 11, a group of channels that do not interfere with each other, there are other three groups of channels that do not interfere with each other, channels 2, 7 and 12, channels 3, 8 and 13, and channels 4, 9 and 14.

In WLAN, the working state of APs is affected by the surrounding environment. For example, when there are overlapping frequency bands in the working channels of neighboring APs, the excessive power of one AP will cause signal interference to the neighboring APs.

Through the RF tuning function, the channel and power of APs can be dynamically adjusted, so that the channel and power of APs managed by the same AC can be kept relatively balanced to ensure that APs work in the optimal state.
4.
BSS/BSSID/SSID

Basic Service Set (BSS) is the range covered by an AP, which is the basic service unit of a wireless network, usually consisting of an AP and several STAs. BSS is the basic structure of network 802.11, as shown in Fig. 12.11. Due to the sharing nature of wireless media, messages sent and received in the BSS need to have the Basic Service Set Identifier (BSSID).

The terminal needs to discover and find an AP through the identifier of the AP, which is the BSSID. BSSID is the data link layer MAC address of the AP. In order to distinguish the BSSs, it is required that each BSS has a unique BSSID, so the MAC address of the AP is used to ensure its uniqueness.

If multiple BSSs are deployed in a space, the terminal will discover multiple BSSIDs, and it only need to select the BSSID to join. But it is the user who makes the selection. To make the AP’s identity easier to identify, a string is used as the AP’s name. This string is the Service Set Identifier (SSID), which is used instead of the BSSID.

SSID is the identifier of the wireless network and is used to distinguish different wireless networks. APs can send SSIDs to facilitate wireless device selection and access. For example, when searching for an accessible wireless network on a laptop, the network name displayed is the SSID, as shown in Fig. 12.12.
5.
VAP

In early days, an AP only supported one BSS, so if you want to deploy multiple BSSs in the same space, multiple APs are needed, which not only increases the cost, but also occupies the channel resources. To improve this situation, APs nowadays usually support the creation of multiple virtual access points (VAPs).

Multiple virtual APs can be created on a physical entity AP, and each virtual AP created is a VAP, and each VAP provides the same function as the physical AP. As shown in Fig. 12.13, each VAP corresponds to a BSS, so that one AP can provide multiple BSSs, thus setting different SSIDs and different access passwords for these BSSs, as well as specifying different service VLANs. In this way, different wireless access services can be provided for different user groups. For example, the computer accessing the wireless network through VAP1 is in VLAN 10, which does not allow access to the Internet, while the computer accessing the wireless network through VAP2 is in VLNA 20, which allows access to the Internet.

VAP simplifies the deployment of WLAN, but it does not mean that the more the VAPs the better. It is necessary to plan according to the actual demand. Blindly increasing the number of VAPs not only makes it time-consuming for users to find the SSID, but also makes the AP configuration more complicated. VAP is not equivalent to a real AP, and all VAPs share the software and hardware resources of this AP, and all VAP users share the same channel resources, so the capacity of the AP is constant and does not increase exponentially with the number of VAPs.
6.
ESS

In order to meet the actual service demand, the coverage of BSS needs to be extended. If users are supposed to not feel the change in SSID when moving from one BSS to another, this can be achieved by Extend Service Set (ESS), as shown in Fig. 12.14.

ESS is a larger virtual BSS composed of multiple BSSs with the same SSID. Users can move and roam freely within the ESS with their terminals, and they can be considered to be using the same WLAN no matter where they move to.

STA moves between the coverage of different APs belonging to the same ESS and keeps the user service uninterrupted, which we call WLAN roaming.

The biggest advantage of WLAN network is that STAs are not affected by physical media, so they can move around within the WLAN coverage and keep the service uninterrupted. There are multiple AP devices in the same ESS. When an STA moves from one AP coverage area to another AP coverage area, the WLAN roaming technology can be applied to smoothly switch the STA user services.

12.3 Working Principles of WLAN

12.3.1 Working Process of WLAN

In the AC+FIT AP networking architecture, APs are managed uniformly by the AC, so all configurations are performed on the AC. The working process of WLAN is divided into four phases, as shown in Fig. 12.15.

12.3.2 APs Go Online Process

Only after fit APs go online that the AC can centrally manage and control the APs as well as deliver services. The process of AP going online is as follows.

1.
Pre-configuration on the AC

To ensure that APs can go online, the AC needs to pre-configure the following.
1. (a)
  Configure network interworking: configure a DHCP server to assign IP addresses to APs and STAs, or you can configure the AC device as a DHCP server. Configure network interworking between APs and the DHCP server and between APs and the AC.
2. (b)
  Create AP groups: each AP will join and can only join one AP group, and the AP group is usually used for common configuration of multiple APs.
3. (c)
  Configure the country and area code (regulatory domain profile) of the AC: the regulatory domain profile provides configurations such as AP’s country and area code, tuning channel set and tuning bandwidth.
4. (d)
  Configure the source interface or source address (to establish a tunnel with the AP): each AC must uniquely specify an IP address, VLANIF interface, or Loopback interface, and the APs attached to this AC device learn this IP address or the IP address configured for this interface for communication between the AC and the APs. This IP address or interface is called the source address or source interface. Only by specifying a unique source interface or source address for each AC can an AP establish a CAPWAP tunnel with the AC. The device supports using VLANIF interface or loopback interface as the source interface and the IP address of the VLANIF interface or the loopback interface as the source address.
5. (e)
  Configure automatic upgrade when the AP goes online (optional): automatic upgrade means that the AP automatically compares its own version with the version of the AP configured on the AC or SFTP or FTP server during the process of going online. If they are not the same, the AP will be upgraded, and then the AP will automatically restart and go online again.
6. (f)
  Add an AP device (configure AP authentication mode): that is, configure AP authentication mode and the AP goes online. There are three ways to add APs: importing APs offline, auto-discovering APs and manually confirming the APs in the unauthenticated list.
2.
AP obtains IP address

AP must obtain an IP address before it can communicate to the AC and the WLAN can work normally. There are two ways for AP to obtain the IP address: one is static mode, and you need to login to the AP device to manually configure IP address; the other is DHCP mode, and by configuring DHCP server, AP can act as a DHCP client to request an IP address from the DHCP server.

