AC6605 Access Controller Data Sheet

AC6605 Access Controller Data Sheet

Product appearance

Appearance

Ports





  • 1. MODE button, resets working mode of indicators
  • 2. 20 x 10/100/1,000 BASE-T Ethernet electrical ports:
  • — Support 10M/100M/1,000M auto-sensing

    — Support PoE power supply on 20 ports
  • 3. Four combo ports:

    — Support 10M/100M/1,000M auto-sensing

    — Support PoE power supply on four ports
  • 4. One ETH management port
  • 5. One mini-USB port
  • 6. One console port
  • 7. Two 10 GE SFP+ uplink optical ports
  • 8. Ground point
  • 9. Filler panel
  • 10. Two slots for the power supplies. The AC6605 supports three types of power supplies:

    — 150W DC Power Supply

    — 150W AC Power Supply

    — 500W AC PoE Power Supply

Indicators



No. Indicator/Button Status Description
1

PWR1

Power Indicator

(Located on right, rear panel)

Steady green Power supply is running properly
Steady orange When two power supplies are installed, the one in this slot is off, not connected to a power source, or is faulty
Off There is no power supply installed or the power supply in the slot is not working properly
2

PWR2

Power Indicator

(Located on left rear panel)

Steady green Power supply is running properly
Steady orange 
When two power supplies are installed, the one in this slot is off, not connected to a power source, or is faulty
Off  There is no power supply installed or the power supply in the slot is not working properly  
3

SYS

System Status Indicator

Blinking slowly System is running properly
Blinking fast System is starting
Steady orange  Temperature or functions are abnormal
Blinking slowly Device is idle
Steady red  Device is registered, but system does not operate properly, or there is a power, fan, or temperature alarm
Off  System is inoperative
4

STAT

State Status Indicator

Steady green Service interface indicator is in default mode. The indicator shows the state of each interface in this mode
Off Indicator is not in the STAT mode
5

SPED

Speed Status Indicator 

Steady green Service interface indicator shows speed of each interface. After 45 seconds, the service interface indicator automatically returns to default mode (STAT)
 Off Indicator is not in SPED mode.
6

PoE

PoE Status Indicator

Steady green

Service interface indicator shows PoE status of each interface. After 45 seconds, the service interface indicator automatically turns to default mode (STAT)

Steady orange At least one interface does not support PoE power or has a PoE error when mode switching is not performed
Off  Indicator is not in PoE mode
7

MODE

Change Mode Button

Press once SPED indicator turns green and service interface indicators show speed of the interfaces 
Press twice PoE indicator turns green and service interface indicators show PoE status of the interfaces
Press three times STAT indicator turns green. If you do not press the button within 45 seconds, the indicators return to default status (STAT indicator turns green and SPED and PoE indicators are off)
8

Service interface indicators

  • 24 GE electrical interfaces: Beginning with Position 1, numbered from top to bottom and left to right
  • GE optical interfaces: Each interface has a corresponding indicator above it
           

--

Service interface indications vary according to status. See the service interface indications table

9

ETH

Interface Indicator

(Located under arrow above indicator)

Steady green Link to interface established           
Blinking green  Interface sending or receiving data 
Off  No interface link established 
10

Mini-USB

Interface Indicator

Steady green  Mini-USB interface in use           
Off  Mini-USB interface not in use
11

Console

Interface Indicator

Steady green  Mini-USB is not in use        
Off  Mini-USB interface in use

Service interface indications

Display Mode Color Description
Status Green Off: The port is not connected or has been shut down

Steady on: The port is connected

Blinking: The port is sending or receiving data
Speed Green Off: The port is not connected or has been shut down 

Steady on:

10M/100M/1000M port: The port is operating at 10/100 Mbit/s 

1000M/10 GE port: The port is operating at 1,000 Mbit/s 

Blinking:

10M/100M/1000M port: The port is operating at 1,000 Mbit/s 

1000M/10 GE port: The port is operating at 10 Gbit/s
PoE - Off: The port does not provide PoE power
Green Steady on: The port is providing PoE power
Yellow Steady on: The PoE function is disabled on the port 

