Cis 187 Multilayer Switched Networks (CCNP Switch) Integrating Wireless Lans

CIS 187 Multilayer Switched Networks (CCNP Switch) Integrating Wireless LANs
Rick Graziani Cabrillo College graziani@cabrillo.edu Spring 2010
Recommended Reading and Sources for this Presentation
Pejman Roshan Jonathan Leary ISBN: 1587050773
Matthew S. Gast ISBN:
0596100523
To understand WLANs it is important to understand the 802.11 protocols and their operations. These two books do an excellent job in presenting this information and is used throughout this and other presentations. Thanks to Pejman Roshan and Jonathan Leary at Cisco Systems, authors of 802.11 Wireless LAN Fundamentals for allowing me to use their graphics and examples for this presentation. Also thanks to Matthew Gast for author of 802.11 Wireless Networks, The Definitive Guide 2 for allowing me to use their graphics and examples for this presentation.
Note:
You may see the reference (see WLAN pres.) in many of these slides. I have left out a lot of the detail for this presentation. You can refer to the books that I have recommended or review the powerpoint slides on my WLAN class web page. http://www.cabrillo.edu/~rgraziani/courses/cis140.html
802.11 Standards
Overview of Standardization
Standardization of networking functions has done much to further the development of affordable, interoperable networking products. This is true for wireless products as well. Prior to the development of standards, wireless systems were plagued with low data rates, incompatibility, and high costs. Standardization provides all of the following benefits: Interoperability among the products of multiple vendors Faster product development Stability Ability to upgrade Cost reductions
5
IEEE 802.11 Architecture
802.11 is a family of protocols, including the original specification, 802.11, 802.11b, 802.11a, 802.11g and others. Officially called the IEEE Standard for WLAN MAC and PHY specifications. 802.11 is just another link layer for 802.2 802.11 is sometimes called wireless Ethernet, because of its shared lineage with Ethernet, 802.3. The wired network side of the network could be Ethernet, Token Ring, etc.(we will always use Ethernet in our examples) Access Points and Bridges act as translation bridges between 802.11 and 802.3 (or other other protocol)
6
Overview of WLAN Topologies

IBSS BSS ESS Access Points Quick Preview: Station/AP Connectivity
Overview of WLAN Topologies
Three types of WLAN Topologies: Independent Basic Service Sets (IBSS) Basic Service Set (BSS) Extended Service Set (ESS) Service Set A logical grouping of devices. WLANs provide network access by broadcasting a signal across a wireless radio frequency. Transmitter prefaces its transmissions with a Service Set Identifier (SSID) A station may receive transmissions from transmitters with the same or different SSIDs.
Independent Basic Service Sets (IBSS)
IBSS consists of a group of 802.11 stations directly communicating with each other. No Access Point used Also known as an ad-hoc network. Our focus will be BSSs and ESSs.
Basic Service Set (BSS)
BSS, also known as an Infrastructure BSS (never called IBSS) Requires an Access Point (AP) Converts 802.11 frames to Ethernet and visa versa Known as a translation bridge Stations do not communicate directly, but via the AP APs typically have an uplink port that connects the BSS to a wired network (usually Ethernet), known as the Distribution System (DS).
10
Extended Service Set (ESS)
Multiple BSSs can be connected together with a layer 2 backbone network to form an Extended Service Set (ESS). 802.11 does not specify the backbone network The backbone network is also known as the Distribution System (DS) and could be wired or wireless. Stations are associated with only one AP at a time.
11
Access Points
Access Point (AP) Translates (converts) 802.11 frames to Ethernet and visa versa Known as a translation bridge Typically provides wireless-to-wired bridging function All BSS communications must go through the AP, even between two wireless stations
12
Quick Preview: Station/AP Connectivity

SSID (Service Set Identity) At a minimum a client station and the access point must be configured to be using the same SSID. An SSID is: Between 2 and 32 alphanumeric characters Spaces okay Must match EXACTLY, including upper and lower case Sometimes called the ESSID Not the same as BSSID (MAC address of the AP, later)
13
Looking for an AP?
Using NetStumbler
14
802.11 Medium Access Mechanisms

DCF Operations Hidden Node Problem RTS/CTS Frame Fragmentation
802.11 Frames This isnt Ethernet!