You can deploy a Windows server or Linux server as a dedicated DHCP server to assign IP addresses to APs, or use DHCP service of the AC to assign IP addresses to APs, or use devices in the network, such as Layer 3 switches or routers, to assign IP addresses to APs.
3.
AP discovers ab AC and establishes CAPWAP tunnel with it

The AP finds an available AC by sending Discovery Request messages. There are two ways for the AP to discover an AC.
1. (a)
  Static mode: the static address list of the AC is pre-configured on the AP. The static IP address list of the AC is pre-configured on the AP, and when the AP goes online, as shown in Fig. 12.16, the AP sends Discovery Request unicast messages to all ACs with IP addresses corresponding to the pre-configured list, and then the AP selects an AC to start establishing the CAPWAP tunnel by receiving the Discovery Response messages from the AC.
2. (b)
  Dynamic mode: it is divided into DHCP mode, DNS mode and broadcast mode. This chapter mainly introduces DHCP mode and broadcast mode.
  - The process of AP discovering AC through DHCP method.
    
    In order for AP to discover AC by configuring DHCP server, the DHCP response message must carry Option 43 and Option 43 carries the IP address list of the AC. The Option 43 of DHCP essentially informs AP of the IP address of AC and lets it find AC for registration.
    
    Huawei devices such as switches, routers, and ACs are configured with Option 43 when they are used as DHCP servers.
    
    Take the IP address 192.168.22.1 of the AC as an example, the configuration command on the DHCP server is option 43 sub-option 3 hex 3139322E3136382E32322E31 or option 43 sub-option 3 ascii 192.168. 22.1.
    
    In the commands above, sub-option 3 is a fixed value representing the sub-option type; hex 3139322E3136382E32322E31 and ascii 192.168.22.1 are the HEX (hexadecimal) format and ASCII format of the AC’s address 192.168.22.1, respectively.
    
    When more than one AC is involved, and multiple IP addresses need to be filled for Option, IP addresses should also be spaced by “,”. The comma “,” corresponds to the ASCII value of 2C. For example, the IP addresses of the two ACs are 192.168.22.1 and 192.168.22.2, then the DHCP server configuration command is option 43 sub-option 3 hex 3139322E3136382E3130302E322C3139322E31, 36382E3130302E33 or option 43 sub-option 3 ascii 192.168.22.1,192.168.22.2.
    
    After the AP obtains the IP address of the AC through the DHCP service, it learns which ACs are available by the AC discovery mechanism and decides to establish a CAPWAP connection with the best AC.
    
    The AP starts the discovery mechanism of CAPWAP protocol and sends a discovery request message in the form of unicast or broadcast to try to be associated with the AC. After receiving the Discovery Request from the AP, the AC sends a unicast Discovery Response to the AP, and the AP can determine which AC to establish a session with based on the priority of the AC in the Discover Response or the number of current APs on the AC.
  - The process of AP discovering ACs by broadcasting.
    
    After the AP starts, if both DHCP and DNS modes cannot obtain the IP of the AC or the AP does not receive a response after sending a discovery request message, the AP starts the broadcast discovery process and sends a discovery request message as a broadcast packet.
    
    The AC that receives the discovery request message checks whether the AP has access to the local machine (authorized MAC address or serial number), and returns a response if it does. If the AP does not have the access, the AC rejects the request.
    
    The broadcast discovery method is only applicable to the network scenario where the network between AC and AP is a Layer 2 reachable network.
    
    The AP discovers the AC and establishes a CAPWAP tunnel, which consists of a data channel and a control channel and is used to maintain the state between the AP and the AC.
    
    The CAPWAP data channel is used to centralize the service data messages received by the AP to the AC for forwarding. In the meantime, by option, the data channel can be encrypted with Datagram Transport Layer Security (DTLS), and after enabling the DTLS encryption function, all CAPWAP data messages will be encrypted and decrypted by DTLS.
    
    The control channel is used for the exchange of management messages between the AP and the AC. In the meantime, you can also choose to encrypt the control channel with DTLS. After enabling DTLS encryption, all CAPWAP control messages will be encrypted by DTLS.
4.
AP access control

After the AP finds the AC, it will send a Join Request, and when the AC receives the message from the AP, it will authenticate the AP’s legality. If the authentication is approved, the AC will add the corresponding AP device and respond to the Join Request message, as shown in Fig. 12.17.

The AC supports the following three types of authentication methods for APs.
1. (a)
  MAC authentication.
2. (b)
  Serial number (SN) authentication.
3. (c)
  No authentication.
  
  There are the following three ways to add APs on AC.
  - Offline import of AP: pre-configure the MAC address and SN of the AP. When the AP is connected to the AC, if the AC finds that the AP matches the MAC address of the pre-configured AP and SN, the AC starts to establish a connection with the AP.
  - Auto-discovery of AP: if the authentication mode of AP is configured as no authentication, or if the authentication mode of AP is configured as MAC or SN authentication and AP is added to the AP whitelist, then when the AP is connected to the AC, the AP will be automatically discovered by AC and go online normally.
  - Manual confirmation of the AP in the unauthenticated list: when the authentication mode of the AP is configured as MAC or SN authentication, but the AP is not imported offline and is not in the set AP whitelist, this AP will be recorded in the unauthenticated AP list. It needs to be manually confirmed by the user before this AP can go online normally.
5.
Version upgrade of AP

The AP determines whether the current system software version is consistent with the one specified on the AC according to the parameters in the received Join Response message. If inconsistent, the AP requests the software version by sending an Image Data Request message, and then upgrades the version, which includes AC mode, FTP mode and SFTP mode. The AP restarts after the software version is updated and repeats the previous three steps, as shown in Fig. 12.18.

There are two ways to upgrade the AP on the AC: auto upgrade and timed upgrade.

Auto upgrade is mainly used in scenarios where the AP is not yet online in the AC. Usually, the auto upgrade parameters when the AP goes online are configured first, and then the AP access is configured. The AP will automatically upgrade during the online process afterwards. If the AP is already online, after configuring the auto upgrade parameters, the AP will also be automatically upgraded if it is triggered to restart in any way. However, compared to the auto upgrade, using the online upgrade mode can shorten the service interruption time. There are three upgrade modes, which are illustrated below.
1. (a)
  The AC mode: the upgrade version is downloaded from the AC when the AP is upgraded, which is applicable to the scenario when there are only a few APs.
2. (b)
  The FTP mode: the upgrade version is downloaded from the FTP server when the AP is upgraded, which is appropriate to the file transfer scenarios with low network security requirement and the data is transmitted in plain text. It is not secure.
3. (c)
  The SFTP mode: the upgrade version is downloaded from the SFTP server when the AP is upgraded, which is suitable for scenarios with high network security requirements, and the transmission data is strictly encrypted, offering integrity protection for online upgrading.
  
