WLAN Fundamentals

Foreword

 Traditionally, two WLAN architectures are available: Fat AP and AC + Fit AP. A Fat
AP integrates WLAN management functions including user authentication, data
encryption, and roaming, but brings a heavy deployment workload for a large
WLAN. With the growth in wireless terminals, the AC + Fit AP architecture is
widely applied, which is easy to control and expand. Communication between the
AC and Fit APs is implemented using Control and Provisioning of Wireless Access
Points (CAPWAP).
 In this course, we will get a glimpse into the origin and implementation of
CAPWAP, key 802.11 frames, and STA roaming mechanism.

1 Huawei Confidential
 Objectives

Upon completion of this course, you will be able to:

 Describe the origin and implementation of CAPWAP.
 Understand the CAPWAP tunnel establishment process.
 Describe how an AP joins an AC and how STAs go online.
 Master the working mechanism of STA roaming.

2 Huawei Confidential
 Contents

1. CAPWAP Tunnel

2. Key 802.11 Frames

3. STA Going-Online Process

4. WLAN Roaming

3 Huawei Confidential
 Origin Concept Implementation

CAPWAP Background
Challenges of traditional Fat AP networking

• An enterprise needs to deploy a large number of APs, which poses higher

AC + Fit AP networking architecture Campus
requirements on centralized O&M, control, and security.
network
• Traditional Fat AP networking encounters the following challenges:
 Autonomous management, bringing security risks
 No fine-grained user management and control
STA  Difficult large-scale deployment, applicable only to SOHO small-scale
networking
AP1 AC
Layer 2 or Layer Solution
3 network • The AC + Fit AP networking architecture applies to medium- and large-
AP2 scale networks and has the following advantages over the Fat AP
architecture:
 Centralized, visualized management and control, reducing O&M costs
APn
 Fine-grained policy management for users
 Authentication and accounting to safeguard enterprise data security at
STA different layers
STA  Value-added service capability, enriching services
• Under this background, CAPWAP — Control and Provisioning of Wireless
Access Points, is developed for communication between the AC and APs.

4 Huawei Confidential
 Origin Concept Implementation

Origin of CAPWAP
Protocol LWAPP SLAPP CTP WiCoP
Standard RFC 5412 RFC 5413 draft-singh-capwap-ctp RFC 5414

Secure Light Access Point Wireless LAN Control

Full name Lightweight Access Point Protocol CAPWAP Tunneling Protocol
Protocol Protocol

Proposed by Cisco - Airspace Aruba Siemens - Chantry Panasonic

LWAPP gives a comprehensive

SLAPP supports two local
description of detection, security and
MAC modes: bridging and
system management methods. WiCoP defines the AC
tunnel, and allows for direct, CTP uses extended SNMP to
Supports local MAC address and split discovery mechanism,
Layer 2, and Layer 3 configure and manage WTPs.
MAC address. ACs and APs are including negotiation
connection modes. It uses CTP control packets are used to
Characteristics connected at Layer 2 or Layer 3. At based on performance of
mature technologies and control STA connection status,
Layer 2, LWAPP packets are the AC and STAs. This
standards to build and WTP configuration and
transmitted in Ethernet frames. At protocol also defines QoS
communication tunnels, and status.
Layer 3, LWAPP packets are parameters.
leverages GRE technology to
transmitted using user datagram
set up data channels.
protocol (UDP).

Signaling: Datagram CTP defines authentication and WiCoP recommends IPsec

Transport Layer Security a series of encryption rules and EAP security standards
Encryption Signaling: AES-CCM
(DTLS) based on AES-CCM, but the but does not specify
Data: not encrypted
Data: DTLS rules still need optimization. implementation methods.

5 Huawei Confidential
 Origin Concept Implementation

CAPWAP Background

LWAPP SLAPP

 Proposed by: Cisco  Proposed by: Aruba

 Complete protocol framework  Bridging
 Detailed packet structure and TLV elements  DTLS
 Unencrypted data

CAPWAP

CTP/WiCoP

 Proposed by: Siemens/Panasonic

 Basic centralized WLAN architecture
 Incomplete security standards

6 Huawei Confidential
 Origin Concept Implementation

CAPWAP Overview
CAPWAP tunnel

• CAPWAP defines how to manage and configure

Transfer APs. That is, the AC manages and controls APs in
Control information a centralized manner through the CAPWAP
User data AC
tunnel.
STA Campus
network
Functions
AP1
• Allows APs to automatically discover an AC.

