Assuming that a controller is operating in Layer 2 LWAPP mode, the wireless LAN controller WLC receives the LWAPP discovery request and responds with an LWAPP discovery response message.
Trang 1Foundation Topics Understanding the Different LWAPP Modes
LWAPP can operate in either Layer 2 LWAPP mode or Layer 3 LWAPP mode The Layer 2 mode is considered out of date, and Cisco prefers and recommends Layer 3 mode Layer 3 mode is the default LWAPP mode on most Cisco devices
At a high level, and after the AP has an IP address, the phases of LWAPP operation include these:
Step 1. An AP sends an LWAPP discovery request message This is a broadcast that is
sent at Layer 2
Step 2. Assuming that a controller is operating in Layer 2 LWAPP mode, the wireless
LAN controller (WLC) receives the LWAPP discovery request and responds with an LWAPP discovery response message
Note: Only Cisco 1000 Series LAPs support Layer 2 LWAPP mode Also, Layer 2 LWAPP mode is not supported on Cisco 2000 Series WLCs These WLCs support only Layer 3 LWAPP mode
Step 3. The AP chooses a controller based on the response received and sends a join
request
Step 4. The WLC receiving the LWAPP join request responds to the AP join request
with an LWAPP join response This process is going to include a mutual au-thentication An encryption key is created to secure the rest of the join process and any future LWAPP control messages
Step 5. After the AP has joined the WLC, LWAPP messages are exchanged, and the
AP initiates a firmware download from the WLC (if the AP and WLC have a version mismatch) If the onboard firmware of the AP is not the same as that
of the WLC, the AP downloads firmware to stay in sync with the WLC The firmware download mechanism utilizes LWAPP
Step 6. After the WLC and AP match firmware revisions, the WLC provisions the AP
with the appropriate settings These settings might include service set identi-fiers (SSID), security parameters, 802.11 parameters such as data rates and sup-ported PHY types, radio channels, and power levels
Step 7. After the provisioning phase is completed, the AP and WLC enter the LWAPP
runtime state and begin servicing data traffic
Step 8. During runtime operations, the WLC might issue various commands to the AP
through LWAPP control messages These commands might be provisioning commands or requests for statistical information that the AP collects and maintains
Trang 2AP Controller Switch Router Host A
Trunk
Host B
Traffic Flow 802.11
802.11 + LWAPP
802.1Q Ethernet
802.3 Ethernet
Figure 11-1 Host A Sending to Host B
Step 9. During runtime operations, LWAPP keepalive messages are exchanged
be-tween the AP and WLC to preserve the LWAPP communication channel
When an AP misses a sufficient number of keepalive message exchanges, it at-tempts to discover a new WLC
LWAPP Layer 2 Transport Mode
When operating in Layer 2 mode, LWAPP has the following characteristics and require-ments:
■ LWAPP communication between the AP and the WLC is in native, Layer 2 Ethernet frames This is known as Layer 2 LWAPP mode
■ In Layer 2 LWAPP mode, although the APs might get an IP address via DHCP, all LWAPP communications between the AP and WLC are in Ethernet encapsulated frames, not IP packets
■ The APs must be on the same Ethernet network as the WLC This means that Layer 2 mode is not very scalable
The source and destination MAC addresses depend on the direction of the frame:
■ An LWAPP control frame sent from the AP to the WLC uses the AP Ethernet MAC address as the source address and the WLC MAC address as the destination address
■ An LWAPP control frame sent from the WLC to the AP uses the WLC MAC address
as the source address and the AP MAC address as the destination address
Data packets between wireless LAN clients and other hosts are typically IP packets
Figure 11-1 illustrates the process of clients sending frames in a logical topology Do not
be concerned with the underlying network here, but rather the process between devices that will occur
In this figure, a host, Host A, is seen sending a packet to Host B The following sequence occurs:
Step 1. Host A transmits an IP packet over the 802.11 RF interface after it is
encapsu-lated in an 802.11 frame with the Host A MAC address as the source address and the access point radio interface MAC address as the destination address
Key Topic
Trang 3Step 2. At the AP, the AP adds an LWAPP header to the frame with the C-bit set to 0
and then encapsulates the LWAPP header and 802.11 frame into an Ethernet frame This Ethernet frame uses the AP Ethernet MAC address as the source MAC address and the WLC MAC address as the destination MAC address