Blinking: A PoE fault has occurred. For example, an incompatible PD is connected to the port.
Green and yellow Blinking green and yellow alternately:

The port cannot provide power to a PD. The possible reasons include:

The power of the PD exceeds the maximum power or power threshold of the port 

The total power consumption of PDs has reached the maximum power of the switch

The manual power management mode is used and the port is not enabled to provide power to the PD

Product characteristics

Switching and forwarding

Features Description
Ethernet Ethernet
  • Full duplex, half duplex, and auto-negotiation operating modes
  • 10 Mbit/s, 100 Mbit/s, 1,000 Mbit/s, and auto-negotiation Ethernet interface rates
  • Flow control on interfaces
  • Jumbo frames
  • Link aggregation
  • Load balancing among links of a trunk
  • Interface isolation and forwarding restriction
  • Broadcast storm suppression
VLAN
  • Access, trunk, and hybrid access modes
  • Default VLAN
  • VLAN pool: solves the problem of insufficient addresses in high-density scenarios
  • Multicast Domain Name Service (mDNS) gateway protocol: supports AirPlay and AirPrint service sharing between users of different VLANs
MAC
  • Automatic MAC address learning and aging
  • Static, dynamic, and blackhole MAC address entries
  • Packet filtering based on source MAC addresses
  • Interface-based MAC learning limiting
ARP
  • Static and dynamic ARP entries
  • ARP in a VLAN
  • ARP entry aging
LLDP
  • LLDP
Ethernet Loop Protection MSTP
  • STP
  • RSTP
  • MSTP
  • BPDU, root, and loop protection
  • Partitioned STP
IPv4 Forwarding IPv4 features
  • ARP/RARP
  • ARP proxy
  • Auto-detection
  • NAT
  • Bonjour protocol
Unicast routing features
  • Static route
  • RIP-1 and RIP-2
  • OSPF
  • BGP
  • IS-IS
  • Routing policies and policy-based routing
  • URPF check
  • DHCP client, server and relay
  • DHCP snooping
Multicast routing features
  • IGMPv1, IGMPv2, and IGMPv3
  • PIM-SM
  • Multicast routing policies
  • RPF
IPv6 Forwarding IPv6 features
  • ND Protocol
Unicast routing features
  • Static route
  • RIPng
  • OSPFv3
  • BGP4+
  • IS-IS IPv6
  • DHCPv6
  • DHCPv6 snooping
Multicast routing features
  • MLD
  • MLD snooping
Device Reliability BFD
  • BFD
Layer 2 Multicast Layer 2 multicast
  • IGMP snooping
  • Prompt leave
  • Multicast traffic control
  • Inter-VLAN multicast replication
Ethernet OAM EFM OAM
  • Neighbor discovery
  • Link monitoring
  • Fault notification
  • Remote loopback
QoS Traffic classification

Traffic classification based on the combination of:

  • L2 protocol header
  • IP 5-tuple
  • Outbound interface
  • 802.1p priority
Action
  • Access control after traffic classification
  • Traffic policing based on traffic classification
  • Re-marking packets based on traffic classifiers
  • Class-based packet queuing
  • Associating traffic classifiers with traffic behaviors
Queue scheduling
  • PQ scheduling
  • DRR scheduling
  • PQ + DRR scheduling
  • WRR scheduling
  • PQ + WRR scheduling
Congestion avoidance
  • SRED
  • WRED
Application control
  • Smart Application Control (SAC)
Configuration and Maintenance Terminal service
  • Configurations using command lines
  • Error message and help information in English and Chinese
  • Login through console and Telnet terminals
  • Send function and data communications between terminal users
File system
  • File systems
  • Directory and file management
  • File uploading and downloading using FTP and TFTP
Debugging and maintenance
  • Unified management over logs, alarms, and debugging information
  • Electronic labels
  • User operation logs
  • Detailed debugging information for network fault diagnosis
  • Network test tools such as traceroute and ping commands
  • Interface mirroring and flow mirroring
Version upgrade
  • Device software loading and online software loading
  • BIOS online upgrade
  • In-service patching
Security and Management System security
  • Different command user levels to prevent unauthorized access
  • SSHv2.0
  • RADIUS and HWTACACS authentication for login users
  • ACL filtering
  • DHCP packet filtering with the Option 82 field
  • Local attack defense function that can protect the CPU and ensure that the CPU can process services
  • Defense against control packet attacks
  • Defenses against attacks such as:
    • Source address spoofing
    • Land
    • SYN flood (TCP SYN)
    • Smurf ping flood (ICMP echo)
    • Teardrop and Ping of Death attacks
  • IPSec
  • Application identification: Use the service awareness technology to identify packets of dynamic protocols such as HTTP and RTP by checking Layer 4 to Layer 7 information in the packets, helping implement fine-grained QoS management
  • URL filtering: URL filtering regulates online behavior by controlling which URLs users can access
  • Antivirus: The antivirus function depends on the powerful and constantly updated virus signature database to secure the network and system data
  • Intrusion prevention: Intrusion prevention detects intrusions, such as buffer overflow attacks, Trojan horses, and worms, by analyzing network traffic and takes actions to quickly terminate the intrusions. In this way, intrusion prevention protects the information system and network architecture of enterprises
Network management
  • ICMP-based ping and traceroute
  • SNMP v1, SNMP v2c, and SNMP v3
  • Standard MIB
  • RMON
  • NetStream

AP management

Features Specifications
AP Access Control
  • Displays MAC addresses or SNs of APs in the whitelist.
  • Adds a single AP or multiple APs, by specifying a range of MAC addresses or SNs, to the whitelist
  • Automatically discovering and manually confirming APs
  • Automatically discovering APs without manually confirming them
AP Region Management

Supports three AP region deployment modes:

  • Distributed deployment: APs are independently deployed. An AP is equivalent to a region and does not interfere with other APs. APs work at maximum power and do not calibrate radio frequencies
  • Common deployment: APs are loosely deployed. The transmit power of each radio frequency is less than 50% of maximum transmit power
  • Centralized deployment: APs are densely deployed. Transmit power of each radio frequency is less than 25% of maximum transmit power

Specifies default region to which automatically discovered APs are added

AP Profile Management
  • Specifies the default AP profile applied to automatically discovered APs
AP Type Management
  • Manages AP attributes including:
    • Number of interfaces
    • AP types
    • Number and types of radio frequencies
    • Maximum number of Virtual Access Points (VAPs)
    • Maximum number of associated users
    • Radio gain for indoor APs
  • Provides default AP types
Network Topology Management
  • Supports LLDP topology detection
AP Working Mode Management
  • Supports AP working mode switchover. The AP working mode can be switched to the Fat or cloud mode on the AC

Radio management

Features Specifications
Radio Profile Management
  • The following parameters can be configured in a radio profile:
    • Radio working mode and rate
    • Automatic or manual channel and power adjustment mod
    • Radio calibration interval
  • Radio type can be set to 802.11b, 802.11b/g, 802.11b/g/n, 802.11g, 802.11n, 802.11g/n, 802.11a, 802.11a/n, or 802.11ac
  • You can bind a radio frequency to a specified radio profile
  • Supports MU-MIMO
Unified Static Configuration of Parameters
  • Radio parameters such as the channel and power of each radio frequency are configured on the AC and then delivered to APs
Dynamic Management
  • APs can automatically select working channels and power when they go online
  • In an AP region, APs automatically adjust working channels and power in the event of signal interference:
    • Global calibration: Optimal working channel and power of a specified AP can be adjusted
    • Partial calibration: Optimal working channels and power of all the APs in a specified region can be adjusted
  • When an AP is removed or goes offline, the AC6605 increases the power of neighboring APs to compensate for the missing coverage
  • Support for automatic selection and calibration of radio frequency parameters in AP regions
Enhanced Service Capabilities
  • AC supports 802.1a/b/g/n/ac. Modes can be used independently or jointly (a\n, b\g, b\g\n, and g\n)
  • Band steering: Enables terminals to preferentially access the 5G frequency band, achieving load balancing between the 2.4G and 5G frequency bands
  • Smart roaming: Enables sticky terminals to roam to APs with better signals

