Login
- Released At: 31-07-2025
- Page Views:
- Downloads:
- Table of Contents
- Related Documents
-
Intelligent O&M Doctor AP
Technology White Paper
Copyright © 2025 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Overview
Background
With the continuous advancement of information technology (IT), industries increasingly rely on wireless networks, which have become an essential foundation for service operations. However, traditional network operations face the following issues:
· Low fault localization efficiency
When wireless networks fail, on-site staff often struggle to quickly identify issues. They usually rely on network engineers to troubleshoot in person, leading to high resolution costs and long cycles. Traditional fault localization only analyzes from the access point (AP) side and cannot reproduce the actual online behaviors of clients, causing the diagnosis to underlap with real-world experience.
· Insufficient protection for VIP users
Operations personnel need to ensure that VIP users have a stable wireless network experience, but traditional operation methods lack proactive early warning mechanisms, often resulting in passive responses to faults and an inability to quickly and accurately identify the root cause of issues.
· Inefficient network-wide inspection
After a version upgrade, operation staff must manually sample and evaluate wireless service status. This approach not only requires heavy workloads and offers limited coverage area, but also makes it difficult to fully monitor network operations. As a result, maintenance efficiency drops, and potential risks remain undetected.
Therefore, intelligent operation and maintenance of wireless networks has become an urgent need. The doctor AP feature of H3C intelligent O&M provides a cloud-coordinated remote trigger mechanism through an intelligent inspection system of "remote terminal + early warning + network-wide inspection." It helps customers build a predictable and diagnostic wireless network O&M system to address the pain points of slow response, passive handling, and low efficiency in traditional network O&M.
Benefits
Doctor AP of intelligent O&M offers these benefits:
· No extra hardware deployment
You can directly select an online AP for network testing without purchasing any additional devices. The system automatically reports detection results to the Cloudnet platform and displays them visually. This enables quick preliminary troubleshooting of network outages, addressing the inefficiency and high costs of traditional manual inspections.
· Smart selection algorithm
¡ Flexible selection: The system intelligently selects the optimal doctor AP for testing based on the location of the AP to be tested, minimizing manual intervention. Additionally, users can customize settings to flexibly adapt to specific network scenarios.
¡ Critical AP protection: Supports the critical AP protection mechanism. Devices marked as critical APs automatically exclude themselves from the doctor AP candidate list. This ensures they focus on critical services without disruption from detection processes, maintaining service stability and continuity.
¡ Precise control: Supports the doctor AP allowlist mechanism. When the allowlist is not configured, the system allows all non-critical APs to act as doctor APs by default.
· Terminal behavior simulation
¡ Real-world scenario simulation: Use remote-mode terminals to simulate real browsing behavior from the client perspective. It detects and reports packet interaction delays, packet loss rates, and service access status, accurately reflecting user experience. This mechanism effectively eliminates the bottleneck of manual on-site segment-by-segment troubleshooting in traditional network fault localization, enabling rapid problem identification.
¡ Flexible detection mode: Monitor WLAN health through scheduled checks, periodic auto inspections (daily/weekly inspections), or 24/7 continuous monitoring. It allows proactively identifying potential issues and sending alerts to improve network stability. This mechanism can prioritize protection for VIP users, addressing the pain points of traditional network operations.
¡ Custom diagnostic items: Provides diagnosis for core network services such as DNS resolution, DHCP service, and gateway connectivity, allowing users to flexibly configure detection items as needed.
¡ Multi-authentication methods: Supports pre-shared key (PSK), 802.1X (enterprise-class authentication), and portal (web authentication) to fit diverse network environments.
· Real-time alarm pushing
With an automatic alarm policy configured, once fault signals are detected, the system can send alarms immediately, helping the operations team respond quickly.
Doctor AP technology implementation
Basic concepts
The doctor AP technology simulates real client service processes online, providing a comprehensive health diagnosis of the WLAN from the terminal perspective. It covers core aspects such as network access, user authentication, network connectivity, and service reachability, enabling rapid issue detection, precise fault localization, and offering troubleshooting suggestions to provide a "health check" service for network health.
· Network access: Record the packet exchange process and communication delay during connection to analyze AP access performance.