Distribution System (DS) IP Packet
General 802.11 Frame

L IP Packet L C
802.11 has some similarities with Ethernet but it is a different protocol. Access Points are translation bridges.
16
802.11 Frames
802.11 Frames Data Frames (most are PCF) Data Null data Data+CF+Ack Data+CF+Poll Data+CF+Ac+CF+Poll CF-Ack CF-Poll CF-Cak+CF-Poll Control Frames RTS CTS ACK CF-End CF-End+CF-Ack
Management Frames Beacon Probe Request Probe Response Authentication Deauthentication Association Request Association Response Reassociation Request Reassociation Response Disassociation Announcement Traffic Indication
17
Medium Access CSMA/CA

All stations detect the collision ACK
CSMA/CD
CSMA/CA
Both CSMA/CD and CSMA/CA are half-duplex architectures Ethernet uses CSMA/CD Collision Detection Ethernet devices detect a collision as when the data is transmitted 802.11 uses CSMA/CA Collision Avoidance 802.11 devices only detect a collision when the transmitter has not received an Acknowledgement. Stations also use CS/CCA (see WLAN pres.) Stations also use a virtual carrier-sense function, NAV (see WLAN pres.) 18
Medium Access CSMA/CA

All stations detect the collision ACK
CSMA/CA CSMA/CD The 802.11 standard makes it mandatory that all stations implement the DCF (Distributed Coordination Function), a form of carrier sense multiple access with collision avoidance (CSMA/CA). The main goal of CSMA/CA is to avoid having stations transmit at the same time, which will then result in collisions and eventual retransmissions. However, collisions may still occur and when they do stations may or may not be able to detect them (hidden node problem).
19
DCF and PCF
IEEE mandated access mechanism for 802.11 is DCF (Distributed Coordination Function) Basis for CSMA/CA There is also the PCF (Point Coordination Function) (See WLAN pres.)
20
DCF Operation
An example will be coming!
In DCF operation, a station wanting to transmit : Checks to see if radio link is clear, CS/CCA Carrier Sense, Clear Channel Assessment (see WLAN presentation) Checks its NAV timer (coming) to see if someone else is using the medium. If medium is available DCF uses a random backoff timer to avoid collisions and sends the frame. Transmitting station only knows the 802.11 frame got there if it receives an ACK. May also use RTS/CTS to reduce collisions (see WLAN pres.)
21
Duration Field
General 802.11 Frame (more on this later)
Duration/ID field The number of microseconds (millionths of a second) that the medium is expected to remain busy for transmission currently in progress. Transmitting device sets the Duration time in microseconds. Includes time to: Transmit this frame to the AP (or to the client if an AP) The returning ACK The time in-between frames, IFS (Interframe Spacing) All stations monitor this field! All stations update their NAV (Network Allocation Vector) timer.
22
NAV Timer
All stations have a NAV (Network Allocation Vector) timer. Virtual carrier-sensing function Protects the sequence of frames from interruption. Martha sends a frame to George. Since wireless medium is a broadcast-based (not broadcast frame) shared medium, all stations including Vivian receive the frame. Vivian updates her NAV timer with the duration value. Vivian will not attempt to transmit until her NAV is decremented to 0. Stations will only update their NAV when the duration field value received is greater than 23 their current NAV.
Broadcast-based shared medium

Host A is sending 802.11 frames to another host via the AP. All other 802.11 devices in BSS (on this channel) and within range of the signal will see the frame. 802.11 framing provides addressing, so only the AP knows it is the next-hop receiver. Other 802.11 devices within this BSS can sense that the medium is in use and will update their NAV values.
What if a station is in range of the AP but not the Host A? (Hidden node problem see WLAN pres.) 24
Interframe Spacing (IFS)

802.11 uses four different interframe spaces used to determine medium access (note: microsecond = millionth of a second): DIFS DCF Interface Space Minimum amount of medium idle time until contention-based services begin.
PIFS PCF Interframe Space Used by PCF (See WLAN pres.) SIFS Short Interframe Space Used for highest priority transmission, ACKs, RTS, CTS (See WLAN pres.) EIFS Extended Interframe Space Not a fixed interval and used only when there is an error in frame transmission. (See WLAN pres.) 25
Example
Im waiting
Scenario: Both Vivian and George want to transmit frames. Both stations have same NAV values and physically sense when the medium is idle. Both are waiting for Marthas transmission to end and the medium to become available. The medium now becomes available.
26
Im waiting
Example
Random backoff slots
George and Vivian are both wanting to transmit. Both perform the following: Both sense that medium is available using Physical and Virtual Carriers Sensing: Physical: Physically senses medium is idle (CS/CCA see WLAN pres). Virtual: NAV timer is 0 Both waits DIFS (DCF Interface Space) Contention window begins. Uses random backoff algorithm to determine when it can attempt to access the medium. (next)
27
Example
Vivian (7), George (31)
Both Vivian and George calculate their random backoff algorithm to randomly selects a value from 0 to 255. Vivian has a slot time of 7 George a slot time of 31. Vivian wins! The destination of her frame is George (could have been a station on the wired network.)
28
Example
Others update NAV
Martha and George receive broadcastbased 802.11 frame.
(((
)))
Vivian transmits, setting the Duration ID to the time needed to transmit, ACK and IFSs. George with a higher slot will see the 802.11 frame from Vivian and wait to transmit. Assuming their was not a collision from another station, Martha and George update their NAVs.
29
Example
The frame arrives at the AP. After the SIFS: The AP sends an ACK back to Vivian, which is how Vivian knows the frame was received by the AP. The AP now has the frame and must contend for access to the medium like all other stations. Remember, 802.11 uses a half-duplex, shared medium and the AP has to contend for access just like all other devices!
30
802.11 Data Frames and Addressing
Ethernet MAC Addressing

