In a centralized architecture, Fit APs need to go online before being managed and controlled by an AC. AP login includes the following steps:
1. IP Address Allocation
2. CAPWAP Tunnel Establishment
3. AP Access Control
4. AP Software Upgrade
5. CAPWAP Tunnel Maintenance
AC configuration delivery
The process in which a central AP goes online on an AC is similar to that of a common AP.
IP Address Allocation
Static mode: An IP address is manually configured for the AP.
DHCP mode: The AP functions as a DHCP client and requests an IP address from a DHCP server.
CAPWAP Tunnel Establishment
Maintain the running status of APs and the AC.
Help the AC manage APs and deliver configurations to APs.
Transmit service data to the AC for centralized forwarding.
CAPWAP tunnel establishment process
1. An AP sends a Discovery Request packet to find an available AC. (Discovery Phase)
An AP can discover an AC in static or dynamic mode.
Static mode
An AC IP address list is preconfigured on the AP. When the AP goes online, the AP unicasts a Discovery Request packet to each AC whose IP address is specified in the preconfigured AC IP address list. After receiving the Discovery Request packet, the ACs send Discovery Response packets to the AP. The AP then selects an AC to establish a CAPWAP tunnel according to the received Discovery Response packets.
Dynamic mode
An AP can dynamically discover an AC in DHCP, DNS, or broadcast mode. Details on each of the modes are as follows:
No AC IP address list is configured on the AP.
The AP sends unicast Discovery Request packets for 10 consecutive times but does not receive any Discovery Response packet. Dual-Link Backup is not configured on the AP.
The AP sends unicast Discovery Request packets for 10 consecutive times but does not receive any Discovery Response packet. Dual-Link Backup is configured on the AP and the AP discovers an AC to establish the active link.
DHCP mode: An AP obtains the AC IP address through DHCP (by configuring a DHCP response packet to carry Option 43 containing the AC IP address list on the DHCP server), and sends a Discovery Request unicast packet to the AC. The AC then sends a Discovery Response packet to the AP.
DNS mode: An AP obtains the AC domain name and DNS server IP address through the DHCP service (by configuring a DHCP response packet to carry Option 15 containing the AC domain name on the DHCP server), and sends a request to the DNS server to obtain the IP address corresponding to the AC domain name. After obtaining the AC IP address, the AP unicasts a Discovery Request packet to the AC. The AC then sends a Discovery Response packet to the AP.
After receiving the DHCP Response packet, the AP obtains the AC domain name carried in Option 15. The AP then automatically adds the prefix Huawei-WLAN-controller to the obtained domain name and sends it to the DNS server to obtain the IP address corresponding to the AC domain name. For example, after obtaining the AC domain name ac.test.com configured on the DHCP server, the AP adds the prefix Huawei-WLAN-controller to ac.test.com and sends the huawei-wlan-controller.ac.test.com to the DNS server for resolution. The IP address corresponding to huawei-wlan-controller.ac.test.com must be configured on the DNS server.
- Broadcast mode: An AP broadcasts a Discovery Request packet to automatically discover an AC in the same network segment and then selects an AC to establish a CAPWAP tunnel according to the Discovery Response packets received from available ACs. The broadcast mode is used when the following conditions are met:
2. The AP establishes CAPWAP tunnels with an AC.
Data tunnel: transmits service data from the AP to an AC for centralized forwarding.
Control tunnel: transmits control packets between the AP and AC. You can choose to enable datagram transport layer security (DTLS) encryption over the control tunnel to ensure the security of CAPWAP control packets. Subsequently, all CAPWAP control packets will be encrypted and decrypted through DTLS.
AP Access Control
The AP sends a Join Request packet to an AC. The AC then determines whether to allow the AP access and sends a Join Response packet to the AP. The Join Response packet carries the AP software upgrade mode and AP version information.
Figure 2 shows a flowchart depicting the process for AP access control.
Figure 2 AP access control flowchart
AP Software Upgrade
The AP determines whether its system software version is the same as that specified on the AC according to parameters in the received Join Response packet. If the two versions are different, the AP updates its software version in AC, FTP, or SFTP mode.
After the software version is updated, the AP restarts and repeats steps 1 to 3.
CAPWAP Tunnel Maintenance
The AP and AC exchange Keepalive packets to monitor the data tunnel connectivity.
The AP and AC exchange Echo packets to monitor the control tunnel connectivity.
AC Configuration Delivery
The AC sends a Configuration Update Request packet to the AP, which then replies with a Configuration Update Response packet. The AC then delivers service configuration to the AP.