  Timed upgrade is mainly used for scenarios where the AP is already online in the AC and has carried WLAN services. Usually, the upgrade is designated to commence at a time when network traffic is low.
6.
CAPWAP tunnel maintenance

The data channel maintenance detects the connectivity status of the data channel by interacting Keepalive (UDP port 5247) messages between the AP and the AC.

The control channel maintenance detects the connectivity status of the control tunnel by interacting by Echo (UDP port number 5246) messages between the AP and the AC.

12.3.3 Deliver WLAN Service Configuration

The AC sends a Configuration Update Request message to the AP, which responds with a Configuration Update Response message, and the AC then sends the AP’s service configuration information to the AP, as shown in Fig. 12.19.

After the AP comes online, it will actively send a Configuration Status Request message to the AC, which contains the existing configuration of the AP. When the existing configuration of the AP does not meet the requirements of the AC, the AC notifies the AP via a Configuration Status Response.

Note	After APs come online, they will first actively obtain the current configuration from AC, and then the AC will centrally manage APs and deliver service configuration.

1.
Configuration profile

There are a large number of APs in the WLAN network, and in order to simplify the configuration steps of APs, APs can be added to an AP group, and can be uniformly set with the same configuration through the AP group. However, each AP that has different parameter configuration from other APs is not suitable for unified configuration through the AP group. Such personalized parameters can be configured directly in each AP. Each AP joins and can only join in one AP group when it comes online. When the AP obtains the AP group configuration and personalized AP configuration from the AC, the AP configuration is preferred.

Both AP groups and APs are able to reference regulatory domain profiles, RF profiles, VAP profiles, as shown in Fig. 12.20, and some of these profiles can reference other profiles, which are collectively referred to as WLAN profiles.
1. (a)
  Regulatory domain profile.
  
  One of the most important parameters of the regulatory domain profile is the configuration of country and area codes. Country and area codes are used to identify the country where the RF of AP is located. Different country and area codes specify the RF characteristics of different APs, including the AP’s transmit power, and the channels supported. Country and area codes are configured so that the RF characteristics of APs can comply with the legal requirements of different countries or areas.
  
  By configuring the tuning channel set, you can specify the range of dynamic adjustment of the AP channel when configuring the RF tuning function, while avoiding the radar channel and the terminal unsupported channel.
2. (b)
  RF profile.
  
  According to the actual network environment, the parameters of RF are adjusted and optimized, so that the AP has the RF capability to meet the actual demand and improve the signal quality of WLAN network. After the parameters in the RF profile are sent to the AP, only the parameters supported by the AP will take effect on the AP.
  
  The configurable parameters include RF type, RF rate, the multicast sending rate of RF wireless messages, and the cycle AP uses to send beacon frames.
3. (c)
  VAP profile.
  
  When configuring the parameters in the VAP profile, and then referencing the VAP profile in the AP group or AP, the VAP will be generated on the AP and provide wireless access service for the STA. By configuring the parameters in the VAP profile, AP manages can provide different wireless services to the STA.
  
  In the VAP profile, other profiles can also be used, such as the SSID profile, security profile, traffic profile.
4. (d)
  RF parameter configuration.
  
  The AP radio frequency needs to be configured with different basic radio frequency parameters according to the actual WLAN network environment in order to achieve better performance of the AP radio frequency.
  
  In WLAN networks, when there are overlapping frequency bands in the working channels of neighboring APs, it is easy to generate signal interference that affect the working status of APs. To avoid signal interference, improve the working state of the AP, and enhance the quality of WLAN network, you can manually configure the neighboring APs to work on non-overlapping channels.
  
  According to the demand of the actual network environment, the transmit power of RF and antenna gain are configured so that the strength of the RF signals can meet the actual network demand and the signal quality of WLAN network can be improved.
  
  In actual application scenarios, two APs may be tens of meters to tens of kilometers apart, and because of the different distance between APs, the time to wait for the ACK messages when transmitting data between APs also differs. By adjusting the appropriate timeout parameters, the efficiency of data transmission between APs can be improved.
2.
VAP Profile

VAP profile should reference the SSID profile, security profile, as well as configure data forwarding and service VLAN, as shown in Fig. 12.21.
1. (a)
  SSID profile.
  
  The SSID profile is primarily used to configure the SSID name of the WLAN network, and other functions can also be configured, mainly including the following functions.
  - Hide SSID: when users create a wireless network, they can configure to hide the name of the wireless network in order to protect the security of the network. In this way, only wireless users who know the network name can connect to this wireless network.
  - Maximum number of users that can be successfully associated with a single VAP: the more users are connected to a single VAP, the less average network resources each user can use. To ensure the users’ Internet experience, you can configure a reasonable maximum number of users that can access the network according to the actual network conditions.
  - Automatically hide SSID when the number of users reaches the maximum: after configuring this function, when the number of users accessing the WLAN network reaches the maximum, SSID will be hidden and new users will not be able to find the SSID.
2. (b)
  Security profile.
  
  Configuring WLAN security policy can authenticate wireless terminals and encrypt users’ messages to protect the security of WLAN network and users.
  
  The WLAN security policy supports open authentication, WEP, WPA/WPA2-PSK, WPA/WPA2-802.1X, etc. You can select one of them in the security profile for configuration.
3. (c)
  Data forwarding method.
  
  The control message is forwarded through the control channel of CAPWAP, and users can use two data forwarding modes, that is tunnel forwarding (also known as “centralized forwarding”) and direct forwarding (also known as “local forwarding”). This will be introduced in detail in later sections.
4. (d)
  Service VLAN.
  
  Due to the flexible access to the WLAN wireless network, STAs may centrally access the same WLAN wireless network at a certain location (such as the entrance to an office area or the entrance to a stadium) and then roam to other wireless network environments covered by the AP.
  
  When the service VLAN is configured as a single VLAN, IP address resources easily become insufficient in the area with a large number of STAs accessed, while the IP address resources in other areas are wasted.
  
  When the service VLAN is configured as a VLAN pool, multiple VLANs can be added to the VLAN pool, and then one SSID is able to simultaneously support multiple service VLANs by configuring the VLAN pool as the service VLAN of the VAP. Newly connected STAs are dynamically assigned to each VLAN in the VLAN pool, reducing the number of STAs in a single VLAN and narrowing the broadcast domain; at the same time, each VLAN is assigned IP addresses as evenly as possible, so fewer IP addresses are wasted.

12.3.4 STA Access

Once the CAPWAP tunnel is established, users can access the wireless network. The STA access process is divided into six phases: scanning, link authentication, association, access authentication, STA address assignment (DHCP), and user authentication.

