Saturday, August 6, 2022

Wireless LAN - Standard - Architecture

Wireless LAN Fundamentals

  • Wired Networks v/s Wireless Networks
  • Types of Wireless Networks
  • Wireless LAN – Devices
  • Ad-hoc Mode v/s Infrastructure Mode

 Wired v/s Wireless Network

Wired Networks

  • Wired Network connects via cables/wire
  • Data transfer in the form of either electrical or light signals
  • IEEE 802.3 – Standard for wired Ethernet
  • To connect different nodes, you need the following: Cabling, Internetworking devices, Bridges or switches, to connect to LAN, Routers, to connect to WAN
  • To setup wired networks too much work and you need at least two people
  • You need tools: Crimpers, cable strippers, punch down tools, toners, cable testers

 Wireless Networks

  • Removes need of wire/cable (wireless connection)
  • Air medium for Data transfer (uses wireless signals – RF)
  • IEEE 802.11 – Standard for Wireless Networks
  • Easy to setup
  • Fewer configuration (One person could do it)
  • Provides mobility to users (can connect to network while moving within the range)
  • You could even run up to Gbps speed
  • But we must think of security (secure wireless networks)
  • Wireless Devices needed – Wireless devices, Access Point (AP), Controllers (WLC)

Types of Wireless Networks

Wireless Local Area Network (WLAN)

  • Links two or more devices using wireless communication to form local re network (LAN) within a limited area, such as a home, school, computer laboratory, campus or office building.
  • Covered area around 300ft/100m
  • Gives users the ability to move around within the area and remain connected to the network
  • Provide high speed data communication in small areas such as building or an office
  • Most modern WLANs are based on IEEE 802.11 standards and are marketed under the WI-FI brand name

Wireless Personal Area Network (WPAN)

  • Allow the connectivity of personal devices within an area of about 30 feet/10m
  • Provides data transmission among devices such as computers, smartphones, tablets, and personal digital assistants
  • Short-range networks that are Bluetooth technology

Wireless Metro Area Network (WMAN)

  • Connection of multiple networks in city limits (such as different buildings in a city).
  • Connect multiple geographically close LANs
  • 802.16 – WIMAX is an example of WMAN protocol (most WIMAX Implementation use licensed bands)
  • WIMAX network can reach about 50-90 km and can transmit up to 70 Mbps

Wireless Wide Area Network (WWAN)

  • Interconnecting devices over large areas such as cities or countries (Very large distance coverage) – via multiple satellite system or antenna sites looked after by an ISP
  • Mobile communication cellular network technologies such as 2G, 3G, 4G, LTE and 5G to transfer data. For e.g., a mesh network or MANET with nodes on buildings, towers, trucks, and planes.

 Wireless LAN - Devices

  • Wireless clients with wireless NIC
Laptops, personal digital assistants
IP phones and other smartphones
Desktop computers, printers
  • Access points
  • Wireless LAN Controller (WLC)

Wireless Access Point (WAP)

  • Provides centralized location to connect devices within the LAN – Without wire (using RF signals)
  • Allows other WI-FI devices to connect to a wired network.
  • Provides wireless internet in public places, like coffee shops, airports, train stations.

Wireless LAN Controllers (WLC)

  • Provides centralized management of all access points in the networks.
  • WLC used in combination with the Access Point Protocol (LWAPP) to in large quantities by the network administrator.
  • Make it easier to manage large wireless scale deployments – Example: Airports, Shopping Malls

Ad-hoc Mode v/s Infrastructure Mode

Wireless Networks can be either in Ad-hoc mode or Infrastructure mode


Ad-hoc Mode (Peer to Peer)

  • Devices on the wireless network connect directly to each other (without AP). Don’t require a centralized access point. Bluetooth is a typical ad-hoc network
  • Also called computer-to-computer or peer mode
  • Easier to setup if you just want to connect two devices to each other
  • By default, not able to communicate with any infrastructure devices or any other devices connected to a wired network, unless we allowed any bridging or any connection to wired network.

