AP traffic is divided into the following:
- Data Plane traffic – end user traffic
- Control Plane traffic – control, configure, manage, and monitor the AP
Recall that autonomous APs bridge traffic between a wireless BSS and a wired VLAN. An Autonomous AP performs the following combined functions
- Lightweight AP functions (Real Time functions)
- RF Transmit/Receive
- MAC Management
- WLC Functions (Management functions)
- RF Management
- Association & Roaming Management
- Client Authentication
- Security Management
The Cisco Unified Wireless Network (CUWN) is a centralized, unified approach. In the CUWN, a lightweight access point (LAP) performs only the real-time 802.11
operation. Management is performed on the WLC. The LAP-WLC division of labor is known as a split-MAC architecture. The Control and Provisioning of Wireless Access Points (CAPWAP – RFCs 5415, 5416, 5417, and 5418) tunneling protocol enables the AP and the WLC to communicate despite their location. It encapsulates the data between the APs and the WLC. UDP port 5246 transports CAPWAP control data to the WLC. CAPWAP data uses UDP port 5247 and is not encrypted by default. Encrypted packets are protected by Datagram Transport Layer Security (DTLS).
Every LAP and WLC must also authenticate each other with X.509 digital certificates.
Activities performed by the WLC:
- Dynamic channel assignment
- Automatically sets the power for each LAP according to the coverage area needed
- Self-healing wireless coverage incase a LAP dies by increasing power for remaining LAPSю able to pinpoint and recover from external problems dynamically.
- L2 and L3 client roaming
- Dynamic client load balancing
- RF Monitoring
- Security management
- Wireless intrusion protection system
For Autonomous APs, traffic from client to client passes through the LAP then to the next client. For LAP, The client traffic usually travels through the CAPWAP tunnel and passes through the WLC before making a return trip back through the tunnel to the other client. Clients may use DLS to communicate directly, without passing through the AP and controller; LAPs can also be configured in FlexConnect mode, so that traffic can be forwarded locally at the AP if needed.
Flexconnect: remote site LAPs are able to locally switch the traffic without traversing the CAPWAP tunnel. FlexConnect allows the LAP to keep switching traffic locally to maintain wireless connectivity available inside the remote site.
The vWLC cannot support any APs in local mode; all APs must be configured for FlexConnect instead.
CleanAir – allows an AP to perform spectrum analysis on the wireless channels to detect non-802.11 interference.
As the number of radios and spatial streams increases, the AP is able to provide a greater throughput for its clients.
AP Operation Modes:
- Local (Default). During times that it is not transmitting, the LAP will scan the other channels to measure the noise floor, measure interference, discover rogue
devices, and match against intrusion detection system (IDS) events.
- Monitor Mode. No transmission of traffic. but its receiver is enabled to act as a dedicated sensor. The LAP checks for IDS events, detects rogue access points,
and determines the position of stations through location-based services (LBS).
- Flexconnect (HREAP). LAP can locally switch traffic between an SSID and a VLAN if its CAPWAP tunnel to the WLC is down or configured to.
- Sniffer Mode. Acts as packet sniffer and passes traffic to software analyzers like wireshark
- Rogue detector.
- OfficeExtend AP (OEAP). LAP connects to the local broadband service and builds a CAPWAP tunnel to the central WLC. User data can be encrypted over the
CAPWAP data tunnel using DTLS.
- SE-Connect for spectrum analysis.
- Wireless Control System (WCS)
- Dedicated appliance
- WLAN management or configuration tasks
- RF planning
- wireless user tracking, troubleshooting, and monitoring
- display predictive “heatmap” representations of coverage
- locate a wireless client to within a few meters by triangulating the client’s signal as received by multiple LAPs.
- with Cisco Wireless Location Appliance it could track client location
- The WCS Navigator product provided a single portal to manage up to 20 instances of WCS and up to 30,000 APs
- Cisco Prime Network Control System (NCS)
- Either dedicated appliance or vMware
- wireless device management
- switch management
- dynamic RF coverage heatmaps
- with MSE it could provide client location tracking
- Cisco Prime Infrastructure (PI)
- offers converged management of both wireless and wired network devices
- integration with wireless intrusion prevention services,
- spectrum analysis,
- tracking of users, interferers, and rogue devices.