1.
Scanning

STA can periodically search for nearby wireless networks by active scanning to obtain information about the surrounding wireless networks. According to whether the Probe Request frame carries an SSID, active scanning can be divided into two types, as shown in Fig. 12.22.
1. (a)
  Active scanning with a probe containing a specified SSID.
  
  This method is applicable when the STA uses active scanning to access the specified wireless network. The client sends a Probe Request containing the specified SSID, and the STA sends a Probe Request frame in each channel in turn to find an AP with the same SSID as the STA. Only the AP that can provide the specified SSID wireless service receives the Probe Request and then replies with a Probe Response.
2. (b)
  Active scanning with probes that do not contain an SSID.
  
  This method is also suitable when the STA uses active scanning to fine whether there is an available wireless network. The client sends a broadcast Probe Request, and the client periodically sends Probe Request frames to scan for wireless networks in its supported information list. After receiving the Probe Request frame, the AP responds with a Probe Response frame advertising available wireless networks.
  
  STA also supports passive scanning for wireless networks. Passive scanning means that the client discovers nearby wireless networks by listening to the Beacon frames (which contain information such as SSID, and support rate) periodically sent by the AP. By default, the AP sends Beacon frames with a cycle of 100 TUs (1 TU = 1024 us).
2.
Link authentication

WLAN technology uses wireless RF signals as the transmission media for service data, and this open channel makes it easy for attackers to eavesdrop and tamper with the service data transmitted in the wireless channel, so security has become an important factor hindering the development of WLAN technology.

WLAN security provides security policies such as Wired Equivalent Privacy (WEP), Wi-Fi Network Protected Access (WPA), and WPA2. Each security policy contains a set of security mechanisms, including the link authentication method when the wireless link is established, the user access authentication method when the wireless user goes online, and the data encryption method when the wireless user transmits data services.

To ensure the security of the wireless link, AP needs to authenticate the STA in the access process. The 802.11 link defines two authentication mechanisms: open system authentication and shared key authentication.

Open system authentication means no authentication, and any STA can be authenticated successfully.

Shared key authentication means that STA and AP are pre-configured with the same shared key and the key configurations of both sides need to be verified to see whether they are the same. If they the same, then the authentication is successful, otherwise the authentication fails.
3.
Association

After completing link authentication, STA will continue to initiate link service negotiation, and the specific negotiation is realized through the Association message. The process of terminal association is essentially a process of link service negotiation, which includes the supported rate, channel, etc.
4.
Access authentication

Access authentication is to distinguish users and restrict their access rights before they access the network. Compared with link authentication, access authentication is more secure, mainly including PSK authentication and 802.1X authentication.
5.
STA address assignment

STA obtains its own IP address, which is a prerequisite for STA to go online normally. If the STA obtains IP address through DHCP, it can use an AC device or aggregation layer switch as a DHCP server to assign IP address for STA. Generally, the aggregation layer switch is used as the DHCP server.
6.
User authentication

User authentication is an “end-to-end” security structure, including 802.1X authentication, MAC authentication and Portal authentication. Portal authentication is also known as Web authentication, and the Portal authentication site is generally called a portal. When users access the Internet, they must be authenticated in the portal, and only after the authentication is passed can they use the network resources. This authentication usually requires WeChat login or cell phone SMS to verify the user’ identity. Because WeChat or cell phone numbers are registered with real names, the information of the user accessing the network can be recorded and the specific person can be traced in case of a security incident.

12.3.5 WLAN Service Data Forwarding

The data in CAPWAP includes control messages (management messages) and data messages. Control messages are forwarded through the control channel of CAPWAP. Users can use two data forwarding modes, that is tunnel forwarding (also known as “centralized forwarding”) and direct forwarding (also known as “local forwarding”).

Tunnel forwarding mode means that after the user’s data message arrives at the AP, it needs to be encapsulated by the CAPWAP data tunnel and sent to the AC, which then forwards it to the upper layer network, as shown in Fig. 12.23a.

Direct forwarding mode means that after the user’s data message arrives at the AP, it is directly forwarded to the upper layer network without being encapsulated in the CAPWAP, as shown in Fig. 12.23b.

The advantage of tunnel forwarding is that the AC centrally forwards data messages so it is secure and convenient for centralized management and control; the disadvantage is that the service data must be forwarded by the AC, so the message forwarding efficiency is lower than that of direct forwarding, putting the AC under great pressure.

The advantage of direct forwarding is that data messages do not need to be forwarded by the AC, so the message forwarding efficiency is higher, and the pressure on AC is alleviated; the disadvantage is that it is inconvenient for centralized management and control of the service.

12.4 Case: Layer 2 Networking Tunnel Forwarding in Bypass Mode

Service requirements: enterprise users can access the network through WLAN to meet the most basic needs of mobile office.

The networking requirements are as follows.

1.
AC networking mode: Layer 2 networking in by pass mode
2.
DHCP deployment mode: AC functions as a DHCP server to assign IP addresses to APs and STAs.

Service data forwarding mode: tunnel forwarding.

Figure 12.24 draws the physical topology and logical topology. Because it is tunnel forwarding, the service VLAN data of two offices are sent to the AC through CAPWAP tunnel, so it is equivalent to two VLANs connected to the AC. The logical topology is drawn in the right side of Fig. 12.24.

You can see that AC is equivalent to a router connected to VLAN 100, VLAN 101 and VLAN 102. In order for these three VLANs to access the upstream network, it is also necessary to create a VLAN 110 on AC and SW1. The VLAN is created to connect AC and SW1, so this VLAN is called an interconnection VLAN. A VLAN 111 needs to be created for the connection of SW1 and the upstream router AR. With the logical topology on the right, it is clear how to add routes to each device. The connection between SW1 and SW2 only needs to transmit frames of VLAN 100, so interface GE0/0/1 of SW1 is configured as an access interface and is designated to VLAN 100. The connection between SW1 and AC needs to transmit frames of VLAN 110 and VLAN 100, so it needs to be configured as trunk interface .

The address planning and profile configuration are shown in Tables 12.2 and 12.3.

The configuration roadmap is as follows.
1. (a)
  Configure network interworking of the AC, APs, and other network devices.
2. (b)
  Configure APs to go online.
3. (c)
  Create an AP group , and all APs that need the same configuration are added to the AP group for unified configuration.
4. (d)
  Configure the system parameters of the AC, including the country and area codes, and the source interface for communication between the AC and the AP.
5. (e)
  Configure the authentication method of AP going online and import AP offline so that AP can go online normally.
6. (f)
  Configure the WLAN service parameters so that the STA can access WLAN network.