X
xxx
Distribution System (DS)
Access Point 1
Y yyy
Access Point 2
A
xxx
yyy
Pseudo MAC address of hosts
xxx
yyy
IP Packet
32
802.11 MAC Addressing

The LLC encapsulation will be explained later in this presentation.
Four address fields The address of these fields is dependent upon the source and destination for the 802.11 frame. Address 4 is optional and not commonly used, except for WDS (wireless distribution system, bridge to bridge).
33
802.11 MAC Addressing Frame Control Field

To DS: indicates if frame is destined for the DS or AP (1 bit). From DS: indicates if frame is sourced from the DS or AP (1bit).
34
802.11 MAC Addressing Frame Control Field

Function IBSS (no AP) To AP From AP Wireless bridge to bridge
ToDS 0 1 0 1
FromDS 0 0 1 1
Note: Some documentation is misleading stating that the ToDS is set to 1 only when the destination is on the wired side of the AP.
35

X
xxx
Access Point 1 Access Point 2
A
aaa
111
B
bbb
111
aaa
bbb
Pseudo MAC address of hosts and BSSID of AP1
Lets look at these options: Host A to Host B Host A to Host X Host X to Host A
36
802.11 MAC Addressing The BSSID

X
xxx
A
aaa
111
B
bbb
Each BSS is assigned a BSSID. Not to be confused with SSID or ESSID. BSSID 48 bit identifier which distinguishes it from other BSSs in the network, used for filtering. In a BSS, the BSSID is the MAC address of the wireless interface. Remember, normal switches (bridges) may have MAC addresses, but these addresses are only used for management purposes and not for layer 2 frame forwarding (addressing).
37
BSSID Cisco 1200
BSSID
BSSID for 802.11a WLAN
38
802.11 MAC Addressing Host A to Host B

X
xxx
A
aaa
111
B
bbb
Address 1 Receiver address Address 2 Transmitter address Address 3 Ethernet/wireless SA, Ethernet/wireless DA, or BSSID
Receiver: Receives a frame on the wireless medium, but may not be the final destination, i.e. AP Transmitter: Sends a frame on to the wireless medium, but may not be the original source (didnt necessarily create the frame), i.e. AP
39

Host A to Host B
X
xxx
A
aaa Host A to AP 1
Rec. Trans. DA
111
B
bbb
111
1 0
aaa
bbb
AP1 to Host B
Rec.
Trans.
SA
bbb
111
aaa
Address 1 Receiver address Address 2 Transmitter address Address 3 Ethernet/wireless SA, Ethernet/wireless DA, or BSSID
40

Distribution System (DS) IP Packet

L IP Packet L C
Access Points are translation bridges. From 802.11 to Ethernet, and from Ethernet to 802.11 The data/frame body is re-encapsulated with the proper layer 2 frame (Ethernet or 802.11). Certain addresses are copied between the two types of frames.
41
802.11 MAC Addressing Host A to Host X

Host A to AP 1
802.11 Frame
X
xxx
aaa
Rec. Trans. DA
111
B
bbb
111
aaa
xxx
AP 1 to Host X xxx aaa
The Ethernet DA and SA are the source and destination addresses just like on traditional Ethernet networks. Destination Address Host X Source Address Host A
42

Host A to Host X
Host A to AP 1
802.11 Frame
X
xxx
aaa
Rec. Trans.
A
DA
111
B
bbb
111
aaa
xxx
xxx
aaa
AP 1 to Host X
The AP (bridge) knows which MAC addresses are on on its wireless interface and maintains a table with those MAC addresses. (from the Association process later) When the AP receives an 802.11 frame, it examines the Address 3 address. If Address 3 is not in its table of wireless MACs it knows it needs to translate the frame to an Ethernet frame. The AP copies the Address 3 address to the Ethernet Destination Address, and 43 Address 2 (Transmitter address) is copied to the Ethernet Source Address.