AP2 • Maintains the connectivity between the AC and

APs.
APn
• Allows the AC to manage APs and deliver service
configurations to them.
STA
• Allows APs to exchange data sent by STAs with
STA
the AC through CAPWAP tunnels in tunnel
forwarding mode.

7 Huawei Confidential
 Origin Concept Implementation

CAPWAP Packet Format

Packet Type Function UDP Port Encryption

Control packet Managing APs 5246 Mostly ciphertext

Data packet Forwarding service data 5247 Mostly plaintext

The formats of the control packet and data packet are as follows:

IP UDP CAPWAP Control Message

Header Header Header Header Element
Control
packet
IP UDP CAPWAP DTLS CAPWAP Control Message DTLS
Header Header DTLS Header Header Header Header Element Tail

IP UDP CAPWAP Ethernet

Header Header Header Packet
DTLS
Data encryption
packet
IP UDP CAPWAP DTLS CAPWAP Ethernet DTLS
Header Header DTLS Header Header Header Packet Tail

8 Huawei Confidential
 Origin Concept Implementation

CAPWAP Tunnel Establishment - Overview

AP DHCP server AC AP AC
1 2

DHCP Discovery (broadcast) Configuration Status Request

Configuration
DHCP Offer (unicast) Configuration Status Response Status
DHCP
interaction DHCP Request (broadcast) Change State Event Request
Data Check
DHCP Ack (unicast) Change State Event Response

Discovery Request Keepalive

Discovery Run
phase Discovery Response Keepalive
(data)

DTLS Echo Request

DTLS
Run
connection Join Request Echo Response (control)

Join Join Response Configuration Update Request

Configuration
Image Data Request Configuration Update Response Update

Image Data Image Data Request Response

9 Huawei Confidential
 Origin Concept Implementation

CAPWAP Tunnel Establishment - APs Obtaining IP Addresses

 To communicate with an AC, an AP must obtain an IP address. This is the first step for wireless network communication.

APs obtaining IP
addresses Mode in which an AP obtains an IP address

• Static mode: A user logs in to the AP and configures its IP address. (not recommended for medium-
and large-scale networks)
Discovery phase
• DHCP mode: The AP serves as a DHCP client and requests an IP address from a DHCP server.

(Optional) DTLS Typical solutions

connection
• Deploy a dedicated DHCP server to assign IP addresses to APs.
• Configure the AC to assign IP addresses to APs.
Join phase • Use a network device, such as a core switch, to assign IP addresses to APs.

...

10 Huawei Confidential
 Origin Concept Implementation

APs Obtaining IP Addresses - DHCP Interaction

Step 1: DHCP four-way handshake
APs obtaining IP AP DHCP server
addresses • The AP broadcasts a DHCP Discovery message to
request responses from DHCP servers.
DHCP Discovery (broadcast) • When receiving the Discovery Request message, the
1 Discover DHCP servers on the network DHCP server responds to the AP with a DHCP Offer
Discovery phase
message, which contains information about the
DHCP Offer (unicast)
Select an available IP address from the lease duration.
2 address pool and respond to the AP • When the AP receives DHCP Offer messages from
(Optional) DTLS multiple DHCP servers, it selects only one DHCP
DHCP Request (broadcast)
connection Notify the DHCP server of the IP Offer message (usually the first DHCP Offer
3 address selected message) and broadcasts a DHCP Request message
to all DHCP servers. Then the AP unicasts a DHCP
Request message to the selected DHCP server.
DHCP Ack (unicast)
Join phase
4 Acknowledge address allocation • When the DHCP server receives the DHCP Request
message, it responds with a DHCP Ack message,
which contains the IP address for the AP, lease
duration, gateway information, and DNS server IP
... address. By now, the lease takes effect and the
DHCP four-way handshake is completed.

11 Huawei Confidential
 Origin Concept Implementation

CAPWAP Tunnel Establishment - AC Discovery Phase

 The AC manages and controls APs in a centralized manner through CAPWAP tunnels.

APs obtaining IP AP AC
addresses

Step 2: AC discovery

5 Discovery Request
Discovery phase • The AP discovers an AC in different ways depending on the
6 Discovery Response networking. On a Layer 2 network, the AP broadcasts a
Discovery Request message to discover an AC; on a Layer 3
network, the AP unicasts a Discovery Request message to the
(Optional) DTLS AC based on the AC's IP address carried in DHCP Option 43.
connection • After receiving the Discovery Request message from the AP,
the AC unicasts a Discovery Response message to the AP. The
AP determines to associate with the appropriate AC based on
the AC's priority and AP load.
Join phase

...