· User authentication: Check the availability of 802.1X/RADIUS authentication protocols and measure the response delay of the authentication server.
· Network connectivity: Automatically test the availability of core network services, including DNS resolution, DHCP services, and gateway connectivity.
· Service reachability: Perform end-to-end connectivity checks for critical service servers.
Figure 1 Doctor AP detection process
Doctor AP supports two detection methods: auto and manual.
· Auto detection: The Cloudnet platform intelligently selects idle APs as doctor APs, which then perform auto detection on the specified APs at set intervals or on a timed cycle. This mode supports alarm pushing, key AP configuration, and doctor AP allowlist setup.
· Manual detection: Includes smart mode and manual mode.
¡ Smart mode: Cloudnet automatically selects idle APs as doctor APs to immediately run network checks on specified APs. It also supports configuring key AP settings and doctor AP allowlist.
¡ Manual mode: Manually select the doctor APs to immediately run a network check on the specified APs or custom SSID.
¡ Continuous mode: Requires manual selection of doctor APs, which then can perform 7*24 continuous network monitoring for the specified APs or custom SSID. This function only works for doctor APs in cloud mode.
Doctor AP is applicable to the following scenarios: key area diagnosis, VIP user assurance, and network-wide inspection.
· Key area diagnosis
When a wireless network fails, operation staff can remotely enable doctor AP detection through the Cloudnet platform to automatically collect fault data and perform intelligent analysis, quickly pinpointing the issue without on-site visits. This method significantly reduces switch-back time while lowering labor and operational costs.
· VIP user assurance
Configure doctor AP periodic detection through the Cloudnet platform to simulate client-side continuous monitoring of APs accessed by VIP users. The detection data will be uploaded to the cloud in real time. Trigger an alarm immediately upon detecting an anomaly. Operations staff can then intervene promptly to ensure VIP users enjoy a high-quality network experience.
· Network-wide inspection
After the version upgrade, you can use the Cloudnet platform to enable doctor AP network-wide inspection. This feature automatically selects APs for wireless signal detection through neighbor AP mutual inspection mode and uploads real-time data to the cloud. Operations staff can monitor AP status globally through the visual interface, efficiently verify post-upgrade network stability, and ensure smooth service operation.
Workflow
Site data synchronization
Operation and maintenance personnel access the intelligent O&M section on the Cloudnet platform to acknowledge the online device data in the target location for diagnosis.
1. In the Intelligent O&M section, select Advanced > Doctor AP > Doctor AP Detection from the left navigation pane. Then, choose the desired branch and site at the top left of the page.
2. Access the dashboard page of the target branch site. Click the auto detection or manual detection tab, and then click Sync to synchronize site data to the platform.
Template configuration
Operations staff pre-configure detection templates, mainly including parameters such as AC, AP detection scope, SSIDs of the tested signals, diagnostic items, key APs, doctor AP selection strategy, time configuration, and alarm pushing strategy.
1. In the Intelligent O&M section, select Advanced > Doctor AP > Doctor AP Detection from the left navigation pane.
2. Click the auto detection or manual detection tab.
¡ On the auto detection page, click to add auto-detection configuration.
¡ On the manual detection page, click to add manual detection configuration. Then, select the smart-mode or manual-mode template.
Detection preparation
On the Doctor AP detection page configured with a detection template, enable the doctor AP feature in the upper-right corner. When the AC or cloud-managed AP receives a message from the Cloudnet platform, it sends the detection template content to the doctor APs to start detection.
Detection execution phase
After receiving a message to enable the doctor AP feature, the APs or cloud-managed APs perform detection based on the delivered template.
1. Environment scanning: Scan wireless packets over the air interface to identify existing wireless services in the current environment.
2. Service matching: Filter and match the wireless services provided by the target AP from the scanning results.
3. Client emulation: Actively send 802.11 packets to simulate clients connecting to the wireless network of the tested AP.
4. Service test: After a client successfully comes online, the system verifies services by executing DHCP address requests, DNS resolution, gateway reachability probing, HTTP access, and PING tests in sequence.
5. Report results: Upload detection results from each stage to the Cloudnet platform through the AC or cloud-managed AP for visual analysis.
|
|
CAUTION: During doctor AP mode operation, the AP halts its radio wireless services. The services automatically recover after the test completes. |
6. Result analysis phase
View the test results to perform initial fault diagnosis.