Table 12.2 Address planning

Full size table

Table 12.3 Profile configuration

Full size table

12.4.1 Configure Network Interworking

Before configuring the WLAN, the network interworking of AP, AC and nearby network devices need to be configured. Figure 12.25 is the logical topology. The interface address is set with reference to the address planned in the figure, and routes are added to router AR and SW1 to make the network smooth.

Create VLAN 100, VLAN 101, VLAN 102 and VLAN 110 on the AC. Configure addresses for interface Vlanif so that it functions as a gateway for these network segments. Meanwhile, add a default route to the address of interface Vlanif 110 of SW1. Add routes to network segments VLAN 100, VLAN 101, and VLAN 102 on SW1, with the next hop to the address of interface Vlanif 110 on the AC.

Configure the DHCP service on the AC to assign addresses to VLAN 100, VLAN 101, and VLAN 102.

The configuration on the AR is as follows.

[AR]interface GigabitEthernet 0/0/0 [AR-GigabitEthernet0/0/0]ip address 192.168.111.2 24 [AR-GigabitEthernet0/0/0]quit [AR]ip route-static 192.168.0.0 16 192.168.111.1

The configuration on SW1 is as follows.

[SW1]vlan batch 100 110 111 [SW1]interface Vlanif 111 [SW1-Vlanif111]ip address 192.168.111.1 24 [SW1-Vlanif111]quit [SW1]interface Vlanif 110 [SW1-Vlanif110]ip address 192.168.110.1 24 [SW1-Vlanif110]quit [SW1]interface GigabitEthernet 0/0/3 [SW1-GigabitEthernet0/0/3]port link-type access [SW1-GigabitEthernet0/0/3]port default vlan 111 [SW1-GigabitEthernet0/0/3]quit [SW1]interface GigabitEthernet 0/0/2 [SW1-GigabitEthernet0/0/2]port link-type trunk [SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 110 100 [SW1-GigabitEthernet0/0/2]quit [SW1]interface GigabitEthernet 0/0/1 [SW1-GigabitEthernet0/0/1]port link-type access [SW1-GigabitEthernet0/0/1]port default vlan 100 [SW1-GigabitEthernet0/0/1]quit [SW1]ip route-static 192.168.100.0 24 192.168.110.2 [SW1]ip route-static 192.168.101.0 24 192.168.110.2 [SW1]ip route-static 192.168.102.0 24 192.168.110.2

The configuration on the AC is as follows.

[AC]vlan batch 100 101 102 110 [AC]interface Vlanif 100 [AC-Vlanif100]ip address 192.168.100.1 24 [AC-Vlanif100]interface Vlanif 101 [AC-Vlanif101]ip address 192.168.101.1 24 [AC-Vlanif101]interface Vlanif 102 [AC-Vlanif102]ip address 192.168.102.1 24 [AC-Vlanif102]interface Vlanif 110 [AC-Vlanif110]ip address 192.168.110.2 24 [AC]interface GigabitEthernet 0/0/1 [AC-GigabitEthernet0/0/1]port link-type trunk [AC-GigabitEthernet0/0/1]port trunk allow-pass vlan 110 100 [AC]ip route-static 0.0.0.0 0 192.168.110.1

Configure the DHCP service.

[AC]dhcp enable [AC]interface Vlanif 100 [AC-Vlanif100]dhcp select interface [AC-Vlanif100]interface Vlanif 101 [AC-Vlanif101]dhcp select interface [AC-Vlanif101]interface Vlanif 102 [AC-Vlanif102]dhcp select interface

Enter “display ip interface brief” in the AP to display the automatically obtained IP address.

[Huawei]display ip interface brief Interface IP Address/Mask Physical Protocol Vlanif1 192.168.100.123/24 up up

12.4.2 Configure the APs to Go On Line

Create a regulatory domain profile on the AC, create an AP group, apply the regulatory domain profile to the AP group, configure the interface or source address of the AC, and specify to add the AP to the AP group.

Create a regulatory domain profile. Since all WLAN-related configurations need to be done in the WLAN view, the administrator needs to first enter the WLAN view via the wlan command.

Use the regulatory-domain-profile name profile-name command in the WLAN view to create a regulatory domain profile and enter the view of this profile. In the regulatory domain profile, the administrator can set parameters such as country and area code, optimized channel and bandwidth. The following operation creates a regulatory domain profile, default, specifying the country and area code as cn.

[AC]wlan [AC-wlan-view]regulatory-domain-profile name default [AC-wlan-regulate-domain-default]country-code cn [AC-wlan-regulate-domain-default]quit [AC-wlan-view]

Next, use the WLAN view command ap-group name group-name to create AP groups named ap-Office1 and ap-Office2, and then enter the configuration view of the AP group and apply the regulatory domain profile here. When changing the regulatory domain profile applied to the AP group, the system will prompt a warning message and ask the administrator for confirmation. If the administrator wants to confirm the change, enter “y” and press the Enter key and then the change takes effect.

[AC-wlan-view]ap-group name ap-Office1 [AC-wlan-ap-group-ap-Office1]regulatory-domain-profile default Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y [AC-wlan-ap-group-ap-Office1]quit [AC-wlan-view]ap-group name ap-Office2 [AC-wlan-ap-group-ap-Office2]regulatory-domain-profile default Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y [AC-wlan-ap-group-ap-Office2]quit

Configure the source interface of the AC. Establish a CAPWAP tunnel of AP and the address of interface Vlanif 100.

[AC]capwap source interface Vlanif 100

Import the AP offline to the AC, and the following configuration adds the AP to the AP group via MAC address authentication.

[AC-wlan-view]ap auth-mode ? --View the identity authentication modes supported mac-auth MAC authenticated mode, default authenticated mode no-auth No authenticated mode sn-auth SN authenticated mode [AC-wlan-view]ap auth-mode mac-auth --Specify to use MAC address authentication [AC-wlan-view]ap-id 1 ap-mac 00e0-fcc4-15a0 [AC-wlan-ap-1]ap-name ap1 [AC-wlan-ap-1]ap-group ap-Office1 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y Info: This operation may take a few seconds. Please wait for a moment.. done. [AC-wlan-ap-1]quit [AC-wlan-view]ap-id 2 ap-mac 00e0-fcb1-02b0 [AC-wlan-ap-2]ap-name ap2 [AC-wlan-ap-2]ap-group ap-Office1 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y [AC-wlan-ap-2]quit [AC-wlan-view]ap-id 3 ap-mac 00e0-fc33-5190 [AC-wlan-ap-3]ap-name ap3 [AC-wlan-ap-3]ap-group ap-Office2 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y Info: This operation may take a few seconds. Please wait for a moment.. done. [AC-wlan-ap-3]quit [AC-wlan-view]ap-id 4 ap-mac 00e0-fcaf-5610 [AC-wlan-ap-4]ap-name ap4 [AC-wlan-ap-4]ap-group ap-Office2 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y Info: This operation may take a few seconds. Please wait for a moment.. done. [AC-wlan-ap-4]quit

After bringing the AP online, execute the display ap all command on the AC to check the status of the AP. When you see the “State” field of the AP is “nor”, it means the AP has been successfully online on the AC and it is in a normal state.