12 Huawei Confidential
APs Dynamically Discovering the AC

APs obtaining IP DHCP mode Broadcast mode

addresses
AP DHCP server AC

Discovery phase
• After an AP is started, if it fails to
DHCP Discovery
obtain the AC IP address in DHCP or
DNS mode or does not receive a
DHCP Offer
(Option 43) response after sending a Discovery
(Optional) DTLS
connection Request, the AP initiates a broadcast
DHCP Request
AC discovery procedure and
DHCP Ack broadcasts an AC discovery request.
Join phase (Option 43) • AC discovery in broadcast mode is
applicable to a Layer 2 network
Discovery Request
between the AP and the AC.
Discovery Response
...

13 Huawei Confidential
 Origin Concept Implementation

CAPWAP Tunnel Establishment - DTLS Phase

 The AC manages and controls APs in a centralized manner through CAPWAP tunnels.

APs obtaining IP AP AC
addresses

(Optional) Step 3: Establish a DTLS connection

5 Discovery Request
Discovery phase • The DTLS connect message exchange between the AC and AP is
6 Discovery Response optional, depending on whether encryption is required in the
Discovery Response message.

(Optional) DTLS 7 (Optional) DTLS

connection

...

Join phase

IP UDP CAPWAP DTLS CAPWAP Control Message DTLS

Header Header DTLS Header Header Header Header Element Tail

...
IP UDP CAPWAP DTLS CAPWAP Ethernet DTLS
Header Header DTLS Header Header Header Packet Tail

15 Huawei Confidential
 Origin Concept Implementation

CAPWAP Tunnel Establishment - Join Phase

 The AC manages and controls APs in a centralized manner through CAPWAP tunnels.

APs obtaining IP AP AC
addresses

5 Discovery Request
Discovery phase Step 4: Join
6 Discovery Response
• After the DTLS handshake is completed, the AC and AP establish a
control channel. The AP sends a Join Request message to request
(Optional) DTLS 7 (Optional) DTLS
to join the AC.
connection
• The AC sends a Join Response message containing information
about user upgrade version number, the interval/timeout period of
8 Join Request the handshake packet, and the priority of the control packets.
Join phase
9 Join Response

Image Data phase

...

16 Huawei Confidential
AP Access Control Process
Enter the Join Is the MAC address or SN of the AP in the Yes
phase AP blacklist?
No
APs obtaining IP
What is the AP
addresses
authentication mode?

MAC address
Non-authentication SN authentication
authentication
Discovery phase

Yes Is the MAC address of the AP Is the SN of the AP added Yes

added offline? offline?
(Optional) DTLS No
No
connection Yes Is the MAC address of the AP Is the SN of the AP in the Yes
in the whitelist? whitelist?
No No
Add the AP to the list of
Join phase authorized APs

Manually confirm AP
information by entering its
MAC address or SN The AP is not
Image Data phase allowed to join
The AP joins the AC the AC.
...

17 Huawei Confidential
 Origin Concept Implementation

CAPWAP Tunnel Establishment - Image Data Phase

 The AC manages and controls APs in a centralized manner through CAPWAP tunnels.

APs obtaining IP AP AC
addresses

5 Discovery Request Step 5: Image Data

Discovery phase
6 Discovery Response • The AP checks whether it is running the latest software version
based on negotiation parameters. If the current version is not the
latest version, the AP sends an Image Data Request to the AC for
(Optional) DTLS 7 (Optional) DTLS
the latest software version and then starts upgrading its software
connection
through the CAPWAP tunnel.
• After receiving the request, the AC delivers the software version to
8 Join Request the AP. After the software version is updated, the AP restarts,
Join phase discovers the AC, establishes a CAPWAP tunnel with the AC, and
9 Join Response joins the AC again.

10 (Optional) Image Data Request

Image Data phase
11 (Optional) Image Data Response
...

18 Huawei Confidential
 Origin Concept Implementation

CAPWAP Tunnel Establishment - Configuration Status and

Data Check Phases
 The AC manages and controls APs in a centralized manner through CAPWAP tunnels.
Image Data AP AC
phase Step 6: Configuration Status
• The AP sends a Configuration Status Request message carrying the AC name
and radio information to the AC and starts a timer for waiting for a
Configuration 12 Configuration Status Request
Configuration Status Response message.
Status
13 Configuration Status Response • After receiving the Configuration Status Request message, the AC changes its
status and sends a Configuration Status Response message. (Currently, no
configuration is delivered in this phase. The configuration is delivered after
14 Change State Event Request
the AC enters the Run phase.) After receiving the Response message, the AP
Data Check
stops the timer and enters the Data Check phase.
15 Change State Event Response

Step 7: Data Check

Run (data) • The AP sends a Change State Event Request message carrying information
such as the radio and result code and starts the timer for waiting for a
... Change State Event Response message.
• After receiving the Change State Event Request message, the AC enters the
... Data Check phase and sends a State Event Response message (currently, no
error code is carried). After receiving the Change State Event Response
message, the AP stops the timer and enters the Run phase.