Function implementation
Viewing the test results
After logging in to Cloudnet, access the intelligent O&M section. From the left navigation pane, select Advanced > Doctor AP > Doctor AP Detection. In the upper-left corner of the page, switch between branches and sites. Then, access the dashboard page to view AP test results in the selected branch or site.
· Test summary
¡ Detection records and success rate: Completed 4 tests with a 100% success rate.
¡ Test type distribution: wireless access tests: 4 times, network connection tests: 3 times, functional tests: 3 times.
The first three tests covered wireless access, network connection, and functional testing. The fourth test focused only on wireless access to quickly verify air interface performance.
Figure 2 Viewing the test results
Detailed result analysis
1. Click the auto detection or manual detection tab.
2. Access the auto detection result or manual
detection result page, click the 
icon and unfold the test list information.
3. Click the Details link in the test list to view detailed diagnostic information for the current test, including wireless access, DHCP, DNS, Ping, and HTTP.
Wireless access
Check the wireless service the client wants to connect to and verify its authentication configuration by analyzing the access time, test details, and packet exchange in the wireless access diagnostic report.
· Actual results
¡ Test success rate: 100% (4 successful attempts).
¡ History log: Indicates the wireless service is available and the authentication configuration is correct.
· Detailed access time analysis (Using the first test as an example)
¡ Total duration: About 40 seconds (measurement scope: Probe request > Assoc Response).
¡ Key phase duration: <100 ms (Auth Request > Assoc Response), meeting standard performance.
¡ Error cause: The total delay mainly results from the timeout of the AP's probe response messages.
Figure 3 Wireless access diagnostic details
DHCP
Check the DHCP server configuration and response speed in the network by analyzing the lease time, test details, and packet exchange in the DHCP diagnostic report.
· Actual results
¡ Test success rate: 100% (all four attempts succeeded).
¡ History log: The DHCP server is correctly configured and responds normally.
· Detailed access time analysis (Using the first test as an example)
¡ First test: Approximately 500 ms (most time spent at the DHCP Offer response phase).
¡ Follow-up three tests: The response time stayed within tens of milliseconds, meeting the standard.
Figure 4 DHCP diagnostic details
DNS
Check the DNS server configuration in your network by reviewing the DNS resolution time, test details, and resolution results in the DNS diagnostic report.
· Actual results
¡ Test success rate: 100% (all three attempts succeeded).
¡ History log: The DNS server is correctly configured, and the network connectivity is normal.
· Detailed analysis
¡ Response time: Approximately 30 milliseconds, meeting standard performance.
Figure 5 DNS diagnostic details
Ping
Check the diagnostic template settings for the Ping destination host based on the packet loss rate, test details, and Ping test results to ensure it is correct, and verify if there are a large number of broadcast packets causing network congestion or if the server has disabled Ping operations.
· Actual results
¡ History log: Performed 4 pings with a 25% packet loss rate.
· Detailed analysis
¡ The test for DNS server 114.114.114.114 shows 100% packet loss. The 0% packet loss for www.baidu.com confirms this DNS server actively blocks ICMP responses.
¡ Average delay: Consistently stays between 20 to 30 ms. The network connection quality is normal.
Figure 6 Ping diagnostic details
HTTP
Check the HTTP destination host and URL resolution in the diagnosis template settings based on the round-trip latency, test details, and test results from the HTTP diagnosis.
· Actual results
¡ Test success rate: 100% (all three attempts succeeded).
¡ History log: The destination host is correctly configured, and domain name resolution works properly.
· Detailed analysis
¡ First and third tests: The average round-trip delay is about 30 ms, indicating normal network performance.
¡ Second test: The latency to www.taobao.com suddenly increased to 183 ms, possibly due to temporary network fluctuations.
Figure 7 HTTP diagnostic details
Typical applications
Key area diagnosis
Fit AP mode
The network for key area diagnosis in fit AP mode is shown in the figure below.
The Cloudnet platform establishes a cloud management channel with the AC, while the AC sets up a CAPWAP tunnel with each AP. Users access the wireless network through fit APs (AP1 and AP3 provide wireless services). They find that AP1's Wi-Fi signal fails, and clients cannot access the Internet after connecting to AP 1.