Infrastructure Mode

  • Requires a central access point that all devices connect to
  • Devices on the network all communicate through an Access Point. Laptop send packets to the access point, and access point further sends to the other laptop.
  • Most wireless networks function in Infrastructure mode
  • Access points acts as a bridge to another wireless/wired network.
  • Higher-power wireless radios and antennas so they can cover a wider area.

Wireless LAN Terminology

  • SSID
  • Independent BSS
  • Basic Service Set (BSS)
  • Extended Service Set (ESS)
  • Distribution system
  • Basic Service Area (BSA)
  • 802.11

SSID – Service Set Identifier

  • A service set identifier (SSID) is a sequence of characters that uniquely names a wireless local area network (WLAN). An SSID is sometimes referred to as a "network name." This name allows stations to connect to the desired network when multiple independent networks operate in the same physical area.
  • Unique ID used for naming wireless networks. (Including home networks and public hotspots)
  • Client devices use this to identify and join wireless networks
  • For example: if you see a sign telling you to join a network with an SSID of “Airport WIFI”.

Service Sets – Wireless Networks

  • Group of wireless network devices connected with same SSID.
  • You must configure all connecting devices and Access points (APs) in a service set to use the same SSID.
  • Forms a logical network – They are on the same logical network segment (e.g. IP subnet or VLAN)

Types of service sets

  • Independent Basic Service Set (IBSS)
  • Basic Service Set (BSS)
  • Extended Service Set (ESS)

Independent Basic Service Set (IBSS)

  • Devices on the wireless network connect directly to each other. (Without AP)
  • Don’t require a centralized Access Point
  • Any other device can join as needed (They do not scale well beyond 8 -10 devices)
  • Example: Two people who want to exchange electronic documents at a meeting.
  • Personal printers have the capability to print documents wirelessly, without relying on a regular BSS or AP.
  • This is known as an Ad-hoc wireless network or an Independent basic service set (IBSS) or network.
  • Easier to setup if you just want to connect two devices to each other peer-peer
  • By default, Ad-hoc network is not able to communicate with any other infrastructure devices (Wired/Wireless)

Basic Service Set (BSS)

  • Wireless LAN is established using a central device called an Access Point.
  • Centralizes access and control over a group of wireless devices.
  • All wireless devices do not communicate directly with each other. (But instead, they communicate with the AP, and the AP forwards the frames to the destination stations)
  • The Access Point manages the wireless network – AP broadcast the SSID (advertising its availability to connect), Devices within range initiate request to connect to AP.
  • The Access Point can require any of the following criteria before allowing a client to join: Matching Service Set Identifier (SSID); All must use the same channel and compatible wireless data rate; Authentication credentials

Extended Service Set (ESS)

  • Two or more Access Points are connected to the same LAN to provide a larger coverage area.
  • Allows the client to move from one AP to another AP and still be the part of the LAN.
  • When Aps are placed at different geographic locations, they can all be interconnected by a switched infrastructure.
  • SSID remains same within the same ESS.
  • Each AP has its own BSSID (MAC) – allows clients to differentiate between AP.

Distribution System

  • Wireless clients will need to communicate with other devices
  • AP can also uplink into an Ethernet network, because it has both wireless and wired capabilities.
  • This uplink Wired Ethernet connection referred as Distribution System (DS).
  • Connects your wireless network access to network resources (Internet, servers, etc.)

  • AP is in charge of mapping a virtual local-area network (VLAN) to an SSID.
  • AP must be connected to the switch by a trunk link that carries the VLANs – The AP uses the 802.1Q tag to map the VLAN numbers to the appropriate SSIDs. VLANs 10, 20, and 30 are trunked to the AP over the DS.