Step 3. At the WLC, the Ethernet and LWAPP headers are removed, and the original
802.11 frame is processed
Step 4. After processing the 802.11 MAC header, the WLC extracts the payload (the
IP packet), encapsulates it into an Ethernet frame, and then forwards the frame onto the appropriate wired network, typically adding an 802.1Q VLAN tag
Step 5. The packet then travels through the wired switching and routing infrastructure
to Host B
After receiving the frame, Host B will likely reply When Host B returns an IP packet to Host A, the following sequence occurs:
Step 1. The packet is carried from Host B over the wired switching and routing
net-work to the WLC, where an Ethernet frame arrives with the Host A MAC ad-dress as the destination MAC adad-dress The IP packet from Host B is
encapsulated inside this Ethernet frame
Step 2. The WLC takes the entire Ethernet frame, adds the LWAPP header with the
C-bit set to 0, and then encapsulates the combined frame inside an LWAPP Ether-net frame This LWAPP EtherEther-net frame uses the WLC MAC address as the source MAC address and the access point Ethernet MAC address as the desti-nation MAC address This frame is sent out over the switched network to the AP
Step 3. At the AP, the Ethernet and LWAPP headers are removed and processed
Step 4. The payload (the IP packet) is then encapsulated in an 802.11 MAC frame and
transmitted over the air by the AP to Host A
LWAPP Layer 3 Transport Mode
As previously mentioned, Cisco prefers Layer 3 LWAPP mode This is because it is more scalable than Layer 2 LWAPP Layer 3 LWAPP control and data messages are transported over the IP network in User Datagram Protocol (UDP) packets Layer 3 LWAPP is sup-ported on all Cisco WLC platforms and lightweight APs
The only requirement is established IP connectivity between the APs and the WLC The LWAPP tunnel uses the IP address of the AP and the AP-Manager interface IP address of the WLC as endpoints On the AP side, both LWAPP control and data messages use an ephemeral port that is derived from a hash of the AP MAC address as the UDP port On the WLC side, LWAPP data messages always use UDP port 12222, and LWAPP control messages always use UDP port 12223 The process of clients sending frames in Layer 3
Trang 4LWAPP mode is similar to that of Layer 2 mode; however, the frames are now encapsu-lated in UDP The process is as follows:
Step 1. Host A transmits the packet over the 802.11 RF interface This packet is
encap-sulated in an 802.11 frame with the MAC address of Host A as the source ad-dress and the radio interface MAC adad-dress of the AP as the destination address
Step 2. At the AP, the AP adds an LWAPP header to the frame with the C-bit set to 0
and then encapsulates the LWAPP header and 802.11 frame into a UDP packet that is transmitted over IP The source IP address is the IP address of the AP, and the destination IP address is the AP Manager Address of the WLC The source UDP port is the ephemeral port based on a hash of the access point MAC address The destination UDP port is 12222
Step 3. The IP packet is encapsulated in Ethernet as it leaves the AP and is transported
by the switching and routed network to the WLC
Step 4. At the WLC, the Ethernet, IP, UDP, and LWAPP headers are removed from the
original 802.11 frame
Step 5. After processing the 802.11 MAC header, the WLC extracts the payload (the
IP packet from Host A), encapsulates it into an Ethernet frame, and then for-wards the frame onto the appropriate wired network, typically adding an 802.1Q VLAN tag
Step 6. The packet is then transmitted by the wired switching and routing
infrastruc-ture to Host B
When Host B receives the packet, it is likely to respond, so the reverse process is as follows:
Step 1. The packet is delivered by the wired switching and routing network to the
WLC, where an Ethernet frame arrives with the MAC address of Host A as the destination MAC address
Step 2. The WLC removes the Ethernet header and extracts the payload (the IP packet
destined for Host A)
Step 3. The original IP packet from Host A is encapsulated with an LWAPP header,
with the C-bit set to 0, and then transported in a UDP packet to the AP over the IP network The packet uses the WLC AP Manager IP address as the source IP address and the AP IP address as the destination address The source UDP port is 12222, and the destination UDP port is the ephemeral port de-rived from the AP MAC address hash
Step 4. This packet is carried over the switching and routing network to the AP
Step 5. The AP removes the Ethernet, IP, UDP, and LWAPP headers, and it extracts the
payload, which is then encapsulated in an 802.11 frame and delivered to Host
A over the RF network
