Руководство По Проектированию для Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter
2-4
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 2 Cisco Unified Wireless Technology and Architecture
LWAPP Overview
Other functionality is handled by the WLC. Some of the MAC-layer functions provided by the WLC
include the following:
include the following:
•
802.11 authentication
•
802.11 association and reassociation (mobility)
•
802.11 frame translation and bridging
•
802.1X/EAP/RADIUS processing
•
Termination of 802.11 traffic on a wired interface, except in the case of REAP and H-REAP
configured APs, which are discussed later in this guide
configured APs, which are discussed later in this guide
An LWAPP tunnel supports two categories of traffic:
•
LWAPP control messages—Used to convey control, configuration, and management information
between the WLC and APs.
between the WLC and APs.
•
Wireless client data encapsulation—Transports Layer 2 wireless client traffic in IP Ethertype
encapsulated packets from the AP to the WLC.
encapsulated packets from the AP to the WLC.
When encapsulated client traffic reaches the WLC, it is mapped to a corresponding VLAN interface/port
at the WLC. This interface mapping is defined as part of a WLAN’s configuration settings on the WLC.
The interface mapping is usually static, but a WLAN client can be dynamically mapped to a specific
VLAN based on parameters sent by an upstream AAA server upon successful EAP authentication. In
addition to the VLAN assignment, other WLAN configuration parameters include: SSID, operational
state; authentication and security method; and QoS.
at the WLC. This interface mapping is defined as part of a WLAN’s configuration settings on the WLC.
The interface mapping is usually static, but a WLAN client can be dynamically mapped to a specific
VLAN based on parameters sent by an upstream AAA server upon successful EAP authentication. In
addition to the VLAN assignment, other WLAN configuration parameters include: SSID, operational
state; authentication and security method; and QoS.
Layer 2 and Layer 3 Tunnels
LWAPP allows tunneling within Ethernet frames (Layer 2) or within UDP packets (Layer 3). This is
configurable on the WLC. Only one method can be supported at a time and not all WLCs support the
Layer 2 method.
configurable on the WLC. Only one method can be supported at a time and not all WLCs support the
Layer 2 method.
Layer 2 Tunnel
When deploying Layer 2 LWAPP, the WLC and the LWAPP APs require IP addresses even though the
LWAPP tunnel uses Ethertype 0xBBBB to encapsulate traffic between them. All communication
between the LWAPP AP and the WLC is encapsulated using Ethertype 0xBBBB.
LWAPP tunnel uses Ethertype 0xBBBB to encapsulate traffic between them. All communication
between the LWAPP AP and the WLC is encapsulated using Ethertype 0xBBBB.
Although Layer 2 LWAPP is one of the simplest ways to establish AP connectivity and configuration, it
is generally not recommended for enterprise deployments, and therefore will not be discussed further in
this document.
is generally not recommended for enterprise deployments, and therefore will not be discussed further in
this document.
The primary reasons why the Layer 2 method is not a current Cisco best practice recommendation:
•
Layer 2 connectivity between the LWAPP APs and the WLC potentially limits the location of where
the APs or WLC can be positioned within the overall network. Extending Layer 2 transport across
an enterprise network to get around this limitation is not a current Cisco best practice
recommendation.
the APs or WLC can be positioned within the overall network. Extending Layer 2 transport across
an enterprise network to get around this limitation is not a current Cisco best practice
recommendation.
•
Layer 2 LWAPP is not supported on all LWAPP APs and WLC platforms.
•
Even though client traffic DSCP values are preserved within the tunnel, Layer 2 LWAPP does not
provide corresponding CoS marking for the Ethertype frames, and therefore is not able to provide
transparent, end-to-end QoS for the tunneled traffic.
provide corresponding CoS marking for the Ethertype frames, and therefore is not able to provide
transparent, end-to-end QoS for the tunneled traffic.