[AC]display ap all Info: This operation may take a few seconds. Please wait for a moment.done. Total AP information: nor : normal [4] ---------------------------------------------------------------- ID MAC Name Group IP Type State STA Uptime ---------------------------------------------------------------- 1 00e0-fcc4-15a0 ap1 ap-Office1 192.168.100.123 AP2050DN nor 0 14M:48S 2 00e0-fcb1-02b0 ap2 ap-Office1 192.168.100.20 AP2050DN nor 0 12M:4S 3 00e0-fc33-5190 ap3 ap-Office2 192.168.100.11 AP2050DN nor 0 10M:5S 4 00e0-fcaf-5610 ap4 ap-Office2 192.168.100.144 AP2050DN nor 0 20S ---------------------------------------------------------------- Total: 4

The output information of the display ap command is explained as follows.

ID: AP ID.
MAC: AP MAC address.
Name: AP name.
Group: the name of the AP group to which the AP belongs.
IP: IP address of the AP. In NAT scenario, the AP is on the private network and the AC is on the public network. This value is the private IP address of the AP.
Type: the AP type.
State: the AP state.
- normal: the normal state of the AP, meaning that the AP is successfully online on the AC.
- commit-failed: the WLAN service configuration fails to deliver after the AP is online.
- download: AP is being upgraded.
- fault: AP fails to go online.
- idle: the initial state before the AP and AC establish connection.
STA: the number of end users connected on the AP.
Uptime: the length of time the AP has been online.
ExtraInfo: extra information. P indicates that the device is under powered.

12.4.3 Configure WLAN Service Parameters

The administrator needs to configure service parameters related to the WLAN on the AC, which include SSID profiles, security profiles, and VAP profiles.

1.
Configure SSID profiles.

Since the SSIDs of the two offices are different, two SSID profiles need to be created.
[AC-wlan-view]ssid-profile name ssid-Office1 [AC-wlan-ssid-prof-ssid-Office1]ssid AP-Office1 [AC-wlan-ssid-prof-ssid-Office1]quit [AC-wlan-view]ssid-profile name ssid-Office2 [AC-wlan-ssid-prof-ssid-Office1]ssid AP-Office2 [AC-wlan-ssid-prof-ssid-Office1]quit

The administrator first enters the WLAN view using the wlan command, then creates an SSID profile named ssid-office1 using the ssid-profile name profile-name command, and enters the configuration view of this SSID profile. The length of SSID profile names is between 1 to 35 characters and names are not case-sensitive. In the SSID profile, the administrator can also configure other parameters, such as those related to QoS.
2.
Configure the security profile.

Two offices have different passwords for connecting to the AP, so two security profiles need to be created.
[AC-wlan-view]security-profile name Sec-Office1 [AC-wlan-sec-prof-Sec-Office1]security wpa-wpa2 psk pass-phrase a1234567 aes [AC-wlan-sec-prof-Sec-Office1]quit [AC-wlan-view]security-profile name Sec-Office2 [AC-wlan-sec-prof-Sec-Office2]security wpa-wpa2 psk pass-phrase b1234567 aes [AC-wlan-sec-prof-Sec-Office2]quit

In this example, the administrator created two security profiles, Sec-Office1 and Sec-Office2, on the AC. The length of the SSID profile name is between 1 to 35 characters and names are not case-sensitive. In the security profile view, the administrator sets the WPA2 + PSK + AES security policy and specifies the passwords as a1234567 and b1234567. The full syntax of this command is security {wpa | wpa2 | wpa-wap2} psk {pass-phrase | hex} key -value {aes | tkip | aes -tkip}. In this example, the administrator has chosen WPA2 as the authentication mode and AES the encryption mode. The length of the password that can be configured is between 8 to 63 characters. When setting the password, it is recommended that the administrator use a combination of upper- and lower-case letters, numbers and special characters to create a strong password.
3.
Configure VAP profiles.

VAP is short for Virtual AP, and by configuring multiple VAP profiles the delivering configurations in these VAP templates to the AP, the administrator can provide differentiated services for mobile access devices.

In this example, the wireless networks of Office1 and Office2 have different service VLANs and different authentication passwords, so two VAP profiles need to be created. In the VAP profile, set the data forwarding mode to tunnel forwarding, specify the service VLAN, and apply the SSID profile and security profile created previously.
[AC-wlan-view]vap-profile name vap-Office1 [AC-wlan-vap-prof-vap-Office1]forward-mode tunnel [AC-wlan-vap-prof-vap-Office1]service-vlan vlan-id 101 [AC-wlan-vap-prof-vap-Office1]ssid-profile ssid-Office1 [AC-wlan-vap-prof-vap-Office1]security-profile Sec-Office1 [AC-wlan-vap-prof-vap-Office1]quit [AC-wlan-view]vap-profile name vap-Office2 [AC-wlan-vap-prof-vap-Office2]forward-mode tunnel [AC-wlan-vap-prof-vap-Office2]service-vlan vlan-id 102 [AC-wlan-vap-prof-vap-Office2]ssid-profile ssid-Office2 [AC-wlan-vap-prof-vap-Office2]security-profile Sec-Office2 [AC-wlan-vap-prof-vap-Office2]quit

The administrator uses the vap-profile name profile-name command in WLAN view to create two VAP profiles named vap-office1 and vap-office2, and enters the configuration view of this VAP profile. The length of VAP profile names is between 1 to 35 characters and names are not case-sensitive.