WLAN service management

Features Specifications
ESS Management
  • Allows you to enable SSID broadcast, set the maximum number of access users, and set the association aging time in an ESS
  • Isolates APs at Layer 2 in an ESS
  • Maps an ESS to a service VLAN
  • Associates an ESS with a security profile or a QoS profile
  • Enables IGMP for APs in an ESS
  • Supports Chinese SSIDs
VAP-based Service Management
  • Adds multiple VAPs at a time by binding radio frequencies to ESSs
  • Displays information about a single VAP, VAPs with a specified ESS, or all VAPs
  • Supports configuration of offline APs
  • Creates VAPs according to batch delivered service provisioning rules in automatic AP discovery mode
Service Provisioning Management
  • Supports service provisioning rules configured for a specified radio frequency of a specified AP type
  • Adds automatically discovered APs to the default AP region. The default AP region is configurable
  • Applies a service provisioning rule to a region to enable APs in the region to go online
Multicast Service Management
  • Supports IGMP snooping
  • Supports IGMP proxy
Load Balancing
  • Performs load balancing among radios in a load balancing group
  • Supports two load balancing modes:
    • Based on the number of STAs connected to each radio frequency
    • Based on the traffic volume on each radio frequency
Bring Your Own Device (BYOD)
  • Identification of device types according to the OUI in the MAC address
  • Identification of device types according to the User Agent (UA) field in an HTTP packet
  • Identification of device types according to DHCP Option information
  • Carrying of device type information in RADIUS authentication and accounting packets
  • Supports Microsoft Lync
Positioning Services
  • Locating AeroScout and Ekahau tags
  • Locating Wi-Fi terminals
  • Locates Bluetooth terminals
  • Locates Bluetooth tags
Spectrum Analysis
  • Identification of the following interference sources: Bluetooth,microwave ovens, cordless phones, ZigBee, game controller, 2.4 GHz/5 GHz wireless audio and video devices, and baby monitors
  • Working with the eSight to locate the interference sources and display spectrum
Hotspot2.0
  • Supports a Hotspot2.0 network
Internet of Things (IoT)
  • Supports IoT cards on the AP to converge the WLAN and IoT

Quality of Service (QoS)

Features Specifications
WMM Profile Management
  • Enables or disables Wi-Fi Multimedia (WMM)
  • Allows a WMM profile to be applied to radio frequencies of multiple APs
Traffic Profile Management
  • Manages traffic from APs and maps packet priorities according to traffic profiles
  • Applies a QoS policy to each ESS by binding a traffic profile to each ESS
AC Traffic Control
  • Manages QoS profiles
  • Uses ACLs to perform traffic classification
  • Limits incoming and outgoing traffic rates for each user based on inbound and outbound CAR parameters
  • Limits the traffic rate based on ESSs or VAPs
AP Traffic Control
  • Controls traffic of multiple users and allows users to share bandwidth
  • Limits the rate of a specified VAP
Packet Priority Configuration
  • Sets the QoS priority (IP precedence or DSCP priority) for CAPWAP control channels
  • Sets the QoS priority for CAPWAP data channels:
    • Allows you to specify the CAPWAP header priority
    • Maps 802.1p priorities of user packets to ToS priorities of tunnel packets
Airtime Scheduling
  • Allocates equal time to users for occupying the channel, which improves users' Internet access experience

