AC Hierarchy Technology White Paper-6W100

HomeSupportResource CenterAC Hierarchy Technology White Paper-6W100
Download Book
Table of Contents
Related Documents

 

AC Hierarchy

Technology White Paper

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Copyright © 2020 New H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

The information in this document is subject to change without notice.



Overview

Technical background

In an AC+fit AP network, the AC processes most wireless-related services, which requires the AC-AP tunnels to provide high bandwidth and transmission speed. If fit APs connect to the AC through the Internet, issues such as slow authentication and poor mobility will occur in the single-layer AC network.

To solve the issues, the AC hierarchy architecture is introduced. An AC hierarchy network contains a central AC, local ACs, and fit APs. The central AC manages the entire network and local ACs provide network access to APs and process data traffic.

AC hierarchy integrates centralized management and distributed control, providing guaranteed performance with enhanced maintainability and expandability.

Benefits

AC hierarchy provides the following benefits:

·     Fast network deployment and centralized managementAll management and configuration operations are performed on the central AC. Local ACs automatically synchronize configuration from the central AC through management tunnels.

·     License sharingThe central AC manages and allocates licenses in a unified manner, reducing license waste and saving cost.

·     High availabilityThe architecture provides AC backup and central AC fail-permit to prevent single points of failure from affecting service continuity.

¡     AC backupIncludes horizontal AC backup for two central ACs to back up each other and vertical AC backup for APs to directly associate with the central AC when a local AC fails.

¡     Central AC fail-permitEnables local ACs to bypass the central AC to transmit and receive data when the central AC fails. When the central AC recovers, local ACs synchronize AP running data to the central AC and the central AC continues to transmit traffic.

·     Flexible network expansionEnables you to add local ACs or APs through a simplified configuration process and allows flexible switching of AC roles between central AC and local AC.

·     Local AC load balancingEnables the central AC to always assign the local AC with the lowest workload to an AP attempting to come online, improving network performance.

·     Access right managementAllows you to assign different rights to administrators of the central AC and local ACs by configuring location identifiers for service templates, AP groups, and RRM holddown groups.

·     NAT traversalAllows the central AC and local ACs to communicate through NAT.

Technology implementation

Concepts

·     Central ACManages all local ACs, performs centralized authentication, and processes other services that do not require high real-time performance. The central AC can also provide AP access and data forwarding services.

·     Local ACProvides network access to APs, manages APs, and processes data traffic.

Mechanism

AC hierarchy uses the following tunnels for local AC and AP management:

·     Tunnels between the central AC and local ACsThe central AC sends AP configuration over this tunnel to the local ACs, and the local ACs report AP and client information to the central AC.

·     CAPWAP tunnels between local ACs and APsLocal ACs send AP configuration to the APs over this tunnel.

Centralized management

·     Centralized configuration deploymentIn an AC hierarchy network, the central AC issues AP, radio, and service configurations to the corresponding local AC, and the local AC sends the configurations to the AP when the AP comes online.

·     Centralized license managementThe AC manages and allocates licenses in a unified way. Users do not need to install licenses on local ACs. This reduces license waste and saves cost.

Horizontal backup

As shown in Figure 1, two central ACs back up each other. For local AC 1, central AC 1 and central AC 2 are the master and backup central ACs, respectively. When central AC 1 fails, local AC 1 associates with central AC 2. After central AC 1 recovers, local AC 1 switches back to central AC 1.

Figure 1 Horizontal backup

 

Vertical backup

As shown in Figure 2, when the only available local AC fails, its associated APs connect to the central AC to provide wireless services. After the local AC recovers, the APs switch back to the local AC if they are configured to.

Figure 2 Horizontal backup

 

Fail-permit and data synchronization

Fail-permit

The fail-permit feature enables the AP-local AC tunnels to operate correctly even if the central AC fails. In this case, online clients will not be logged off and can still visit resources in the network. Whether a new client can come online depends on the authentication and forwarding modes.

·     If local AC authentication and local AC forwarding are configured, new clients can come online.

·     If central AC authentication and AP local forwarding are configured, new clients cannot come online because the central AC cannot be reached.

Data synchronization

Data synchronization ensures AP data consistency between the central AC and local ACs. When the tunnels between the central AC and local ACs fail, the settings on the central AC cannot be deployed to the local ACs and APs in real time. Data synchronization enables local ACs to synchronize AP running information to the central AC after the central AC recovers. Upon receiving the information, the central AC compares the information with its local information. If any difference exists for an AP, the central AC resends AP configurations to the AP through the local AC. If basic AP information, such as AP name and serial ID, is inconsistent, the central AC logs off the AP.

Authentication and data forwarding

AC hierarchy supports two authentication methods: 802.1X authentication and portal authentication. Both the central AC and local ACs can act as the authenticator.

In 802.1X authentication, the authenticator works together with the RADIUS server to perform client authentication. In portal authentication, you can configure portal filtering rules on the central AC. The central AC will issue the rules to the data forwarder (local AC or AP) to control user traffic forwarding.

Authentication and data forwarding by local AC

As shown in Figure 3, the central AC is deployed at the headquarters and local ACs are deployed at the branches. Local ACs authenticate clients and forward data traffic.

Figure 3 Authentication and data forwarding by local ACs

 

Authentication by central AC and data forwarding by APs

As shown in Figure 4, the central AC is deployed at the headquarters and local ACs are deployed at the branches. The central AC authenticates clients and APs forward data traffic.

Figure 4 Authentication and data forwarding by local AC

 

Access right management

Access right management allows you to assign different rights to administrators for the central AC and local ACs by configuring location identifiers for service templates, AP groups, and RRM holddown groups.

Figure 5 Access right management

 

Automatic firmware upgrade

AP firmware upgrade

At AP association, the local AC examines the AP software version. If no match is found, the local AC notifies the AP of the AP software version inconsistency. Then, the AP requests a software version from the local AC for upgrade. If the local AC does not have the version, it requests the version from the central AC, sends the version to the AP, and saves the version for future use.

Local AC firmware upgrade

At local AC association, the central AC examines the software version of the local AC. If no match is found, the central AC notifies the local AC of the software version inconsistency. Then, the local AC requests a version from the central AC for upgrade.

Typical applications

Headquarters and branch deployment

Headquarters and branch deployment is suitable for the education industry, large malls, and plants. The central AC deployed at the headquarters manages all devices, and local ACs or APs deployed at branches forward traffic. This not only improves network performance, but also simplifies network setup and reduces maintenance workload and cost.

Figure 6 Headquarters and branch deployment