In the VAP profile view, the administrator first sets the forwarding mode to tunnel forwarding by using the forward-mode tunnel command. Then the service-vlan vlan-id 101 command is used to specify the service VLAN as 101, the ssid-profile ssid-office1 command is used to apply the SSID profile, and the security-profile sec-office1 command is used to apply the security profile.
4.
Apply the VAP profiles to the AP group

The administrator needs to apply the configured VAP profiles to the AP groups before the AC can distribute the configuration of the VAP profiles to the APs so that the APs can work. Both RF0 and RF1 on the APs use the VAP profiles.
[AC-wlan-view]ap-group name ap-Office1 [AC-wlan-ap-group-ap-Office1]vap-profile vap-Office1 wlan 1 radio 0 [AC-wlan-ap-group-ap-Office1]vap-profile vap-Office1 wlan 1 radio 1 [AC-wlan-ap-group-ap-Office1]quit [AC-wlan-view]ap-group name ap-Office2 [AC-wlan-ap-group-ap-Office2]vap-profile vap-Office2 wlan 2 radio 0 [AC-wlan-ap-group-ap-Office2]vap-profile vap-Office2 wlan 2 radio 1 [AC-wlan-ap-group-ap-Office2]quit [AC-wlan-view]

The administrator first enters the WLAN view using the wlan command, and then enters AP group ap-group-office1 view using the ap-group name ap-group-office1 command. In the AP group view, the administrator uses the vap-profile command to bind the specified VAP profile to the specified RF. The full syntax of this command is vap-profile profile-name wlan wlan-id {radio {radio-id | all}}. The parameter profile-name is the name of the previously created VAP profile; the parameter wlan-id is the ID of the VAP in the AC, a maximum of 16 VAPs can be created in an AC, the value range of VAP ID is between 1 to 16, and ID 1 and 2 are used in this example; the parameter radio-id is the RF ID, and the AP in this example supports zero to one RF: RF 0 and RF 1, where RF 0 is the 2.4GHz RF and RF 1 is the 5GHz RF.

The WLAN service configuration will be automatically delivered to APs by the AC, and the administrator can use the display vap all command to check whether the VAP has been successfully created on all AP-supported RFs. The entry, AP name, shows the AP name configured by the administrator, and the RfID indicates the RF ID. When the Status is ON, it means that the VAP has been successfully created on the AP’s RF ID 1.
[AC]display vap all Info: This operation may take a few seconds, please wait. WID : WLAN ID -------------------------------------------------------------- AP ID AP name RfID WID BSSID Status Auth type STA SSID ------- 1 ap1 0 1 00E0-FCC4-15A0 ON WPA/WPA2-PSK 1 AP-Office1 1 ap1 1 1 00E0-FCC4-15B0 ON WPA/WPA2-PSK 0 AP-Office1 2 ap2 0 1 00E0-FCB1-02B0 ON WPA/WPA2-PSK 0 AP-Office1 2 ap2 1 1 00E0-FCB1-02C0 ON WPA/WPA2-PSK 0 AP-Office1 3 ap3 0 2 00E0-FC33-5190 ON WPA/WPA2-PSK 0 AP-Office2 3 ap3 1 2 00E0-FC33-51A0 ON WPA/WPA2-PSK 0 AP-Office2 4 ap4 0 2 00E0-FCAF-5610 ON WPA/WPA2-PSK 1 AP-Office2 4 ap4 1 2 00E0-FCAF-5620 ON WPA/WPA2-PSK 0 AP-Office2 -------------------------------------------------------------- Total: 8

The administrator uses the display vap ssid AP-Office1 command to check if the VAP has been successfully created on the AP-supported RF whose “ssid” is AP-Office1.
[AC]display vap ssid AP-Office1 Info: This operation may take a few seconds, please wait. WID : WLAN ID -------------------------------------------------------------- AP ID AP name RfID WID BSSID Status Auth type STA SSID ------- 1 ap1 0 1 00E0-FCC4-15A0 ON WPA/WPA2-PSK 1 AP-Office1 1 ap1 1 1 00E0-FCC4-15B0 ON WPA/WPA2-PSK 0 AP-Office1 2 ap2 0 1 00E0-FCB1-02B0 ON WPA/WPA2-PSK 0 AP-Office1 2 ap2 1 1 00E0-FCB1-02C0 ON WPA/WPA2-PSK 0 AP-Office1 -------------------------------------------------------------- Total: 4

Enter “display station all” to view the connected mobile devices.
[AC]display station all Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) -------------------------------------------------------------- STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address SSID -------------------------------------------------------------- 5489-9895-16a0 1 ap1 0/1 2.4G - -/- - 101 192.168.101.218 AP-Office1 5489-98ab-4629 4 ap4 0/1 2.4G - -/- - 102 192.168.102.73 AP-Office2 -------------------------------------------------------------- Total: 2 2.4G: 2 5G: 0

In the above output information, STA MAC is the MAC address of the mobile device, AP ID is the ID of the AP, Ap name is the name of the AP, VLAN is the service VLAN to which it belongs, and IP address is the IP address the client obtains. You can see that some mobile devices are in VLAN 101 and some are in VLAN 102, and they all obtain the IP addresses of the corresponding VLANs .

12.5 Development Trends of WLAN Technologies

Wi-Fi has become a ubiquitous technology in today’s world, providing wireless connections for billions of devices, and is also the favorable choice for more and more users to access the Internet. There is a trend that Wi-Fi is going to gradually replace wired access. To accommodate new service applications and reduce the bandwidth gap with wired networks, each generation of the 802.11 standard has been developed to significantly increase its rate.

With the emergence of various video conferences, wireless interactive VR, mobile teaching and other services applications, the number of Wi-Fi access terminals keeps growing. The development of IT is allowing more and more smart home devices to access Wi-Fi networks. Therefore, Wi-Fi networks still need to continuously improve its rate, and meanwhile consider whether more terminals can be connected so as to adapt to the expanding number of client devices and accommodate users’ experience needs of different applications.

The next generation of Wi-Fi needs to address the problem of reduced efficiency of the entire Wi-Fi network due to the increasing number of terminals connected, and the IEEE 802.11 working group has already started to deal with this challenge as early as 2014. The 802.11ax standard will introduce technologies such as Orthogonal Frequency Division Multiple Access (OFDMA), Multi-User Multiple-Input Multiple-Output (MU-MIMO), and 1024-QAM high-order modulation, so as to solve the problem of network capacity and transmission rate in terms of spectrum resource utilization and multi-user access. The goal is to increase the average user throughput by at least four times compared to today’s Wi-Fi 5 in a dense user environment and increase the number of concurrent users by more than three times, hence Wi-Fi 6 (802.11ax) is also known as High efficiency WLAN (HEW).

As Wi-Fi standards evolve, the Wi-Fi Alliance has renamed Wi-Fi using numeric sequences in order to make it easy for Wi-Fi users and device manufacturers to understand standards of the Wi-Fi their devices are connected to or support. On the other hand, the next-generation naming approach was also chosen to highlight the significant advancements in Wi-Fi technology, which offers a host of new features, including greater throughput, faster speeds, more concurrent connections supported, etc. On September 16, 2019, the Wi-Fi 6 certification program was announced to certify devices using the next-generation 802.11ax standard wireless communication technology.