For Layer 3 LWAPP, a 1500-byte maximum transmission unit (MTU) is assumed You can change this, but 1500 is the default
Trang 5Start AP Boots Up
Discovery Mode Join Request
Message
Config Data
Image Data (Sync OS)
AP Is Running
Figure 11-2 AP States
How an LWAPP AP Discovers a Controller
When an AP discovers and joins a controller, the AP proceeds through several states In Figure 11-2, you can see these states and when they happen
The process begins with the discovery of a controller Because the lightweight APs are by definition “zero-touch” when deployed, you should only need to plug them in and let them
do the rest On the back end, the part you do not see is a little more complex The steps in this process, beginning with discovery, are as follows:
Step 1. The APs send LWAPP discovery request messages to WLCs This is broadcast
at Layer 2 Because Layer 3 mode is what you want to use, this should fail
Step 2. Upon failing, the AP proceeds to Layer 3 by checking its configuration for an
IP address If no IP address exists, the client uses DHCP to obtain one
Step 3. The AP uses information obtained in the DHCP response to contact a
con-troller
Step 4. Any WLC receiving the LWAPP discovery request message responds with an
LWAPP discovery response message If no controller responds, the AP reverts
to Layer 2 broadcasts and starts the process again
The Cisco implementation uses the hunting process and discovery algorithm
to find as many controllers as possible The AP builds a list of WLCs using the search and discovery process, and then it selects a controller to join from the list
Key
Topic
Trang 6The controller search process repeats continuously until at least one WLC is found and joined IOS-based APs only do a Layer 3 discovery
The Layer 3 discovery process follows a certain order:
Step 1. The AP does a subnet broadcast to see if a controller is operating in Layer 3
mode on the local subnet
Step 2. The AP does an over-the-air provisioning (OTAP)
Note: Although OTAP is not fully covered here, you can find a detailed document at http://tinyurl.com/5hah9q
Step 3. When other APs exist and are in a joined state with a controller, they send
messages that are used for resource management These messages have the IP address of the controller in it The AP can listen to these messages and get the controller IP address The AP can then send a directed discovery message to the controller
Step 4. The next process is called AP priming
AP priming is something that happens after an AP is associated with at least one controller The AP then gets a list of other controllers that it can associate with from the one it is already associated with These other controllers are part of a mobility group This information then gets stored in NVRAM and can be used if the AP reboots To contact these controllers, the AP sends a broadcast to the primary controller and all the other controllers in the group
Another method of discovering a controller is via DHCP using Vendor Option mode This simply uses DHCP option 43 to learn the IP address of the management interface of a controller
The final method of discovering a controller is using Domain Name System (DNS) You use DHCP to get IP information, including a DNS server entry Then the AP looks for a DNS entry for CISCO-LWAPP-CONTROLLER This should return the IP address of a controller management interface The AP can use this address to send a unicast query This process results in an AP finding a controller, all of which happens during the Discovery mode indicated in Figure 11-2
Note: With APs running 12.3.11-JX1 and later, you can manually prime the APs with a console cable to aid in the join process
How an LWAPP AP Chooses a Controller and Joins It
Now that the AP potentially has numerous controllers to join, it must choose one and send it a join request message Figure 11-3 illustrates this portion of communication
A join request message contains the following information:
■ Type of controller
■ MAC of controller
Trang 7Start AP Boots Up
Discovery Mode Join Request
Message
Config Data
Image Data (Sync OS)
AP Is Running
Figure 11-3 AP Join State
■ AP hardware version
■ AP software version
■ AP name
■ Number and type of radios
■ Certificate payload (x.509)
■ Session payload to set up the session values
■ Test payload to see if jumbo frames can be used This join request message is sent using a predefined method consisting of the following steps:
Step 1. An AP chooses the primary controller (if primed)
This can be defined in each AP and stored in flash to survive a reboot Using
the controller GUI, go to WIRELESS > Access Points > All APs >
SelectedAp > Details, as seen in Figure 11-4.