19 Huawei Confidential
 Origin Concept Implementation

CAPWAP Tunnel Establishment - Run Phase

 The AC manages and controls APs in a centralized manner through CAPWAP tunnels.
AP AC
Image Data Step 8: Run (data)
phase
• The AP sends a Keepalive message to the AC. After the AC receives
12 Configuration Status Request the Keepalive message, a data tunnel is established.
Configuration • The AC responds with a Keepalive message. The AP enters the normal
Status 13 Configuration Status Response
state and starts to work after receiving the Keepalive message from
the AC.
14 Change State Event Request

Data Check 15 Change State Event Response

Step 9: Run (control)

• When the AP enters the Run phase, it sends an Echo Request message
16 Keepalive to the AC to demonstrate the CAPWAP management tunnel is
established and activates the echo timer and tunnel monitoring timer
Run (data) 17 Keepalive to monitor the management tunnel.
• When the AC receives the Echo Request message, it enters the Run
18 Echo Request phase, replies with an Echo Response message, and activates the
tunnel timeout timer. When the AP receives the Echo Response
Run (control) 19 Echo Response message, it resets the tunnel timeout detection timer. At this time, the
... AP is already online.
...

20 Huawei Confidential
 Origin Concept Implementation

CAPWAP Tunnel Establishment - Configuration Update Phase

 The AC manages and controls APs in a centralized manner through CAPWAP tunnels.

AP AC
Data Check

16 Keepalive Step 10: Configuration Update

Run (data)
17 Keepalive • The AC updates the AP configuration. When the AP configuration
needs to be updated, the AC sends a Configuration Update Request
18 Echo Request to the AP.
• After receiving the request from the AC, the AP sends a
Run (control) 19 Echo Response Configuration Update Response message to the AC. After receiving
the Configuration Update Response message, the AC updates the
configuration of the AP.
20 Configuration Update Request
Configuration
Update 21 Configuration Update Response

After the CAPWAP tunnel is established, the AP successfully joins the AC. If the service configuration is normal, the SSID can be released for
STAs to access the AP.
But how do the STAs access the wireless network system?

21 Huawei Confidential
 Contents

1. CAPWAP Tunnel

2. Key 802.11 Frames

3. STA Going-Online Process

4. WLAN Roaming

22 Huawei Confidential
Frame Types Defined in 802.11
STA
AP
 Management frame
 Management frames perform supervisory functions; they are used to
join and leave wireless networks and move associations from AP to
AP.

 Control frame
 Control frames are used in conjunction with data frames to perform
area-clearing operations, channel acquisition and carrier-sensing
maintenance functions, and positive acknowledgment of received
data. Control and data frames work in conjunction to deliver data
reliably from STA to STA.

 Data frame
 Data frames carry data transmitted between STAs.

...

23 Huawei Confidential
Key 802.11 Frames - Management Frames
No. Management Frame Type
1 Beacon frame
2 Probe Request frame
3 Probe Response frame
Authentication frame
4
Deauthentication frame
Association Request frame
5
Reassociation Request frame
6 Association Response frame
24 Huawei Confidential
Function
Beacon frames are sent periodically by an AP to notify STAs of a WLAN. An AP sends
Beacon frames within the basic service area.
A STA sends Probe Request frames to scan surrounding 802.11 networks.
If the network scanned by a STA meets the connection requirement, the AP replies
with a Probe Response frame to the STA. The AP responds to a received Probe
Request frame only after it sends a Beacon frame and before it sends the next
Beacon frame.
An AP uses shared keys and Authentication frames to authenticate STA identities,
and uses Deauthentication frames for deauthentication.
After a STA passes identity authentication, it sends an Association Request frame to
request to join the network.
When a STA needs to roam on a WLAN, it sends a Reassociation Request frame to
reassociate with the WLAN.
After receiving an Association Request from a STA, an AP replies with an Association
Response frame.
Key 802.11 Frames - Control Frames
No. Control Frame Type Function

1 Request to send (RTS) frame When a STA needs to send data to an AP, the STA sends an RTS frame to the AP.

After an AP receives an RTS frame from a STA, it broadcasts CTS frames. After receiving
2 Clear to send (CTS) frame the CTS frames, the other STAs within the AP's coverage area will not send data within a
specified period.