Host X to Host A X
xxx
Y
111
A
aaa
B
bbb
44
802.11 MAC Addressing Host X to Host A

Host X to AP 1 aaa xxx
X
xxx
aaa
111
B
bbb
Destination Address Host X Source Address Host A AP 1 to Host A

802.11 Frame
0 1
Rec.
copied
Trans.
SA
aaa
111
xxx
The AP (bridge) knows which MAC address on on its wireless interface and maintains a table with those MAC addresses. (via Association process later)
When the AP receives an Ethernet frame, it examines the Destination address. If Destination Address is in its table of wireless MACs it knows it needs to translate the frame to an 802.11 frame. The AP copies the Destination address to the 802.11 Address 1, and Ethernet Source is 45 copied to the Address 3 address (SA in this case).

xxx xxx aaa
1 2
111 aaa
So how do Ethernet switches know where the wireless stations are? Just like wired stations using the source address of frames that came from the wireless station via the access point. Here the switch learns from the incoming Ethernet frame that Source Address aaa is on port 2 and enters that in its MAC address table. Any frames coming into the switch (ex. port 1) with a Destination Address of aaa, the switch knows to forward those frames out port 2 (towards the AP).
46
802.11 MAC Layer Operations

Station Connectivity Power Save Operations 802.11 Frame Formats
Station Connectivity
48
Successful Authentication Successful Association
State 1 Unauthenticated Unassociated
State 2 Authenticated Unassociated

Deauthentication Disassociation
State 3 Authenticated Associated
Station connectivity is a explanation of how 802.11 stations select and communicate with APs.
49
Probe process Authentication process
Successful Authentication
Association process
Successful Association

Three processes: Probe Process (or scanning) The Authentication Process The Association Process Only after a station has both authenticated and associated with the access point can it use the Distribution System (DS) services and communicate with devices beyond the access point.
50
Station Connectivity Probe Process
The Probe Process (Scanning) done by the wireless station Passive - Beacons Active Probe Requests Used by client to determine: SSID Supported data rates Security Depends on device drive of wireless adapter or the software utility you are using. Cisco adapters do active scanning when associating, but use passive scanning for some tests. In either case, beacons are still received and used by the wireless stations for other things besides scanning (coming).
51
Station Connectivity Passive Scanning

Passive Scanning Saves battery power Station moves to each channel and waits for Beacon frames from the AP. Records any beacons received. Beacon frames allow a station to find out every thing it needs to begin communications with the AP including: SSID Supported Rates
52
Station Connectivity Active Scanning

Active Scanning: Probe Request This process is not mandatory on with 802.11. A Probe Request frame is sent out on every channel (1 11) by the client. APs that receive Probe Requests must reply with a Probe Response frame if:
From the client
From the AP
53
Association process

Station connectivity processes: Probe Process (or scanning) The Authentication Process The Association Process Only after a station has both authenticated and associated with the access point can it use the Distribution System (DS) services and communicate with devices beyond the access point.
54
Authentication Process
On a wired network, authentication is implicitly provided by the physical cable from the PC to the switch. Authentication is the process to ensure that stations attempting to associate with the network (AP) are allowed to do so. 802.11 specifies two types of authentication: Open-system Shared-key (WEP, WPA, WPA2, etc.)
55
Association process

Station connectivity processes: Probe Process (or scanning) The Authentication Process The Association Process Only after a station has both authenticated and associated with the access point can it use the Distribution System (DS) services and communicate with devices beyond the access point.
56
Association Process
1. Association Request 2. Association Response
The association process is logically equivalent to plugging into a wired network. Once this process is completed, the wireless station can use the DS and connect to the network and beyond. A wireless station can only associate with one AP (802.11 restriction) During the 802.11 association process the AP maps a logical port known as the Association Identifier (AID) to the wireless station. The AID is equivalent to a port on a switch and is used later in Power Save Options. The association process allows the DS to keep track of frames destined for the wireless station, so they can be forwarded.
57
Power Save (PS) Operations
A key factor in wireless is mobility, which implies batteries. To preserve battery power the 802.11 specification provides for power saving operations on the wireless clients. 802.11 categories for power savings refer to: Unicast frames Broadcast/Multicast frames
58
The Cisco ACU has three options for Power Saving: CAM (Constantly Awake Mode) MAX PSP (Max Power Savings) Fast PSP (Fast Power Saving Mode) (see WLAN pres).
59