Wireless Standards and Regulation

Understanding Basic Wireless Theory

  • To send data across a wired link, an electrical signal is applied at one end and carried to the other end.
  • A wireless link has no physical strands of anything to carry the signal along.

  • Electromagnetic waves transport energy in empty space propagating electric and magnetic fields.
  • Sender Antenna propagate electro-magnetic waves away from the antenna.
  • Electromagnetic waves travel by expanding in all directions away from the antenna.

Frequency and its Range

  • Number of times the signal makes one complete up and down cycle in 1 second.
  • A hertz (Hz) = cycles per second
  • A hertz (Hz) is the most commonly used frequency unit.

The frequency ranges from around 3 KHz to 300 GHz is commonly called Radio frequency (RF).

It includes many different types of radio communication, including:

  • Low-frequency radio
  • AM radio
  • Shortwave radio
  • Television
  • FM radio
  • Microwave
  • Radar

The microwave category also contains the two main frequency ranges that are used for Wireless LAN communication: 2.4 and 5 GHz.

IEEE 802 - Standard

IEEE 802 is a family of IEEE standards dealing with local area networks and metropolitan area networks.

IEEE 802.1

Bridging (networking) and network management

IEEE 802.2

Logical Link layer

IEEE 802.3

Ethernet (CSMA/CD)

IEEE 802.4

Token bus (disbanded)

IEEE 802.5

Defines a MAC layer for a token ring (inactive)

IEEE 802.6

Metropolitan Area Network (disbanded)

IEEE 802.7

Broadband LAN using coaxial cable (disbanded)

IEEE 802.8

Fiber optic TAG (disbanded)

IEEE 802.9

Integrated Services LAN (disbanded)

IEEE 802.10

Interoperable LAN Security (disbanded)

IEEE 802.11

Wireless LAN and Mesh (Wi-fi certification)

IEEE 802.12

Demand Priority (disbanded)

IEEE 802.13

Not used

IEEE 802.14

Cable modems (disbanded)

IEEE 802.15

Wireless PAN

IEEE 802.15.1

Bluetooth certification

IEEE 802.15.2

Zigbee certification

IEEE 802.16

Broadband Wireless Access (WiMAX certification)

IEEE 802.16e

(Mobile) Broadband wireless Access

IEEE 802.17

Resilient Packet Ring
The IEEE 802 family of standards is maintained by the IEEE 802 LAN/MAN Standards Committee (LMSC) 

IEEE 802.11 – Wireless LAN

Standard introduced by IEEE in June 1997 used for wireless ethernet networks.

The standard operates in the nearly worldwide available 2.4 GHz band and 5 GHz Frequency Bands.

Some IEEE 802.11 Standard Activities

  • 802.11a – 5GHz, 54 Mbps; ratified in 1999
  • 802.11b – 2.4 GHz, 11 Mbps; ratified in 1999
  • 802.11d – World Mode; ratified in 2001
  • 802.11e – QOS; ratified in 2005
  • 802.11g – 2.4 GHz, 54 Mbps; ratified in 2003
  • 802.11h – DFS and TPC mechanisms; ratified in 2004
  • 802.11i – Authentication and security; ratified in 2004
  • 802.11k – Radio resource measurement enhancements (under development)
  • 802.11n – Higher throughput improvements using MIMO antennas (under development)
  • 802.11t – WPP; test methods and metrics recommendation (under development)
  • 802.11w – Protected management frames (under development) 

Evolution of 802.11 


IEEE 802.11:

  • First Standard around in 1997
  • Offers 1 or 2 Mbps transmission speeds – Far too slow for modern networking needs and are now no longer deployed
  • Uses RF Band within range of 2.4 GHz

 IEEE 802.11a:

  • Uses 5 GHz band frequency
  • 802.11a specified speeds of up to 54 Mbps.
  • 802.11a is incompatible with the 802.11b and 802.11g wireless standards.