WLAN security

Feature Specifications
WLAN Security Profile Management
  • Manages authentication and encryption modes using WLAN security profiles
  • Binds security profiles to ESS profiles
Authentication Modes
  • Open system authentication with no encryption
  • WEP authentication/encryption
  • WPA/WPA2 authentication and encryption:
    • WPA/WPA2-PSK + TKIP
    • WPA/WPA2-PSK + CCMP
    • WPA/WPA2-802.1x + TKIP
    • WPA/WPA2-802.1x + CCMP
    • WPA/WPA2-PSK + TKIP-CCMP
    • WPA/WPA2-802.1x + TKIP-CCMP
  • WAPI authentication and encryption:
    • Supports centralized WAPI authentication
    • Supports three-certificate WAPI authentication, which is compatible with traditional two-certificate authentication
    • Issues a certificate file together with a private key
  • Allows users to use MAC addresses as accounts for authentication by the RADIUS server
  • Portal authentication:
    • Authentication through an external Portal server
    • Built-in Portal authentication and authentication page customization
  • Supports WeChat- and QR code-based authentication
Combined Authentication
  • Combined MAC authentication:
    • PSK + MAC authentication
  • MAC + portal authentication:
    • MAC authentication is used first. When MAC authentication fails, portal authentication is used
    • This type of authentication applies only to centralized forwarding
AAA
  • Local authentication/local accounts (MAC addresses and accounts)
  • RADIUS authentication
  • Multiple authentication servers
    • Supports backup authentication servers
    • Specifies authentication servers based on account
    • Configures authentication servers based on account
    • Binds user accounts to SSIDs
Security Isolation
  • Port-based isolation
  • User group-based isolation
WIDS
  • Rouge device scan, identification, defense, and countermeasures, which includes dynamic blacklist configuration and detection of rogue APs, STAs, and network attacks
Authority Control
  • ACL limit based on the following:
  • Port
  • User group
  • User
Other Security Features
  • SSID hiding
  • IP source guard:
    • Configures IP and MAC binding entries statically
    • Generates IP and MAC binding entries dynamically

WLAN user management

Features Specifications
Address Allocation of Wireless Users
  • Functions as a DHCP server to assign IP addresses to wireless users
WLAN User Management
  • Supports user blacklist and whitelist
  • Controls the number of access users:
    • Based on APs
    • Based on SSIDs
  • Logs out users in any of the following ways:
    • Using RADIUS DM messages
    • Using commands
  • Supports various methods to view information
    • Allows you to view the user status by specifying the user MAC address, AP ID, radio ID, or WLAN ID
    • Displays the number of online users in an ESS, AP, or radio frequency
    • Collects packet statistics on air interface based on user
WLAN User Roaming
  • Supports 802.11k and 802.11v smart roaming
  • Supports intra-AC Layer 2 roaming. Note: Users can roam between APs connected to different physical ports on an AC
  • Supports inter-VLAN Layer 3 roaming on an AC
  • Supports roaming between ACs
  • Supports fast key negotiation in 802.1x authentication
  • Authenticates users who request to reassociate with the AC and rejects the requests of unauthorized users
  • Delays clearing user information after a user goes offline so that the user can rapidly go online again
User Group Management
  • Supports ACLs
  • Supports user isolation:
    • Inter-group isolation
    • Intra-group isolation

Management and maintenance

Type Feature
Maintenance and Management CLI-based management: You can use the console interface for local configurations or log in to the AC using Telnet or SSH
GUI-based web system management: The web system supports local GUI-based configurations
SNMP-based NMS management: The NMS allows you to configure the AC based on the Simple Network Management Protocol (SNMP)
Provides the re-detection function to prevent incorrect detection because of instant interference
Checks version matching automatically when the system is running
The AC supports in-service software upgrade and patching. You can upgrade the features that need to be modified
If the new system software cannot start the system during a system upgrade, the old system software can be used instead
The AC supports in-service patching to protect services from being affected when a patch is installed. The software can be restored to the earlier version, and the device data before and after in-service patching is recorded
Maintenance Debugging information output
Ping
Remote maintenance using SSH or Telnet
Tracing and Monitoring Ping and traceroute
Black Box
Mirroring