Im awake. Let me listen for a beacon to see if there is any traffic for me. If not, I can go back to sleep.
beacon
A client enters low-power mode by turning off its radio. The AP buffers (holds) frames destined for that station while it is in PS mode. At a certain interval the client wakes up to listen for a beacon from the AP. The beacon contains information on whether or not there are frames for this station at the AP. If there are no frames buffered for this station it can return to PS mode.
60

There are frames for me! Please send them to me.
Beacon (frames buffered) PS-Poll (send them to me) Frame 1 ACK
The basics: If there are frames buffered for this station it will poll the AP for those frames. The AP will then send the frames to the station.
61
802.11 Frame Formats (Some of them)

802.11 Frames Data Frames (most are PCF) Data Null data Data+CF+Ack Data+CF+Poll CF-Cak+CF-Poll Data+CF+Ac+CF+Poll CF-Ack CF-Poll Control Frames RTS CTS ACK CF-End CF-End+CF-Ack
Management Frames Beacon Probe Request Probe Response Authentication Deauthentication Association Request Association Response Reassociation Request Reassociation Response Disassociation Announcement Traffic Indication
62
Integrating WLANs
Mapping VLANs to SSIDs

VLAN 10 VLAN 10 VLAN 20
Access VLAN 10
Trunk VLAN 10, 20
SSID Marketing
SSID Marketing
SSID Engineering
AP is a translational bridge, bridging tow dissimilar mediums. AP is in charge of mapping a VLAN to an SSID. For multiple VLANs (SSIDs) a trunk will need bo be created between the AP and the switch.
64
WLAN Cells
When APs overlap, adjacent APs cannot use identical frequencies otherwise you have interference. Roaming: A client moving from one AP to another. Any data that the client was sending needs to be relayed from one AP to the new AP.
65
Roaming
Layer 2 roaming: A WLAN device moves, the original and the new AP offer coverage for the same IP subnet, so the devices IP address is still be valid after the roam. Layer 3 roaming: Client moves from an AP that covers one IP subnet to an AP that covers another IP subnet. Would mean a new IP address and default gateway that are valid within the new APs IP subnet Causes existing data sessions or voice sessions to fail. Solution: Cisco Unified Wireless Network and Intercontroller roaming.
66
WLAN Architecture
Traditional WLAN Architecture

Traditional WLAN each AP serves as the central hub for its own BSS. Each AP must be configured individually for network policies including: Radio frequency (RF) Security policies Authentication and association Monitoring traffic QoS Bandwidth policing Rogue AP detection Cisco calls this an autonomous mode AP. Traffic patterns for an autonomous AP are completely handled by the AP.
BSS Range
68
Traditional WLAN Architecture
Switched Routed
AP can support multiple SSIDs if multiple VLANs are extended to it over a trunk link. If you want to offer the same SSIDs from several automous APs, the VLANS must be extended to the APs in a contiguous manner. Problem is that the SSID and its VLAN would have to be extended everywhere the user could possibly roam. This would cause end-to-end or campus-wide VLANs which is not good network 69 design practice.
Cisco Unified Wireless Network Architecture

Real-time Processes RF Transmit/Receive MAC Management Encryption Management Processes RF Management Association & Roaming Management Client Authentication Security Management QoS Real-time Processes RF Transmit/Receive MAC Management Encryption Management Processes RF Management Association & Roaming Management Client Authentication Security Management QoS
Traditional WLAN
LWAPP or CAPWAP Tunnel
Cisco Unified Wireless Network
Cisco Unified Wireless Network Architecture centralizes many traditional capabilities moving many functions to a central location including: WLAN security WLAN deployment WLAN management WLAN control
70

Real-time Processes RF Transmit/Receive MAC Management Encryption Management Processes RF Management Association & Roaming Management Client Authentication Security Management QoS Real-time Processes RF Transmit/Receive MAC Management Encryption Management Processes RF Management Association & Roaming Management Client Authentication Security Management QoS
Traditional WLAN
LWAPP or CAPWAP Tunnel
Cisco Unified Wireless Network
Real-time processes include: Sending/receiving 802.11 frames, AP beacons, probes, data encryption. Management processes include: RF management, roaming management, QoS, security. Including all those association, authentication, power saving, etc. tasks we saw previously.
71