 IEEE 802.11b:

  • Uses a 2.4 GHz frequency bands.
  • Maximum transmission speed of 11 Mbps
  • Backward compatible with previous 802.11 standards that provided for speeds of 1,2, and 5.5 Mbps.
  • Compatible with 802.11g

 IEEE 802.11g:

  • 802.11g is a popular wireless standard today
  • Operates in the 2.4 GHz frequency band
  • Speeds up to 54 Mbps
  • Compatible with 802.11b standard (work at 11 Mbps throughput)

 IEEE 802.11n:

  • Can be used in the 2.4 GHz or 5 GHz frequency bands.
  • Uses multiple antennas to increase data rates
  • Data rates up to 600 Mbps – using 4 antennas
  • Support for multiple-input multiple-output, frame aggregation, and security improvements

 IEEE 802.11ac:

  • The fifth Generation of Wi-Fi (Wi-Fi-5) in 2013
  • Uses 5 GHz frequency range
  • Speed ranges from 433 Mbps to 3.39 Gbps (depend on Antenna type/number)
  • 802.11ac – Wave 1 vs Wave 2
  • Wave 2, referring to products introduced in 2016
  • Offers a higher throughput than legacy Wave 1 products (those introduced starting in 2013)

Item

802.11n

802.11ac Wave 1 (Wi-Fi Alliance)

802.11ac Wave 2 (Wi-Fi Alliance)

Frequency Band

2.4 GHz and 5 GHz

5 GHz

5 GHz

Theoretical Transmission Rate

450 Mbps, 600 Mbps as specified by the standard

1.3 Gbps

3.47 Gbps

IEEE 802.11ax:

  • Marketed as Wi-Fi 6 by Wi-Fi Alliance
  • Designed specifically for high density public environments, like train, stadium, and airports
  • All Wi-Fi 6 devices work over the previously allocated 2.4 GHz and 5 GHz bands (Also support the standard over 6 GHz)
  • Throughput speeds are 4 x higher than 802.11ac

Cisco Wireless Architecture

WLANs can be designed using a variety of devices and in a variety of configurations. These configurations and designs are called “Architectures”. Wireless Architectures are:

  • Autonomous architectures
  • Cloud-based architectures
  • Converged architectures
  • Mesh architectures
  • Centralized wireless architectures
All of these architectures fall into one of two categories:
  • Distributed Architectures
  • Centralized Architectures

Cisco APs can be configured to operate in either:

  • Autonomous AP mode
  • Lightweight AP mode

Autonomous AP Architecture:

  • Access points (APs) are standalone (without WLC)
  • Each offering one or more fully functional, standalone basic service sets (BSSs)
  • More suitable for small office, home office (SOHO) implementations. (As typical enterprise network could consist of hundreds or thousands of APs)
  • Most wireless networks as an extension of the wired network.
  • Wireless and wired clients are on the same LAN and can communicate with each other.
  • Connecting wireless SSIDs to wired virtual LANs (VLANs) at the access layer
  • To extend LAN further, trunk links configured to AP
  • An autonomous AP must be configured with a management IP address for managing remotely – to configure SSIDs, VLANs, and many RF parameters like the channel and transmit power to be used.
  • Separate Management VLAN used and should be allowed on the trunk links to reach the AP.
  • Each AP must be configured and maintained individually – Unless we use management platform such as Cisco Prime Infrastructure or Cisco DNA Center.

 Challenges:

Managing AP individually (not efficient)

  • Updating wireless network SSIDs
  • Upgrading firmware
  • Authentication details and pre-shared keys
Note:
Wireless clients should be offered the same SSID on many APs
When we want a new SSID, we also have to create a new VLAN on all switches
Also want to extend the corresponding VLAN (and IP subnet) to each and every AP.

