Table of Contents

1 WLAN Service 1-1

Introduction to WLAN Service1-1
Terminology1-1
Client Access Process1-2
CAPWAP Overview 1-4
Client Access Control Methods 1-6
802.11n1-7

WLAN Service

Introduction to WLAN Service

Wireless Local Area Networks (WLAN) have become very popular because they are very easy to setup
and use, and have low maintenance cost. Generally, one or more access points (APs) can cover a
building or an area. A WLAN is not completely wireless because the servers in the backbone are fixed.
The WLAN solution allows you to provide the following wireless LAN services to your customers:
z

WLAN client connectivity to conventional 802.3 LANs

Secured WLAN access with different authentication and encryption methods

Seamless roaming of WLAN clients in the mobility domain

Terminology
Client
A handheld computer or laptop with a wireless Network Interface Card (NIC) can be a WLAN client.

Access point (AP)

An AP bridges frames between wireless and wired networks.

Access controller (AC)

An AC can control and manage all APs in a WLAN. The AC communicates with an authentication server
for WLAN client authentication.

Fat AP
A fat AP controls and manages all associated wireless stations and bridges frames between wired and
wireless networks.

SSID
Service set identifier. A client scans all networks at first, and then selects a specific SSID to connect to a
specific wireless network.

Wireless medium
A medium that is used for transmitting frames between wireless clients. Radio frequency is used as the
wireless medium in the WLAN system.

Distribution system
A distribution system is used to forward frames to their destinations. It is the backbone to transmit
frames between access points.

1-1

Split MAC
In split MAC mode, APs and ACs manage different services. An AP manages real-time services, such
as beacon generation, power management, fragmentation and defragmentation. An AC manages
services related to packet distribution, association, dissociation and reassociation.

Client Access Process

A client access process involves three steps: active/passive scanning, authentication and association.
Figure 1-1 Client access process

Scanning
1)

Active scanning

Active scanning is used by clients to scan surrounding wireless networks and locate a compatible one.
Active scanning falls into two modes according to whether a specified SSID is carried in a probe
request.
z

A client sends a probe request (with the SSID null): The client prepares a list of channels and
broadcasts a probe request frame on each of them. APs that receive the probe request send a
probe response. The client associates with the AP with the strongest signal. This active scanning
mode enables a client to know whether an AP can provide wireless services.

Figure 1-2 Active scanning (the SSID of the probe request is null)

A client sends a probe request (with a specified SSID): In this case, the client only unicasts a probe
request because the probe request it sends carries the specified SSID. When an AP receives the

1-2

probe request, it sends a probe response. This active scanning mode enables a client to access a
specified wireless network.
Figure 1-3 Active scanning (the probe request carries the specified SSID)

2)

Passive scanning

Passive scanning is used by clients to discover surrounding wireless networks through listening to the
beacon frames periodically sent by an AP. The client prepares a list of channels and listens to beacons
on each of these channels. In this case, the AP needs to periodically broadcast beacon frames. Passive
scanning is used by a client when it wants to save battery power. Typically, VoIP clients adopt the
passive scanning mode.
Figure 1-4 Passive scanning

Authentication
To prevent illegal clients from accessing a network, authentication is needed between clients and ACs
or between clients and fat APs. There are two types of authentication:
z

Open system authentication

Shared key authentication

For details about the two types of authentication, refer to Introduction to WLAN Security.

Association
A client that wants to access a wireless network via an AP must be associated with that AP. Once the
client chooses a compatible network with a specified SSID and authenticates to an AP, it sends an
association request frame to the AP. The AP sends an association response to the client and adds the
clients information in its database. At a time, a client can associate with only one AP. An association
process is always initiated by the client rather than the AP.

1-3

CAPWAP Overview
Introduction to CAPWAP
Control And Provisioning of Wireless Access Points (CAPWAP) defines how an AP communicates with
an AC. It provides a generic encapsulation and transport mechanism between AP and AC, as shown in
Figure 1-5.
Figure 1-5 CAPWAP

CAPWAP runs on an AP and an AC to provide a secured connection in between. It is built on a standard

client/server model and employs UDP.
On an AP, CAPWAP provides a data tunnel to encapsulate data packets to be sent to the AC. These
packets can be raw 802.11 packets or 802.11 to 802.3 translated packets. On an AC, CAPWAP
provides a control tunnel to support remote AP configuration and management, and WLAN and mobile
management.
With CAPWAP, the AC can dynamically configure an AP based on the information provided by the
administrator.
CAPWAP supports both IPv4 and IPv6 and employs UDP as the transport. APs can use either IPv4 or
IPv6 to establish a tunnel to an AC. This implementation fully meets future scalability needs, facilitates
network maintenance and protects user investment.

CAPWAP Link Backup

1)

Dual link establishment

In order to achieve AC backup, an AP needs to establish two tunnel links with two different ACs. Only
the AC which works in master mode provides services to all the APs in the network and the slave AC
acts as the backup AC. If the master AC fails, APs should quickly use the services provided by the slave
AC. A heartbeat mechanism is used between these two ACs, which ensures that failure of the master
will be detected quickly by the backup AC.