LWAPP or CAPWAP Control Messages
LAP
WLC
LWAPP or CAPWAP
Encapsulated Data
LAP or LWAP (Lightweight Access Point) Performs only the real-time 802.11 operations. Layer 1 and 2 operations The IOS image and local intelligence is stripped down compared to autonomous APs. Dependent upon the WLC for all other operations. WLC (Wireless LAN Controller) Performs all management functions This is known as split-MAC architecture
72
Two devices have a LWAPP or CAPWAP tunnel to exchange 802.11 messages and client data. LAP and WLC can be in the same VLAN/IP subnet or different ones. The LWAPP or CAPWAP tunnel allows user data to be switched or routed across the campus network. LWAPP (Lightweight Access Point Protocol) Developed by Cisco, submitted as draft RFC 4118 CAPWAP (Control and Provisioning Wireless Access Points protocol) The resulting standard.
73
Control messages are authenticated and encrypted so the LAP is securely controlled by the WLC. This also prevents rogue APs from being introduced into the network. Data Packets to and from wireless clients associated with the LAP are encapsulated with the LWAPP or CAPWAP tunnel but are not encrypted or otherwise secured between the LAP and WLC.
74
WLC (Wireless LAN Controller) functions: Dynamic channel assignment Chooses and configures RF channel for each LAP. Transmit power optimization Sets transmit power for each LAP based on size of coverage area needed. Self-healing wireless coverage If a LAP radio dies other LAPs can have their power increased. Flexible client roaming Manages Layer 2 and 3 roaming. Dynamic client load balancing If multiple LAPs are in same coverage area, WLC can associate clients with the least used LAP. RF monitoring Scans channels to monitor RF usage, interference, noise, and signals from regue APs. Security management Require clients to get their IP address from a trusted DHCP 75 server before allowing them to associate.
WLC available on several platforms including WLC module for ISR routers (2800 and 3800). The easiest way to distinguish between a regular AP and a LAP is to look at the part number of the AP. LAP (Lightweight AP Protocol [LWAPP])Part numbers always begin with AIR-LAPXXXX. Autonomous AP (Cisco IOS Software)Part numbers always begin with AIR-APXXXX. 76
WCS
Cisco Wireless Control System (WCS) Optional - Allows for easier management of several WLCs. Server platform which uses a GUI front-end. Uses floor plans to display dynamic representations of wireless coverage. Can be used with Cisco Wireless Location Appliance to track the location of thousands of clients.
77

DHCP Server
LAPs (Lightweight Access Point) are designed to be zero touch configuration. Gets is configuration parameters from the WLC Do not need to configure it through its console port or over the network. LAP Operations Step 1: LAP obtains an IP address from DHCP server Step 2: LAP learns IP address of an available WLCs DHCP server adds option 43 to its reply containing a list of WLCs, or LAP broadcasts a join request message (as long as the WLC on the local subnet) Step 3: LAP sends a join request to the first WLC in its list. Step 4: WLC compares IOS image number stored to the one stored on the WLC. If they differ the LAP download the code on the WLC and reboots. Step 5: WLCP and LAP build a secure LWAPP or CAPWAP tunnel for management traffic, and LWAPP or CAPWAP tunnel (not secured) for wireless client data.
78
HREAP
WLC
When LAP is cut off from WLC client associations are dropped and no data can pass over the WLAN. Cisco Hybrid Remote Edge Access Point (HREAP) is used when LAPs are separated from WLCS over a WAN link. The LAPs can keep operating even while the WAN link is down and the WLC is not available like an autonomous AP. Allows wireless clients to keep communicating within the remote site.
79
Traffic Patterns
Single VLANs
Traffic patterns differ than traditional WLANs. Client data passes: From Client A to LAP From LAP to WLC From WLC back to LAP From LAP to Client B Encryption is still handled between the LAP and the client.
BSS Range
81
Multiple VLANs
With traditional WLANs the access VLANs must be extended or trunked between APs and multilayer switch. This is not the case with LAPs and WLCs. There are two VLANs A and B with their respective SSIDs A and B. The VLANs exist on the trunk between the MLC and SW2 but go no further. The LAPs and the WLC are connected by VLAN Z which is can be totally isolated from VLANs A and B. VLANs A and B are carried over the LWAPP tunnel so they are logically connected between the LAP and the WLC.
82
Roaming in a Cisco Unified Wireless Network
Traditional Roaming
A WLAN designer must determine whether clients will require seamless roaming from access point to access point. IEEE 802.11 IAPP (Inter-Access Point Protocol). Initial Association: Probing (Probe Request, Probe Response) Authentication (Authentication Request, Authentication Response) Association (Association Request, Association Response) 802.11 does not allow associating with more than one AP.
84
Traditional Roaming
IAPP: Please send buffered frames for IAPP: Ok! * Packet - Source MAC of client
The client initiates the roaming (re-association) process. As the client is moving out of range of its associated AP, the signal strength will start to drop off. At the same time, the strength of another AP will begin to increase. The re-association process then occurs, including authentication.
* AP(B) must update MAC address tables on infrastructure switches to prevent to loss of data. AP(B) sends an Ethernet frame to AP(A) with the source MAC address of the client so all the switches can update their SAT/MAC tables.
85
Roaming in a Cisco Unified Wireless Network
With autonomous APs when a client roams its association moves from one AP to another. Client must negotiate the move independently and the APs must also make sure any buffered data from the client is passed along with the association. WLC supports both Layer 2 and Layer 3 roaming.
86
Intracontroller Roaming
Both LAP1 and LAP2: Use SSID MyWLAN Joined to the same WLC Client roams into area covered by AP2. Although the AP has changed the same controller is providing the association with through the LWAPP or CAPWAP tunnel. This is known as intracontroller roaming.
87
Intracontroller Roaming
Intracontroller roaming. The WLC (controller) simply updates its tables to begin using the LWAPP or CAPWAP tunnel to LAP2. Any leftover data that was buffered for the prior association with LAP1 is easily shifted to new association with LAP2.
88
Intercontroller Roaming (same subnet)