Often results in misconfigurations, mis-matched configurations, and frequently non-configurations.
Management is difficult, which leads to security vulnerabilities.
Managing their RF operation can be quite difficult.
Difficult to monitor traffic like – Intrusion detection and prevention, quality of service, bandwidth policing, and so on.
To overcome Limitations, APs have to be shifted toward some central location (using WLC Centralized)

 Split-MAC Architecture (Lightweight AP)

 The Cisco LAP (Lightweight Access Point) is part of the Cisco Unified Wireless Network architecture. A LAP is an AP that is designed to be connected to a wireless LAN (WLAN) controller (WLC). The LAP provides dual band support for IEEE 802.11a, 802.11b, and 802.11g and simultaneous air monitoring for dynamic, real-time radio frequency (RF) management. In addition, Cisco LAPs handle time-sensitive functions, such as Layer 2 encryption, that enable Cisco WLANs to securely support voice, video, and data applications.

APs are “lightweight,” which means that they cannot act independently of a wireless LAN controller (WLC). The WLC manages the AP configurations and firmware. The APs are “zero touch” deployed, and individual configuration of APs is not necessary. The APs are also lightweight in the sense that they handle only Real-Time MAC functionality. The APs leave all the non-real-time MAC functionality(Management Function) to be processed by the WLC. This architecture is referred to as the “Split MAC” architecture.

Real-Time Function (AP)

  • Transmission of 802.11 frames: Sending and receiving 802.11 frames, beacons, and probe messages.
  • MAC management: Interact with wireless clients based on MAC address
  • Encryption: 802.11 data encryption is also handled in real time, on a per-packet basis.

 The above functions must stay with the AP hardware, closest to the clients.

 Management Function (WLC)

Usually performed on a wireless LAN controller (WLC), which controls many lightweight APs
AP becomes totally dependent on the WLC for every other WLAN function, such as:

  • Client Authentication
  • Security Management
  • Association and reassociation (roaming)
  • Selecting RF channels
  • AP power management (output power)
  • Handling of roaming related functions
  • Quality of Service (QOS)

Protocol Use to communicate between AP and WLC

LWAP (Light Weight Access Point Protocol)

  • It is Cisco's proprietary.
  • LWAPP was introduced in RFC5412 and defined the process of authenticating an AP with a controller, distributing firmware and configuration, and defining the transport header for LWAPP traffic.
  • The controller discovery process and the firmware downloading process when using CAPWAP is the same as when using LWAPP.
  • The one exception is for Layer 2 deployments, which are not supported by CAPWAP.

CAPWAP (Control and Provisioning of Access Points)

  • It is Standard, interoperable protocol that enables a controller to manage a collection of wireless access points.
  • Cisco lightweight access points use CAPWAP to communicate between the controller and other lightweight access points on the network.
  • Controller software releases prior to 5.2.157.0 use the Lightweight Access Point Protocol (LWAPP) for these communications.
  • CAPWAP does not support layer 2 mode compared to LWAPP.
  • CAPWAP is more secure to LWAPP.
  • MTU discovery is only possible in CAPWAP

Lightweight AP bind with a WLC (AP Discovery and Join Process)

When a lightweight AP boots, it uses discovery mechanisms to search and connect to a WLC.

  • Access point (AP) registration consists of a discovery and join process. Registration is the first step in getting your wireless network up and running.
  • The discovery is just that—the AP discovering and validating that it is indeed talking to a controller. The join process is essentially the AP joining the Wireless LAN Controller (WLC) and the building of the encrypted tunnel between the AP-Manager and the AP.

Note The Cisco 5508 wireless controller does not require AP-Manager interfaces. The Management interface in a Cisco 5508 controller can act like a dynamic AP-Manager interface. An exception to this exists, and that exception applies to the WLC 5500 series because this platform has no AP-Manager. The management interface handles both functions on the 5500 series platform

  • This is where the management and AP-Manager functions come into play. Each interface plays a role in this procedure. The management interface handles the discovery, whereas the AP-Manager handles the join.