Specifications

Physical specifications

Item Description
Dimensions (W x D x H) 442 mm x 420 mm x 43.6 mm
Maximum Power Consumption 85W
Weight
  • Net weight: 5.48 kg
  • Fully configured with 150W power supplies: 7.16 kg
  • Fully configured with 500W power supplies: 7.48 kg
Operating Temperature -5°C to 50°C
Relative Humidity 5% RH to 95% RH, non-condensing
Operating Altitude

-60m to 5,000m

AC Input Voltage Rated voltage 100V AC to 240V AC, 50 Hz/60 Hz
Voltage range 90V AC to 264V AC, 47 Hz to 63 Hz
DC Input Voltage Rated voltage -48V DC to -60V DC
Voltage range -36V DC to -72V DC

System configuration

Item Specifications
Processor Dominant frequency: 1 GHz
Switching Capacity 128 Gbit/s
Forwarding Capacity 10 Gbit/s
DDR Memory 4 GB
Flash Memory 256 MB

Protocol and management

Parameter Specifications
Number of Managed APs Central AP: 128

Common AP and RU: 1,024
Number of Access Users Entire device: 10K Single AP: A maximum of 256 (depending on the AP model)
Number of MAC Address Entries 16K
Number of VLANs 4K
Number of Routing Entries 10K
Number of ARP Entries 8K
Number of Multicast Forwarding Entries 4K
Number of DHCP IP Address Pools 128 IP address pools, each of which contains a maximum of 16K IP addresses
Number of Local Users 1,000
Number of ACLs 8K
Number of ESSIDs 16K
User Group Management
  • 128 user groups
  • Each user group can reference a maximum of eight ACLs.
  • A maximum number of ACL rules that can be associated with each user group:
    • V200R007C10 and earlier versions: 128
    • V200R007C20: 512

Wireless networking

Features Specifications
Networking Between APs and ACs
  • APs and ACs can be connected through a Layer 2 or Layer 3 network
  • APs can be directly connected to an AC
  • APs are deployed on a private network, while ACs are deployed on the public network to implement NAT traversal
  • ACs can be used for Layer 2 bridge forwarding or Layer 3 routing
Forwarding Modes
  • Direct forwarding (distributed forwarding or local forwarding)
  • Tunnel forwarding (centralized forwarding)
  • Centralized authentication and distributed forwarding
  • In direct forwarding mode, user authentication packets support tunnel forwarding
  • Soft GRE forwarding
Wireless Networking Modes
  • WDS bridging
    • Point-to-Point (P2P) wireless bridging
    • Point-to-Multipoint (P2MP) wireless bridging
    • Automatic topology detection and loop prevention (STP)
  • Wireless mesh network
  • Access authentication for mesh devices
  • Mesh routing algorithm
  • Go-online without configuration
    • Mesh network with multiple MPPs
    • Vehicle-ground fast link handover
    • Mesh client mode
AC Discovery
  • An AP can obtain the device’s IP address in any of the following ways:
    • Static configuration
    • DHCP
    • DNS
    • The AC uses DHCP or DHCPv6 to allocate IP addresses to APs
    • DHCP or DHCPv6 relay is supported
    • On a Layer 2 network, APs can discover the AC by sending broadcast CAPWAP packets
CAPWAP Tunnel
  • Centralized CAPWAP
  • CAPWAP control tunnel and data tunnel (optional)
  • CAPWAP tunnel forwarding and direct forwarding in an Extended Service Set (ESS)
  • Datagram Transport Layer Security (DTLS) encryption
  • Heartbeat detection and tunnel reconnection
Active and Standby ACs
  • Enables and disables the switchback function
  • Supports load balancing
  • Supports 1+1 hot backup
  • Supports N+1 backup
  • Supports wireless configuration synchronization between ACs

Networking and applications

Deployment scenarios

The AC6605-26-PWR is connected to an aggregation switch in chain or branched mode.

The AC6605-26-PWR processes both control flows and data flows. Management flows must be transmitted over Control And Provisioning of Wireless Access Points (CAPWAP) tunnels. Data flows can be transmitted over CAPWAP tunnels or not, as required.