Same Subnet
Same IP address
Intercontroller roaming: When LAPs are supported by multiple WLCs (controllers) for redundancy, load balancing or scalability. Client moves to LAP2s cell the same SSID is found. Client moves it association to WLC2. As long as WLC1 and WLC2 are in the same subnet they can easily hand off the clients association. Uses a mobility message to exchange information about the client.
89
Intercontroller Roaming (same subnet)

Same Subnet Mobility Exchange
Same IP address
When the mobility exchange occurs the client begins using the LWAPP or CAPWAP tunnel between LAP2 and WLC2. Client IP address has not changed. Roaming process completely transparent to the client.
90
Intercontroller Roaming (different subnet)

Mobility Exchange
Same IP address
WLC controllers are in different subnets (VLANs A and B). Do not have to have end-to-end or campus wide VLANs. Client begins in cell with association to WLC1. Obtains an IP address within VLAN A LAP1 offers VLAN A on its SSID MyWLAN All traffic passes between LAP1 and WLC1 onto VLAN A.
91

Mobility Exchange
Same IP address
Client roams into cell provided by LAP2. LAP2 offers access to a different VLAN, VLAN B. The clients IP address remains the same. But WLC1 and WLC2 are in different subnets (VLANs A and B). Client IP address has moved into a foreign subnet.
92

Mobility Exchange L3 Mobility Tunnel
Same IP address
Two WLCs (controllers) begin to work together to provide continue service for the client without the client needing to obtain an new IP address. WLCs (controllers) bring up an Ether-IP tunnel (RFC 3378) between them. Carries some of the clients data traffic Encapsulates Ethernet frame inside an IP packet using protocol 97. WLC1 encapsulates packets and sends them to WLC2. WLC2 unencapsulates the packets into their original form.
93

Same IP address
Traffic leaving the client travels from LAP2 to WLC2 onto the network even though it is on a foreign subnet. Its just a packet in an Ethernet frame. Dest MAC Source MAC [ IP Packet: Source IP Dest IP - ] Traffic coming in towards the client takes a different path. Traffic enters MLS (L3 switch) Because the packet has an IP address on VLAN 3 it is routed/switched out VLAN A to WLC1. WLC1 accepts the traffic and forwards it to the appropriate WLC controller that has the current association with the client. WLC1 sends the traffic to WLC2 through the Ether-IP tunnel. WLC2 forwards the traffic to LAP2 and onto the client.
94

Anchor
Foreign Agent
Same IP address
The client originally joined the WLAN on WLC1, so WLC1 is known as the anchor. WLC2 is serving a client on a different subnet so it is known as the foreign agent. As the client continues to roam the foreign agent will change but the anchor will remain the same. To do this WLCs are configured into logical mobility groups. Up to 24 WLCs Number of LAPs vary depending upon LAP platform. If a client must move between mobility groups, its IP address and all of its session information maintained by the WLC will be dropped.
95
Configuring Switch Ports for WLAN Use