Operations staff use the doctor AP feature to select the doctor AP (AP2 performs detection without providing services and scans signals from AP1 and AP3), and then execute detection on AP1 using the instant fixed-point detection mechanism. AP2 simulates client connections to test AP1. The test results are uploaded to the Cloudnet platform in real time. Operations staff quickly troubleshoot issues based on the inspection report.
Figure 8 Network diagram for key area diagnosis in fit AP mode
Cloud AP mode
The network for key area diagnosis in cloud AP mode is shown in the figure below.
Cloudnet establishes cloud management channels with both AP2 and the AC. The AC and AP2 are in the same location. The AC establishes CAPWAP tunnels with AP1 and AP3. Users access the wireless network through fit APs (AP1 and AP3 provide wireless services). They find that AP1's Wi-Fi signal fails, and clients cannot access the Internet after connecting to AP 1.
Operations staff use the doctor AP feature to select the doctor AP (AP2 performs detection without providing services and scans signals from AP1 and AP3), and then execute detection on AP1 using the instant fixed-point detection mechanism. AP2 simulates client connections to test AP1. The test results are uploaded to the Cloudnet platform in real time. Operations staff quickly troubleshoot issues based on the inspection report.
Figure 9 Network diagram for key area diagnosis in cloud AP mode
VIP user assurance
Fit AP mode
The network for VIP user assurance in fit AP mode is shown in the figure below.
The Cloudnet platform establishes a cloud management channel with the AC, while the AC sets up a CAPWAP tunnel with each AP. Users access the wireless network through fit APs (AP1 provides VIP office wireless services and AP3 and AP4 provide standard office wireless services).
Operations staff use the doctor AP feature to select a doctor AP (AP2 scans signals from AP1 for detection without providing services, deployed near the VIP office), enable continuous fixed-point detection to periodically monitor AP1, and enable real-time alarm pushing. When a client fails to connect to AP1's wireless signals or fails to access the Internet after connecting to AP1, AP2 immediately reports the fault and triggers an alarm. Operations staff can use the detection report to promptly take action and resolve network outages.
Figure 10 Network diagram for VIP user assurance in fit AP mode
Cloud AP mode
Cloudnet establishes cloud management channels with both AP2 and the AC. The AC and AP2 are in the same location.
The AC establishes CAPWAP tunnels with AP1, AP3, and AP4. Users access the wireless network through fit APs (AP1 provides VIP office wireless services and AP3 and AP4 provide standard office wireless services).
Operations staff use the doctor AP feature to select a doctor AP (AP2 scans signals from AP1 for detection without providing services, deployed near the VIP office), enable continuous fixed-point detection to periodically monitor AP1, and enable real-time alarm pushing. When a client fails to connect to AP1's wireless signals or fails to access the Internet after connecting to AP1, AP2 immediately reports the fault and triggers an alarm. Operations staff can use the detection report to promptly take action and resolve network outages.
Figure 11 Network diagram for VIP user assurance in cloud AP mode
Network-wide inspection
Fit AP mode
The network for network-wide inspection in fit AP mode is shown in the figure below.
The Cloudnet platform establishes a cloud management channel with the AC, while the AC sets up a CAPWAP tunnel with each AP. Users access the wireless network through fit APs (APs 1, 2, 3, 4, and 5 provide wireless services). In this setup, AP1 and AP2 can detect each other. AP3 and AP4 can also detect each other. AP5's signal is only detectable by AP4.
Operation staff use the doctor AP feature to enable network-wide inspection. The intelligent detection mechanism checks wireless signal coverage across all APs through neighbor AP mutual inspection and standalone AP single inspection. Note that each AP can only act as either the test object or the doctor AP at a time, not both roles simultaneously. The specific sequence is as follows:
1. AP2 detects AP1, and AP4 detects AP3.
2. AP1 detects AP2, and AP3 detects AP4.
3. AP4 detects AP5.
After completing the three rounds of testing, the system will consolidate and upload all test data to the Cloudnet platform. The platform automatically generates a visual inspection report for all APs. It highlights abnormal data to help operations teams quickly monitor the status of all APs.
Figure 12 Network diagram for network-wide inspection