Acknowledgment (ACK) The receiver sends an ACK frame to confirm the receiving of a unicast packet from the
3
frame sender.

When a STA wakes up from the power save (PS) mode, it sends a PS-Poll frame to the
4 PS-Poll frame
associated AP to retrieve the frames buffered while it was in PS mode.

25 Huawei Confidential
 Contents

1. CAPWAP Tunnel

2. Key 802.11 Frames

3. STA Going-Online Process

4. WLAN Roaming

26 Huawei Confidential
STA Access
STA AP STA access

• STAs can access a WLAN after CAPWAP tunnels are established.

• STA access is divided into three stages:

Scanning
• Scanning

 A STA periodically searches for nearby wireless networks through

scanning.

• Authentication
Authentication  Before accessing the WLAN, a STA is authenticated, which is known as
link authentication. Link authentication is usually considered as the start
point for STAs to connect to an AP and access the WLAN.

• Association

Association  After link authentication is complete, the STA continues to initiate link
service negotiation.

...

27 Huawei Confidential
Active Scanning
 In active scanning, a STA periodically searches for nearby wireless networks.
 The STA can send two types of Probe Request frames: probes containing an SSID and probes that do not contain an
SSID.

Active scanning by sending a Probe Request frame Active scanning by sending a Probe Request frame
containing an SSID containing no SSID

Probe Request AP1

(SSID=huawei)
.
Probe Response .
STA AP1 .
STA
(SSID=huawei)
APn

• The STA sends a Probe Request frame containing an SSID • The STA periodically broadcasts a Probe Request frame that
on each channel to search for the AP with the same SSID. does not contain an SSID on the supported channels. The APs
Only the AP with the same SSID will respond to the STA. return Probe Response frames to notify the STA of the
wireless services they can provide.

28 Huawei Confidential
Passive Scanning
 In passive scanning mode, a STA receives Beacon frames
Passively scanning
that APs periodically send and obtains an AP list by
parsing information in the Beacon frames.
Beacon Beacon
 When listening to Beacon frames, the STA continuously
switches channels to ensure that Beacon frames can be AP1
STA STA
(SSID=huawei)
listened on each channel.
 By default, the interval for an AP to send Beacon frames • The AP sends Beacon frames periodically. The STAs only
is 100 TUs (1 TU = 1024 us). listen to Beacon frames and do not send Probe frames. In
this way, the STAs can obtain the list of neighboring APs
while saving resources.

29 Huawei Confidential
Link Authentication
 To ensure wireless link security, an AP needs to authenticate STAs that attempt to access the AP.

 IEEE 802.11 defines two link authentication modes: open system authentication and shared key authentication.

Open system authentication Shared key authentication

Authentication Request
Authentication Response
STA
STA AP
Authentication Request
Authentication Response
(Challenge)
AP Authentication Response
(Encrypted Challenge)

Authentication Response
(Success)

• Open system authentication requires no authentication,
allowing any STA to access the AP without authentication.
• Shared key authentication requires that the STA and AP have the same
shared key preconfigured. The AP checks whether the STA has the same
shared key to determine whether the STA can be authenticated. If the
STA has the same shared key as the AP, the STA is authenticated
successfully. Otherwise, the STA authentication fails.

30 Huawei Confidential
Association
 After link authentication is complete, a STA initiates link service negotiation using Association messages.
 The STA association process is actually a link service negotiation process, during which the supported rate, channel,
and the like are negotiated.

STA AP AC

1. Association Request
2. Association Request

3. Association Response
4. Association Response

31 Huawei Confidential
 Contents

1. CAPWAP Tunnel

2. Key 802.11 Frames

3. STA Going-Online Process

4. WLAN Roaming

32 Huawei Confidential
WLAN Roaming Overview

 WLAN roaming allows a STA to move between the

coverage areas of different APs with nonstop service
transmission.

AC
 The APs involved in WLAN roaming must have the same
SSID, same configurations in security profiles (different
profile names allowed), and the same authentication
mode and parameter settings in authentication profiles.