The CAPWAP protocol defines how APs communicate with ACs and provides a general encapsulation and transmission mechanism for communication between APs and ACs. CAPWAP defines data tunnels and control tunnels.

Data tunnels encapsulate 802.11 data packets to be sent to the AC.

Control tunnels transmit control flows for remote AP configuration and WLAN management.

Two forwarding modes are available according to whether data flows are transmitted on CAPWAP tunnels:

Direct forwarding: Is also called local or distributed forwarding.

Tunnel forwarding: Is also called centralized forwarding. It is usually used to control wireless user traffic in a centralized manner.

You can select the chain or branched mode according to networking requirements. On the AC, you can configure direct forwarding for some APs and tunnel forwarding for other APs. In tunnel forwarding mode, all wireless user traffic is aggregated to an AC, which may create a switching bottleneck. Therefore, tunnel forwarding is seldom used on enterprise networks.

Inline networking

In inline networking mode, APs or access switches are directly connected to the AC. The AC functions as both an AC and an aggregation switch to forward and process APs' data and management services.

In inline networking mode, the AC sets up CAPWAP tunnels with APs to configure and manage these APs over CAPWAP tunnels. Service data of wireless users can be forwarded between APs and the AC over CAPWAP data tunnels or be directly forwarded by APs.

In inline networking mode, direct forwarding is often used so that service data can be forwarded on APs.

The AC functions as the DHCP server to allocate IP addresses to APs. APs obtain the IP address of the AC using the DNS mode, DHCP mode, or broadcast mode, and set up data tunnels with the AC. Data flows not transmitted in CAPWAP tunnels.

In direct forwarding mode, only control flows are transmitted in CAPWAP tunnels, and data flows sent from APs are transparently transmitted to the upstream device by the AC, as shown in Figure. Data flows are identified by VLAN IDs.

When data flows are not transmitted in CAPWAP tunnels, configure management VLANs and data VLANs as follows:

  • On the AC and its upstream switches, configure an AC management VLAN to transmit control flows between the AC and the NMS
  • On the switches between APs and the AC, configure AP management VLANs to transmit control flows between APs and the AC
  • On all switches between APs and the BRAS, configure data VLANs to differentiate WLAN service flows

Bypass networking

1) Direct forwarding

In direct forwarding mode, wireless user service data is translated from 802.3 packets into 802.11 packets, which are then forwarded by an uplink aggregation switch.

The bypass networking mode is often used on enterprise networks. Wireless user service data does not need to be processed by an AC, eliminating the bandwidth bottleneck and facilitating the usage of existing security policies. Therefore, this networking mode is recommended for integrated network deployment.

The AC only manages APs. All AP control flows must reach the AC.

Interfaces connected to the AC are reserved on the aggregation switch. The aggregation switch functions as the DHCP server to allocate IP addresses to APs. APs obtain the IP address of the AC using the DNS function, DHCP Option 43 or DHCP Option 15 in DHCP packets.

Data flows from APs are forwarded by the Layer 2 switch and aggregation switch, and do not pass through the AC.

Different VLANs are assigned to STAs with different Service Set Identifiers (SSIDs). The Layer 2 switch and aggregation switch identify packets from these VLANs and forward these packets to the BRAS. The BRAS terminates packets from terminals, controls user access, and allocates IP addresses to users. After a user is authenticated by the BRAS, traffic from the user is forwarded to the Internet across the IP network.

2) Tunnel forwarding

In tunnel forwarding mode, wireless user service data is transmitted between APs and ACs over CAPWAP tunnels.

In Figure, both management flows and data flows of APs are transmitted to the AC over CAPWAP tunnels, and then the AC transparently transmits these flows to the upstream device.

Tunnel forwarding is usually used to control wireless user traffic in a centralized manner. This forwarding mode facilitates device deployment and controls all wireless user data flows by aggregating traffic of all wireless users connected to APs to an AC through CAPWAP data tunnels.

In branched networking mode, the AC manages all the APs connected to the aggregation switch. This network topology applies to scenarios where APs are scattered across hot spots.

