- Released At: 19-12-2020
- Page Views:
- Downloads:
- Table of Contents
- Related Documents
-
|
WLAN Policy-Based Forwarding in Headquarters+Branches Deployment |
Technology White Paper |
|
|
Copyright © 2020 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Contents
WLAN telecommuting forwarding policy implementation
WLAN policy-based forwarding in headquarters+branches deployment
Overview
Technical background
For enterprises with a large number of small-sized branches, it is unnecessary and not cost-effective for them to construct and maintain a whole set of wireless access system. These enterprises can configure WLAN policy-based forwarding to provide wireless coverage and save bandwidth for the headquarters.
With policy-based forwarding configured, APs at branches communicate with the AC at the headquarters through the Internet and perform local or centralized forwarding based on packets' destination IP address.
Benefits
WLAN policy-based forwarding provides the following benefits in headquarters+branches deployment:
· Unified resource allocation—Enables APs to register on the AC through the Internet and allows the headquarters to allocate all network resources.
· Separate forwarding—Enables centralized forwarding for traffic to the internal network and local forwarding for traffic to the external network, saving bandwidth at the headquarters and reducing networking cost at branches.
· Tunnel encryption—Encrypts traffic transmitted through the CAPWAP tunnels established between APs and the AC, enhancing traffic transmission security.
WLAN telecommuting forwarding policy implementation
Concepts
Forwarding policy
A forwarding policy contains one or multiple forwarding rules. Each forwarding rule specifies a traffic match criterion and the forwarding mode for matching traffic.
Mechanism
WLAN policy-based forwarding in headquarters+branches deployment operates as follows:
1. An AP at a branch communicates with the AC, establishes a CAPWAP tunnel, obtains configurations from the AC, and provides wireless access services.
2. Upon receiving upstream traffic, the AP compares the destination address information in the traffic with the configured forwarding policy rules.
¡ If a match is found, the AP forwards the traffic to the AC through the CAPWAP tunnel for centralized forwarding.
¡ If no match is found, the AP acts as a NAT device and performs local forwarding.
Figure 1 Network diagram
Application scenarios
WLAN policy-based forwarding in headquarters+branches deployment
As shown in Figure 2, the AP at the branch connects to the Internet through a router and registers on the AC. After the client joins the network, its traffic to the internal network will be forwarded to the AC for centralized forwarding and traffic to the Internet will be directly forwarded by the AP to the Internet.
Figure 2 WLAN telecommuting forwarding policy