Both wireless devices (AP and WLC) use CAPWAP to communicate with each other. The APs and the WLC are known for their scalability. Regardless of the physical or logical location in the network, they can be plugged in anywhere. A new AP, right from the box, can be plugged in anywhere regardless of the subnet. After it is plugged in, it finds the WLC. The AP then receives the WLC version of code and configuration. After this is sent to the AP, it is ready to start serving clients.

Lightweight access points (LAP) are "zero-touch" deployed. The steps in this process are as follows:

  1. AP begins with a WLC discovery and join phase. The APs send CAPWAP discovery request messages to WLCs. 
  2. The problem is how to determine where to send the discovery request messages. The Cisco implementation defines an AP controller hunting process and discovery algorithm. The AP builds a list of WLCs using the search and discovery process, and then it selects a controller to join from the list.
  3. The AP issues a Dynamic Host Configuration Protocol (DHCP) discover request to get an IP address, unless it has previously had a static IP address configured. (If the AP supports Layer 2 LWAPP mode, it broadcasts an LWAPP discovery message in a Layer 2 LWAPP frame. Any WLC connected to the network that is configured to operate in Layer 2 LWAPP mode responds with a Layer 2 LWAPP discovery response. If Layer 2 LWAPP mode is not supported by the AP or the AP fails to receive an LWAPP discovery response to the Layer 2 LWAPP discovery message broadcast, and then attempt a Layer 3 LWAPP WLC discovery)

  4. Any WLC receiving the CAPWAP discovery request responds with an CAPWAP discovery response message.
  5. From the CAPWAP, the AP proceeds to step discovery responses received. Then an AP selects a WLC to join. (These controller search process repeats until at least one WLC is found and joined)
  6. The AP sends an CAPWAP join request to the WLC, expecting an CAPWAP join response.
  7. The WLC validates the AP and then sends an CAPWAP join response to the AP. The AP validates the WLC to complete the discovery and join process. The validation on both the AP and WLC is a mutual authentication mechanism. An encryption key derivation process is subsequently initiated. The encryption key secures future CAPWAP messages.

Note:
Before the AP and WLC connect, they must authenticate each other.
Both AP/WLC have pre-installed X.509 certificate – This prevents someone from adding an unauthorized AP to your network, and also ensures that messages are encrypted.

CAPWAP Tunnel:

  • The WLC becomes the central hub that supports a number of APs scattered about in the network.
  • Two devices must use a tunnelling protocol between them, to carry 802.11 related messages and also client data.
  • CAPWAP encapsulates the data between the LAP and WLC within new IP packets.
  • As the wireless network grows, the WLC simply builds more CAPWAP tunnels to reach more APs.
  • SSID-100 can exist on every AP, and VLAN 100 can reach every AP through the network of tunnels.
  • AP and WLC can be on same VLAN/subnets or different.

CAPWAP messages:

  • “Data Messages” are encapsulated and forwarded frames from and to wireless clients. UDP port 5247 is used for data channel.
  • “Control Messages” are management messages exchanged between the wireless LAN controller and the access point. UDP port 5246 is used for control channel.

CAPWAP Protocol State Machine (AP and WLC communication)


WLC Deployments

We have multiple deployment approaches – where WLC placed in the network
Each deployment method differs in:

  • Places the WLC in a different location within the network
  • How many WLC needed to support the number of AP used

Deployment Model

WLC Location

APs Supported

Clients Supported

Typical Use

Unified/Centralized WLC

Central (Physical)

6000

64,000

Large Enterprise

Cloud Based WLC

DC (Virtual)

3000

32,000

Private Cloud

Embedded WLC

Access (inside switch)

200

4000

Small Campus

Cisco Mobility Express WLC

AP (Inside AP)

100

2000

Branch location

Unified/Centralized WLC

  • WLC is a hardware appliance in a central location in the network
  • More suitable where most of the resources are located in a central location – Such as a data center or the internet
  • Typical unified WLCs can support a maximum of 6000 APs (Need more WLC if you have more than maximum AP limit)
  • Uses CAPWAP Tunnels between WLC and AP to encapsulate wireless users’ traffic

Cloud Based WLC

  • WLC located inside a data center in a private cloud
  • WLC exists as a virtual machine (not a physical device)
  • It supports up to 3000 APs, so if you need more, you create a second WLC virtual machine. 