1-4

Figure 1-6 LWAPP dual link topology

In the above figure, AC1 is working in master mode and providing services to AP1, AP2, AP3 and AP4.
AC2 is working in slave mode. APs are connected to AC2 through LWAPP slave tunnels. AC1 and AC2
can be configured as backup for each other and should start master/slave detection. When AC2 detects
AC1 is down, AC2 will convert the work mode from slave to master. All APs which are connected to AC2
through slave tunnels will transform the tunnels to master tunnels and use AC2 as the master AC. Once
AC 1 is reachable again, it will remain the backup.
2)

Primary AC recovery

Figure 1-7 Primary AC recovery

In the above figure, AC 1 is the primary AC and it establishes a CAPWAP connection with the AP. AC 2
acts as the secondary AC. If AC 1 goes down, AC 2 will act as the primary AC until AC1 recovers. This
means once AC 1 is reachable again, the AP will establish a connection with AC 1 and disconnect from
AC 2.
3)

Dual work mode

1-5

Figure 1-8 Dual work mode

AC 1

AP 1

AC 2

AP 2

Dual work mode indicates that an AC can provide both master and slave connections. An AC will act as
the master for some APs and act as the slave for some other APs. In the above scenario, AC 1 acts as
the master for AP 1 and slave for AP 2. Similarly, AC 2 acts as the master for AP 2 and slave for AP 1.

Client Access Control Methods

1)

VLAN based client access control

Figure 1-9 VLAN based client access control

The Virtual Local Area Network (VLAN) technology allows for logical division of broadcast domains.
Hosts in a VLAN can communicate with each other at Layer-2, while hosts in different VLANs implement
Layer-3 communication. In a WLAN, you can assign wireless clients to different VLANs, as shown in
Figure 1-9. After that, you can configure different WLAN security policies for these VLANs to implement
more flexible, more secure wireless access.
2)

AP based client access control

Some wireless service providers need to control the access positions of clients. For example, as shown
in Figure 1-10, to meet security or billing needs, it is required to connect wireless clients 1, 2 and 3 to the

1-6

wired network through APs 1, 2 and 3 respectively. To achieve this, you can configure an AP group and
then apply the AP group in a user profile.
Figure 1-10 AP based client access control

RADIUS server

Internet

AP 1

Client 1

AP 2

Client 2

AC

AP 3
Client 3

3)

SSID based client access control

When a user wants to access a WLAN temporarily, the administrator can specify a permitted SSID in
the corresponding user profile so that the user can access the WLAN only through the SSID.
Figure 1-11 SSID based client access control

802.11n
Introduction
As the next generation wireless LAN technology, 802.11n supports both 2.4GHz and 5GHz bands. It
provides higher-speed services to customers by using the following two methods:
1)

Increasing bandwidth: 802.11n can bond two adjacent 20-MHz channels together to form a
40-MHz channel. During data forwarding, the two 20-MHz channels can work separately with one
acting as the primary channel and the other acting as the secondary channel or work together as a
40-MHz channel. This provides a simple way of doubling the data rate.

2)

Improving channel utilization through the following ways:

802.11n introduces the A-MPDU frame format. By using only one PHY header, each A-MPDU can
accommodate multiple Message Protocol Data Units (MPDUs) which have their PHY headers
1-7

removed. This reduces the overhead in transmission and the number of ACK frames to be used,
and thus improves network throughput.
Similar with MPDU aggregation, multiple MAC Service Data Units (MSDU) can be aggregated into

a single A-MSDU. This reduces the MAC header overhead and thus improves MAC layer
forwarding efficiency.
To improve physical layer performance, 802.11n introduces the short GI function, which shortens

the GI interval of 800 us in 802.11a/g to 400 us. This can increase the data rate by 10 percent.

802.11n Rates
Configuration of mandatory and supported 802.11n rates is achieved by specifying the maximum
Modulation and Coding Scheme (MCS) index. The MCS data rate table shows relations between data
rates, MCS indexes, and parameters that affect data rates. A sample MCS data rate table is shown in
Table 1-1. For the whole table, refer to IEEE P802.11n D2.00.
Table 1-1 MCS data rate table
Data rate (Mbps)
MCS index

Modulation

R
800ns GI

400ns GI

BPSK

1/2

6.5

7.2

QPSK

1/2

13.0

14.4

QPSK

3/4

19.5

21.7

16-QAM

1/2

26.0

28.9

For example, if you specify the maximum MCS index as 5 for mandatory rates, rates corresponding to
MCS indexes 0 through 5 are configured as 802.11n mandatory rates.
Mandatory rates must be supported by the AP and the clients that want to associate with the AP.
Supported rates allow some clients that support both mandatory and supported rates to choose higher
rates when communicating with the AP.

802.11n Networks
As shown in Figure 1-12, both the AC and APs support 802.11n. The AC is deployed in the equipment
room and APs are deployed in rooms and outdoors. The AC and APs communicate with each other
through CAPWAP tunnels either over a Layer-2 or Layer-3 network. All APs are managed by the AC
and provide to clients 802.11n access, which allows for higher access rates than 802.11a/b/g.

1-8

Figure 1-12 Centralized 802.11n network

802.11n is backward compatible and thus can be deployed in existing 2.4G and 5G WLAN networks.
Figure 1-13 802.11n and 802.11a/g hybrid network

In this hybrid network as shown in Figure 1-13, however, 802.11n clients may not enjoy normal rates
due to the existence of non-802.11n clients. Therefore, you need to make proper deployment and
transition policies to ensure optimal access rates.

1-9