Step 2. Choose the secondary controller, tertiary (if primed)
Step 3. If no primed information is available, then look for a master controller
The definition of a controller as master is configured in the GUI under
CONTROLLER > Advanced > Master Controller Mode, as shown in Figure
11-5
Trang 8Figure 11-4 Define Primary Controller
Figure 11-5 Enable Master Controller Mode
Key Topic
Trang 9Start AP Boots Up
Discovery Mode Join Request
Message
Config Data
Image Data (Sync OS)
AP Is Running
Figure 11-6 The Image Data State
A mobility group should have only one master controller Turn this feature off after you have added all new APs After you have added the new APs, they will
be primed and will no longer need a master
Step 4. When all else fails, look for the least loaded AP-Manager interface based on
how many APs each is currently managing
Upon receiving a join request message, a controller should respond with a join reply mes-sage This includes the following information:
■ Result code, which is the green light that says they can talk
■ Controller certificate payload response
■ Test payload for jumbo frames This process joins an AP to a controller
How an LWAPP AP Receives Its Configuration
After joining, the AP moves to an image data phase, as shown in Figure 11-6, but only if the image on the AP is not the same as the image on the controller If they are the same, this step is skipped and the image is used
The controller upgrades or downgrades the AP at this point, and then it resets the AP Af-ter a reset, the process begins again The code is downloaded in LWAPP messages After the process of discovery and join happen and the image is the same on the controller and the AP, the AP gets its configuration from the controller This happens during the con-fig data stage, as illustrated in Figure 11-7
Key
Topic
Trang 10Start AP Boots Up
Discovery Mode Join Request
Message
Config Data
Image Data (Sync OS)
AP Is Running
Figure 11-7 AP Gets Config
The AP then prompts the controller for a config by sending an LWAPP configure request message that contains parameters that can be configured as well as any values that are currently set; however, most of these values are empty
When the controller gets the request, it sends a configure response message, which has the configuration values
The AP then applies the configuration values in RAM It is important to understand that these values are not stored in flash If the AP reboots, the process begins again
After applying the configuration, the AP is up and running
Redundancy for APs and Controllers
Networks today involve a mix of critical forms of data, be it voice traffic or business transactions Redundancy is a part life You need to be familiar with two forms of redun-dancy for the CCNA Wireless exam:
■ AP redundancy
■ Controller redundancy
AP redundancy is seen when APs exist in the same RF domain They are designed to self-heal when poor coverage exists This involves increasing power levels by stepping up one
or two levels or even changing the channel on which they operate
Controller redundancy is seen in multiple forms One form of controller redundancy is having a primary, secondary, and tertiary controller, as shown in Figure 11-8 As you can see in the figure, Controller A is the primary controller for WLAN A Controller C is act-ing as the secondary controller for WLAN A, and Controller B is actact-ing as the tertiary