Embedded WLC

  • WLC can be co-located with a stack of switches – The controller is embedded within the switching hardware
  • Typical Cisco embedded WLCs can support up to 200 APs
  • Small campuses or distributed branch locations, where the number of APs is relatively small in each location.
  • APs do not necessarily have to be connected to the switches that host the WLC.

Cisco Mobility Express WLC

  • WLC functions reside with an AP that is installed at the branch site
  • A Mobility Express WLC can support up to 100 APs
  • Small-scale environments, such as small, midsize, or multisite branch locations (You might not want to invest in dedicated WLCs at all)
  • AP that hosts the WLC forms a CAPWAP tunnel with the WLC, along with any other APs at the same location.

Cisco Wireless AP modes

Many Cisco APs can operate in autonomous or lightweight mode; this depends on the image that you run.
An AP that serves wireless clients is in local mode. Besides local mode, there are other AP modes as below:

Local

Local mode is the default mode; it offers a BSS on a specific channel. When the AP doesn’t transmit wireless client frame, it’s still doing something behind the scenes. The AP scans other channels to:

  • Measure noise
  • Measure interference
  • Discover rogue devices
  • Check for matches against IDS events

Client

Client Mode is the mode with which access point can connect to another access point as a client. Client Mode can be sued in such a scenario: For example internet of your company is provided by a remote access point and to get internet form this remote access point to your area, you can use your access point in Client Mode.

Monitor

An AP in monitor mode doesn’t transmit at all. It’s a dedicated sensor that:

  • Checks Intrusion Detection System (IDS) events
  • Detects rogue APs
  • Determines the position of wireless stations
Because the AP is only in monitor mode, it won’t broadcast an SSID so clients are unable to connect to the AP.

FlexConnect

  • It’s possible to connect a local mode AP at a remote branch to the HQ’s WLC. This works, but it’s not a good idea. First of all, the AP encapsulates all wireless client data through the CAPWAP tunnel over the WAN link. Secondly, when the WAN link is down, your wireless network at the branch site is offline too.
  • FlexConnect is an AP mode for situations like the one above. The AP can locally switch traffic between a VLAN and SSID when the CAPWAP tunnel to the WLC is down.

Sniffer

An AP in sniffer mode dedicates it’s time to receive 802.11 wireless frames. The AP becomes a remote wireless sniffer; you can connect to it from your PC with an application like Wildpackets Omnipeek or Wireshark. This can be useful if you want to troubleshoot a problem and you can’t be on-site. When an AP is in sniffer mode, it won’t broadcast an SSID so clients can’t connect to the AP.

Rogue Detector

Rogue detector mode makes the AP detect rogue devices full-time. The AP checks for MAC addresses it sees in the air and on the wired network. When the AP is in rogue detector mode, it can switch between rogue detection and serving clients. The AP can still broadcast an SSID and clients can connect to the AP.

Bridge/Mesh

  • The AP becomes a dedicated point-to-point or point-to-multipoint bridge.
  • Two APs in bridge mode can connect two remote sites. Multiple APs can also form an indoor or outdoor mesh. You can’t connect to the bridge with clients.
  • With Point-to-Point Bridge Mode, we can connect the LAN of a router to a remote access-point.
  • With Point-to-Multipoint Bridge Mode, we can connect two LANs  with one wireless link.

Flex plus Bridge

The AP can operate in either FlexConnect or Bridge/Mesh mode. This AP mode combines the two; it allows APs in mesh mode to use FlexConnect capabilities.

By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)