 WLAN roaming aims to achieve the following goals:

 Avoid packet loss or service interruption caused by a long
AP1 AP2 authentication duration during roaming.
overlapping

SSID: Huawei SSID: Huawei Ensure that user's authorization information does not change
Signal


area

Channel 1 Channel 6
IP address: IP address: during roaming.
A.A.A.A A.A.A.A
 Ensure that user's IP address does not change during roaming.
STA STA
Roaming

33 Huawei Confidential
Concepts in WLAN Roaming

AC1 AC2
Mobility group
Home AC (HAC): AC in a mobility group Foreign AC (FAC): AC with which a STA is
with which a STA first associates associated after roaming
Inter-AC tunnel

Home agent

Home AP (HAP): AP in a mobility group Foreign AP (FAP): AP with which a STA is

with which a STA first associates associated after roaming

AP1 AP2 AP3

roaming

roaming
Intra-AC

Inter-AC
STA STA STA

34 Huawei Confidential
WLAN Roaming Types
Layer 2 roaming Layer 3 roaming

Layer 2 roaming Layer 3 roaming

AC AC

AP1 AP2 AP1 AP2

VLAN 10 Roaming VLAN 10 VLAN 10 Roaming VLAN 20

SSID: Huawei SSID: Huawei SSID: Huawei SSID: Huawei

STA STA STA STA

36 Huawei Confidential
Traffic Forwarding Models in WLAN Roaming
 Depending on the WLAN data forwarding type and whether data is forwarded across Layer 3, traffic forwarding
models in WLAN roaming are classified into four types, as described in the following table.

Forwarding Model Characteristics

Direct forwarding in Layer 2 roaming

STAs stay on the same subnet before and after Layer 2 roaming. Similar to packet
forwarding for new STAs, the FAP or FAC forwards packets of Layer 2 roaming STAs on
the local network but does not send the packets back to the home agent over a tunnel.
Tunnel forwarding in Layer 2 roaming

Direct forwarding in Layer 3 roaming
Tunnel forwarding in Layer 3 roaming
Service packets between the HAP and HAC are not encapsulated with the CAPWAP
header. Therefore, whether the HAP and HAC reside on the same subnet cannot be
determined. In this case, packets are forwarded back to the HAP by default.
Service packets between the HAP and HAC are encapsulated with the CAPWAP header. In
this case, the HAP and HAC can be considered on the same subnet. Instead of forwarding
the packets back to the HAP, the HAC directly forwards the packets to the upper-layer
network.

37 Huawei Confidential
Intra-AC Roaming

 Intra-AC roaming: If a STA roams within the coverage

of the same AC, the roaming is intra-AC roaming.
HAC=FAC
 Intra-AC roaming can be regarded as a special case of

AC
inter-AC roaming where the HAC and FAC are the
same AC.

HAP FAP
Roaming

VLAN 10 VLAN 10

SSID: Huawei SSID: Huawei

STA STA

38 Huawei Confidential
Intra-AC Layer 2 Roaming - Tunnel Forwarding

CAPWAP tunnel • Before roaming:

▫ The STA sends service packets to the HAP.

▫ After receiving the service packets, the HAP sends

3 them to the AC through the CAPWAP tunnel.

▫ The AC forwards the service packets to the upper-

AC
layer network through the switch.
2
• After roaming:
▫ The STA sends service packets to the FAP.
HAP FAP ▫ After receiving the service packets, the FAP sends
Roaming

them to the AC through the CAPWAP tunnel.

VLAN 10 VLAN 10

SSID: Huawei SSID: Huawei ▫ The AC forwards the service packets to the upper-
1
STA STA layer network through the switch.

39 Huawei Confidential
Intra-AC Layer 2 Roaming - Direct Forwarding

• Before roaming:
▫ The STA sends service packets to the HAP.

▫ After receiving the service packets, the HAP

AC
forwards them to the upper-layer network
Traffic flow Traffic flow
before roaming after roaming through the gateway (switch).

• After roaming:

HAP FAP ▫ The STA sends service packets to the FAP.

Roaming

▫ After receiving the service packets, the FAP

VLAN 10 VLAN 10
forwards them to the upper-layer network
SSID: Huawei SSID: Huawei
through the gateway (switch).
STA STA

40 Huawei Confidential
Intra-AC Layer 3 Roaming - Tunnel Forwarding
• Before roaming:
CAPWAP tunnel
▫ The STA sends service packets to the HAP.

▫ After receiving the service packets, the HAP sends

3 them to the HAC through the CAPWAP tunnel.