The branched networking mode requires only a small modification to the existing network, facilitating device deployment. You can select the direct forwarding or tunnel forwarding mode according to networking requirements. Direct forwarding is recommended to enterprise networks.

Wireless backhaul networking

The 802.11 wireless technology has been widely used in home networks and enterprise networks. Users can easily access the Internet over WLANs. In this network application, APs must be connected to the existing wired network to provide network access services for wireless users. To expand the wireless coverage area, APs need to be connected using cables, switches, and power supplies. This increases network costs and prolongs network construction period. Wired deployment requirements may not be met in special circumstances. The Wireless Distribution System or Wireless Mesh Network allows APs to be connected wirelessly, facilitating WLAN construction in a complex environment.

Wireless Distribution System (WDS)

The WDS is a distribution system comprised of APs. The WDS connects to an AC on the network side, which is then connected to a network device such as a gateway or an aggregation switch. The WDS connects to a Station (STA) or PC on the user side.

On a WDS network, an AC manages the following devices:

Root AP: connects to an AC on the wired side, and functions as a WDS master to connect to trunk APs or leaf APs.

Trunk AP: functions as a WDS slave to connect to a root AP, connects to wired devices on the wired side, or functions as a WDS master to connect to leaf APs.

Leaf AP: functions as a WDS slave to connect to a root AP or trunk AP or connects to STAs on the wireless side.

The WDS networking can expand WLANs and applies to indoor wireless deployment scenarios.

Wireless Mesh Network (WMN)

Compared with a traditional WLAN, a Wireless Mesh Network (WMN) has the following advantages:

Fast deployment: Mesh nodes can be easily installed to construct a WMN in a short time, much shorter than the construction period of a traditional WLAN.

Dynamic coverage area expansion: As more mesh nodes are deployed on a WMN, the WMN coverage area can be rapidly expanded.

Robustness: A WMN is a peer-to-peer network that will not be affected by the failure of a single node. If a node fails, packets are forwarded to the destination node along other paths.

Flexible networking: An AP can join or leave a WMN easily, allowing for flexible networking.

Various application scenarios: Besides traditional WLAN scenarios such as enterprise networks, office networks, and campus networks, a WMN also applies to scenarios such as large-scale warehouses, docks, MANs, metro lines, and emergency communications.

Cost-effectiveness: Only MPPs need to connect to a wired network, which minimizes the dependency of a WMN on wired devices and saves costs in wired device purchasing and cable deployment.

Nodes on a WMN can be classified into the following types based on their functions:

Mesh Point (MP)

A mesh-capable node that uses IEEE 802.11 MAC and physical layer protocols for wireless communication. This node supports automatic topology discovery, automatic route discovery, and data packet forwarding.

Mesh Portal Point (MPP)

An MP that connects to a WMN or another type of network. This node has the portal function and enables mesh nodes to communicate with external networks.

On a WMN, MPs are fully meshed to establish an auto-configured, and self-healing backbone WMN, and MPPs with the gateway function provide connections to the Internet. An MP provides access services and connects a terminal to a WMN. A WMN uses special mesh routing protocols, which ensures high transmission quality. The WMN is applicable to scenarios that require high-bandwidth and highly-stable Internet connections.

Dual-AC networking

To ensure uninterrupted service forwarding, enterprises that require high reliability use active and standby ACs for networking.

Dual-AC backup can be implemented in two modes:

HSB + dual-link backup: as shown in Figure an AP establishes CAPWAP tunnels with both the active and standby ACs. The two ACs synchronize service information (such as NAC and WLAN service information) through the Hot Standby (HSB) function. When an AP is disconnected from the active AC, the AP notifies the standby AC of a switchover.

HSB + VRRP: an AP obtains only the virtual IP address of both the active and standby ACs. The active AC backs up information including AP entries, CAPWAP link information, and user information on the standby AC. In this mode, the AP only detects the presence of one AC. The active/standby switchover is determined by the Virtual Router Redundancy Protocol (VRRP). Currently, this mode cannot be used in a VRRP multi-instance scenario.