As with each previous release of a new 802.11 standard, 802.11ax will be compatible with the previous 802.11ac/n/g/a/b standards, and older terminals can seamlessly access 802.11ax networks in the same way.

802.11ax was originally designed to suit high-density wireless access and high-capacity wireless services, such as outdoor large public places, high-density venues, high-density wireless indoor offices and electronic classrooms.

In these scenarios, client devices accessing the Wi-Fi networks will register a tremendous growth. In addition, the voice and video traffic that is also increasing has an impact on Wi-Fi networks. We all know that 4K video streaming (bandwidth requirement of 50 Mbit/s per person), voice streaming (time latency of less than 30 ms), VR streaming (bandwidth requirement of 75 Mbit/s per person, time latency of less than 15 ms) are very sensitive to bandwidth and time latency. Transmission latency caused by network congestion or retransmission will have a huge impact on users’ experience. Though the existing Wi-Fi 5 (802.11ac) network is able to provide large bandwidth capability, as more users access the network, throughput performance hits a bottleneck. In contrast, the Wi-Fi 6 (802.11ax) network make these services more reliable through technologies such as OFDMA, UL MU-MIMO, and 1024-QAM. Only can it support more clients to access, but it can also balance the bandwidth per user. For example, in an electronic classroom, previously, if the lecture is convened in a large class with more than 100 students, transmitting video or uplink and downlink interactions are facing comparatively huge challenge, but the 802.11ax network can easily handle the scenario.

12.6 Exercises

1.
What are the advantages of direct networking and networking in bypass mode?
2.
(Multi-selection) What are the ways for fit APs to discover ACs? ( )
1. A.
  Static discovery
2. B.
  DHCP dynamic discovery
3. C.
  FTP dynamic discovery
4. D.
  DNS dynamic discovery
3.
Which of the following standards organizations is for WLAN device authentication to achieve WLAN technology interoperability? ( )
1. A.
  Wi-Fi Alliance
2. B.
  IEEE
3. C.
  IETF
4. D.
  FCC
4.
The CAPWAP protocol is a WLAN standard proposed by the IEEE standards organization in April 2009 for communication between ACs and Fit APs. Is this statement correct? ( )
1. A.
  Correct
2. B.
  Incorrect
5.
What is the number of channels supported by China in the 2.4 GHz band? ( )
1. A.
  11
2. B.
  13
3. C.
  3
4. D.
  5
6.
(Multi-selection) What are the WLAN working bands? ( )
1. A.
  2 GHz
2. B.
  5 GHz
3. C.
  5.4 GHz
4. D.
  2.4 GHz
7.
Which of the following standards is a wireless LAN standard originally developed by IEEE? ( )
1. A.
  IEEE 802.11
2. B.
  IEEE 802.10
3. C.
  IEEE 802.12
4. D.
  IEEE 802.16
8.
Huawei’s AP products can only support the configuration of one SSID. Is this statement correct? ( )
1. A.
  Correct
2. B.
  Incorrect
9.
What is the full name of SSID? ( )
1. A.
  Basic service set
2. B.
  Basic service area
3. C.
  Extended service set
4. D.
  Service set identifier
10.
The infrastructure mode network consisting of multiple APs and the distributed systems connecting them is also called ( ).
1. A.
  Basic service set
2. B.
  Basic service area
3. C.
  Extended service set
4. D.
  Extended service area
11.
The VLAN used as the AP to establish the CAPWAP tunnel with the AC is ( ).
1. A.
  Management VLAN
2. B.
  Service VLAN
3. C.
  User VLAN
4. D.
  Authentication VLAN
12.
(Multi-selection) To configure the authentication mode of the AP, the authentication modes supported by the AP are ( ).
1. A.
  mac-auth
2. B.
  sn-auth
3. C.
  no-auth
4. D.
  mac-sn-auth
13.
When the AC uses networking in bypass mode, if the data is forwarded directly, the data flow _______ the AC; if the data is forwarded in tunnels, the data flow the AC. ( )
1. A.
  does not pass, passes
2. B.
  does not pass, does not pass
3. C.
  passes, passes
4. D.
  passes, does not pass
14.
When an AC has only one interface to the aggregation layer switch, and user traffic goes out of the public network directly through the aggregation layer switch without flowing through the AC, then the networking mode should be ( ) at this time.
1. A.
  bypass mode + tunnel forwarding
2. B.
  bypass mode + direct forwarding
3. C.
  Direct connection mode + tunnel forwarding
4. D.
  Direct connection mode + direct forwarding

Author information

Authors and Affiliations

Consortia

Huawei Technologies Co., Ltd.

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (http://creativecommons.org/licenses/by-nc-nd/4.0/), which permits any noncommercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if you modified the licensed material. You do not have permission under this license to share adapted material derived from this chapter or parts of it.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Huawei Technologies Co., Ltd.. (2023). WLAN Technologies. In: Data Communications and Network Technologies. Springer, Singapore. https://doi.org/10.1007/978-981-19-3029-4_12

Download citation

DOI: https://doi.org/10.1007/978-981-19-3029-4_12
Published: 22 October 2022
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-3028-7
Online ISBN: 978-981-19-3029-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

WLAN Technologies

Abstract

12.1 Overview of WLAN

12.1.1 What Is WLAN

12.1.2 WLAN Standards and Wi-Fi Evolution

12.1.3 Development of Wi-Fi in Office Scenarios

12.2 WLAN Devices and Networking

12.2.1 Introduction to WLAN Devices

12.2.2 Basic WLAN Networking Architecture

12.2.3 Agile Distributed AP Architecture

12.2.4 Concepts of Wired Networking

12.2.5 Concepts of Wireless Networking

12.3 Working Principles of WLAN

12.3.1 Working Process of WLAN

12.3.2 APs Go Online Process

12.3.3 Deliver WLAN Service Configuration

12.3.4 STA Access

12.3.5 WLAN Service Data Forwarding

12.4 Case: Layer 2 Networking Tunnel Forwarding in Bypass Mode

12.4.1 Configure Network Interworking

12.4.2 Configure the APs to Go On Line

12.4.3 Configure WLAN Service Parameters

12.5 Development Trends of WLAN Technologies

12.6 Exercises

Author information

Authors and Affiliations

Consortia

Huawei Technologies Co., Ltd.

Rights and permissions

Copyright information

About this chapter

Cite this chapter

Download citation

Share this chapter

Publish with us

Search

Navigation