▫ The HAC forwards the service packets to the upper-

layer network through the switch.
AC
• After roaming:
▫ The STA sends service packets to the FAP.
2
▫ After receiving the service packets, the FAP sends
HAP FAP
them to the HAC through the CAPWAP tunnel.
Roaming

VLAN 10 VLAN 20 ▫ The HAC forwards the service packets to the upper-
SSID: Huawei SSID: Huawei layer network through the switch.
1
STA STA

41 Huawei Confidential
Intra-AC Layer 3 Roaming - Direct Forwarding (HAP as the
Home Agent)
• Before roaming:
CAPWAP tunnel
▫ The STA sends service packets to the HAP.

▫ After receiving the service packets, the HAP sends them

to the HAC through the CAPWAP tunnel.

▫ The HAC forwards the service packets to the upper-

layer network through the switch.
AC
2 • After roaming:
3
▫ The STA sends service packets to the FAP.

▫ After receiving the service packets, the FAP sends them

HAP 4 FAP to the HAC through the CAPWAP tunnel.
Roaming

VLAN 10 VLAN 20 ▫ After receiving the service packets, the HAC sends them

SSID: Huawei SSID: Huawei

to the HAP through the CAPWAP tunnel.
1
STA STA ▫ The HAP forwards the service packets to the upper-
layer network through the switch.
42 Huawei Confidential
Intra-AC Layer 3 Roaming - Direct Forwarding (HAC as the
Home Agent)
CAPWAP tunnel

• Before roaming:
▫ The STA sends service packets to the HAP.

▫ After receiving the service packets, the HAP sends

AC 3 them to the upper-layer network through the switch.
2
• After roaming:
▫ The STA sends service packets to the FAP.

HAP FAP ▫ After receiving the service packets, the FAP sends
them to the HAC through the CAPWAP tunnel.
Roaming

VLAN 10 VLAN 20
1 ▫ The HAC forwards the service packets to the upper-
SSID: Huawei SSID: Huawei
layer network through the switch.
STA STA

43 Huawei Confidential
Inter-AC Layer 2 Roaming - Direct Forwarding

• Before roaming:
▫ The STA sends service packets to the HAP.
HAC FAC
▫ After receiving the service packets, the HAP
forwards them to the upper-layer network through
Traffic flow
Traffic flow the gateway (switch).
before
after roaming
roaming
• After roaming:
▫ The STA sends service packets to the FAP.
HAP FAP
▫ After receiving the service packets, the FAP
Roaming

VLAN 10 VLAN 10
forwards them to the upper-layer network through
SSID: Huawei SSID: Huawei the gateway (switch).
STA STA

44 Huawei Confidential
Inter-AC Layer 2 Roaming - Tunnel Forwarding

• Before roaming:
▫ The STA sends service packets to the HAP.

HAC FAC ▫ After receiving the service packets, the HAP

forwards them to the upper-layer network through
Traffic flow the gateway (switch).
Traffic flow
before
after roaming •
roaming After roaming:
▫ The STA sends service packets to the FAP.

HAP FAP ▫ After receiving the service packets, the FAP sends
Roaming

them to the FAC through the CAPWAP tunnel.

VLAN 10 VLAN 10
▫ The FAC forwards the service packets to the upper-
SSID: Huawei SSID: Huawei
STA layer network through the switch.
STA

45 Huawei Confidential
Inter-AC Layer 3 Roaming - Tunnel Forwarding
• Before roaming:
CAPWAP tunnel
 The STA sends service packets to the HAP.
 After receiving the service packets, the HAP sends
4 them to the HAC through the CAPWAP tunnel.

3  The HAC forwards the service packets to the upper-

HAC FAC
layer network through the switch.

• After roaming:
2  The STA sends service packets to the FAP.
 After receiving the service packets, the FAP sends
them to the FAC through the CAPWAP tunnel.
HAP FAP
Roaming

 The FAC forwards the service packets to the HAC

VLAN 10 VLAN 20
through the CAPWAP tunnel between them.
SSID: Huawei SSID: Huawei
1  The HAC forwards the service packets to the upper-
STA STA
layer network through the switch.

46 Huawei Confidential
Inter-AC Layer 3 Roaming - Direct Forwarding (HAP as the
Home Agent) • Before roaming:
CAPWAP tunnel
 The STA sends service packets to the HAP.
 After receiving the service packets, the HAP sends them
to the upper-layer network through the switch.
3
HAC FAC • After roaming:
 The STA sends service packets to the FAP.
4  After receiving the service packets, the FAP sends them

5 to the FAC through the CAPWAP tunnel.