Note: For purposes of the CCNP SWITCH course/exam you only need to understand the switch configurations and not the LAP/WLC configurations.
Configuring Switchports for Autonomous APs

gig 0/1
Switch(config)# interface gig 0/1 Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# switchport trunk allowed vlan 10, 20 Switch(config-if)# switchport mode trunk Switch(config-if)# spanning-tree portfast trunk
APs are normally at the access layer. Each SSID is supported by the AP mapped to a VLAN. When multiple SSIDs/VLANs are used need to configure switchport as a trunk. The is spanning-tree portfast trunk used to shorten the time required for STP to bring up the trunk link to forwarding state quickly.
97
Configuring Switchports for Cisco Unified Wireless Network
Distribution(config)# vlan 10, 20, 50, 55 Distribution(config)# interface vlan 10 Configure the SVIs Distribution(config-if)# ip address 172.30.10.1 255.255.255.0 Distribution(config)# interface vlan 20 Distribution(config-if)# ip address 172.30.10.1 255.255.255.0 Distribution(config)# interface vlan 50 Distribution(config-if)# ip address 172.30.50.1 255.255.255.0 Distribution(config)# interface vlan 55 Distribution(config-if)# ip address 172.30.55.1 255.255.255.0 Distribution(config)# interface fa 0/1 <must carry vlan 50> Distribution(config-if)# switchport trunk encapsulation dot1q Distribution(config-if)# switchport mode trunk Distribution(config)# interface gig 1/2 <must carry vlans 10, 20 & 55> Distribution(config-if)# switchport trunk encapsulation dot1q Distribution(config-if)# switchport mode trunk
VLAN 50 is created to access the LAPs. VLAN 55 is created to access the WLC.
98
Configuring Switchports for Cisco Unified Wireless Network

fa 0/2
Access(config)# interface fa 0/1 Access(config-if)# switchport trunk encapsulation dot1q Access(config-if)# switchport mode trunk Access(config)# interface fa 0/2 Access(config-if)# switchport mode access Access(config-if)# switchport access vlan 50 Access(config-if)# spanning-tree portfast
VLAN 50 is created to access the LAPs.
99
CIS 187 Multilayer Switched Networks (CCNP Switch) Integrating Wireless LANs
Rick Graziani Cabrillo College graziani@cabrillo.edu Spring 2010

Cis 187 Multilayer Switched Networks (CCNP Switch) Integrating Wireless Lans

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cis 187 Multilayer Switched Networks (CCNP Switch) Integrating Wireless Lans

Uploaded by

Copyright:

Available Formats

CIS 187 Multilayer Switched Networks (CCNP Switch) Integrating Wireless LANs

Rick Graziani Cabrillo College graziani@cabrillo.edu Spring 2010

Recommended Reading and Sources for this Presentation

Pejman Roshan Jonathan Leary ISBN: 1587050773

Matthew S. Gast ISBN:

IEEE 802.11 Architecture

Overview of WLAN Topologies

Overview of WLAN Topologies

Independent Basic Service Sets (IBSS)

Basic Service Set (BSS)

Extended Service Set (ESS)

Quick Preview: Station/AP Connectivity

Looking for an AP?

802.11 Medium Access Mechanisms

802.11 Frames This isnt Ethernet!

General 802.11 Frame

Medium Access CSMA/CA

Medium Access CSMA/CA

DCF and PCF

General 802.11 Frame (more on this later)

General 802.11 Frame (more on this later)

Broadcast-based shared medium

Interframe Spacing (IFS)

Martha and George receive broadcastbased 802.11 frame.

General 802.11 Frame (more on this later)

802.11 Data Frames and Addressing

Ethernet MAC Addressing

Pseudo MAC address of hosts

802.11 MAC Addressing

General 802.11 Frame

802.11 MAC Addressing Frame Control Field

802.11 MAC Addressing Frame Control Field

Function IBSS (no AP) To AP From AP Wireless bridge to bridge

802.11 MAC Addressing

Pseudo MAC address of hosts and BSSID of AP1

802.11 MAC Addressing The BSSID

BSSID Cisco 1200

BSSID for 802.11a WLAN

802.11 MAC Addressing Host A to Host B

802.11 MAC Addressing

802.11 MAC Addressing

General 802.11 Frame

802.11 MAC Addressing Host A to Host X

AP 1 to Host X xxx aaa

802.11 MAC Addressing

802.11 MAC Addressing

802.11 MAC Addressing Host X to Host A

Destination Address Host X Source Address Host A AP 1 to Host A

802.11 MAC Addressing

802.11 MAC Layer Operations

State 1 Unauthenticated Unassociated

State 2 Authenticated Unassociated

State 3 Authenticated Associated

State 1 Unauthenticated Unassociated

State 2 Authenticated Unassociated

State 3 Authenticated Associated

Station Connectivity Probe Process

Station Connectivity Passive Scanning

Station Connectivity Active Scanning

From the client

State 1 Unauthenticated Unassociated

State 2 Authenticated Unassociated

State 3 Authenticated Associated