2
 The FAC forwards the service packets to the HAC
through the CAPWAP tunnel between them.
HAP FAP
Roaming

 The HAC sends the service packets to the HAP through

VLAN 10 VLAN 20
the CAPWAP tunnel.
SSID: Huawei SSID: Huawei
1  The HAP forwards the service packets to the upper-layer
STA STA
network.

47 Huawei Confidential
Inter-AC Layer 3 Roaming - Direct Forwarding (HAC as the
Home Agent)
CAPWAP tunnel
• Before roaming:
 The STA sends service packets to the HAP.
 After receiving the service packets, the HAP sends them
3
HAC FAC to the upper-layer network through the switch.
4
• After roaming:
 The STA sends service packets to the FAP.

2  After receiving the service packets, the FAP sends them

to the FAC through the CAPWAP tunnel.
HAP FAP  The FAC forwards the service packets to the HAC
Roaming

through the CAPWAP tunnel between them.

VLAN 10 VLAN 20

SSID: Huawei SSID: Huawei

 The HAC forwards the service packets to the upper-layer
1 network.
STA STA

48 Huawei Confidential
Inter-AC Roaming Configuration
 Create a mobility group.
[AC-wlan-view] mobility-group name group-name

 Add a member AC to the mobility group. The IP address added in this step is the AC's source IP address.

[AC-mc-mg-group-name] member { ip-address ipv4-address | ipv6-address ipv6-address } [ description description ]

49 Huawei Confidential
Example for Configuring Inter-AC Roaming
AC1 AC2
10.1.201.100 10.1.201.200
Configure WLAN roaming on AC1 and AC2.
[AC1-wlan-view] mobility-group name mobility
[AC1-mc-mg-mobility] member ip-address 10.1.201.100
HAC FAC
[AC1-mc-mg-mobility] member ip-address 10.1.201.200
[AC1-mc-mg-mobility] quit

[AC2-wlan-view] mobility-group name mobility

HAP FAP [AC2-mc-mg-mobility] member ip-address 10.1.201.100
Roaming

[AC2-mc-mg-mobility] member ip-address 10.1.201.200

[AC2-mc-mg-mobility] quit

STA STA

• Deploy Layer 3 networking between the HAP and HAC and

between the FAP and FAC.

• Add the HAC and FAC to a mobility group to ensure normal

service traffic for STAs.

50 Huawei Confidential
Checking the STA Roaming Track on the AC
 Check the STA roaming track on the AC after STA roaming is completed.

<AC> display station roam-track sta-mac 28b2-bd35-4af3

Access SSID:huawei-guest1
Rx/Tx: Rx-Rate/Tx-Rate Mbps
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
L2/L3 AC IP AP name Radio ID BSSID TIME In Rx/Tx RSSI Out Rx/Tx RSSI
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-- 10.1.201.100 ap1 1 cccc-8110-2250 2020/06/18 14:09:06 130/130 -44 130/130 -44
L3 10.1.201.200 ap2 1 cccc-8110-22b0 2020/06/18 14:12:24 130/6 -42 -/-
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Number of roam track: 1

51 Huawei Confidential
 Quiz
1. (Single Choice) Which of the following statements about CAPWAP tunnels are true?
A. CAPWAP tunnels include data tunnels and control tunnels.

B. A CAPWAP tunnel is established based on the TCP protocol to ensure the security of wireless data transmission.

C. During establishment of a CAPWAP tunnel, the AP downloads configurations from the AC after the Image Data
phase is complete.

D. On a Layer 3 WLAN, if the DHCP Option 43 field is not configured, an AP can discover an AC using DNS.

2. (Multi-Answer Question) Which of the following phases are included in the STA going-online process?
A. Scanning

B. Access

C. Association

D. Authentication

52 Huawei Confidential
 Summary

 CAPWAP tunneling is a core technology in the AC + Fit AP networking architecture.

It is necessary for those who aspire to be WLAN engineers to have a good
command of the CAPWAP protocol.
 Mastering the AP join process and STA going-online process help you better
understand the implementation of a WLAN. Once a fault occurs, you can quickly
troubleshoot it.
 The roaming technology is indispensable for enterprise WLAN deployment. It
provides mobility in workplace. Acquainting yourself with the roaming technology
helps you better plan, design, and deploy WLANs.

53 Huawei Confidential
Thank you. 把数字世界带入每个人、每个家庭、
每个组织，构建万物互联的智能世界。
Bring digital to every person, home, and
organization for a fully connected,
intelligent world.

Copyright©2021 Huawei Technologies Co., Ltd.

All Rights Reserved.

The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.