|WLAN Policy-Based Forwarding in Headquarters+Branches Deployment-6W100-book.pdf||95.10 KB|
- Table of Contents
- Related Documents
WLAN Policy-Based Forwarding in Headquarters+Branches Deployment
Technology White Paper
For enterprises with a large number of small-sized branches, it is unnecessary and not cost-effective for them to construct and maintain a whole set of wireless access system. These enterprises can configure WLAN policy-based forwarding to provide wireless coverage and save bandwidth for the headquarters.
With policy-based forwarding configured, APs at branches communicate with the AC at the headquarters through the Internet and perform local or centralized forwarding based on packets' destination IP address.
WLAN policy-based forwarding provides the following benefits in headquarters+branches deployment:
· Unified resource allocation—Enables APs to register on the AC through the Internet and allows the headquarters to allocate all network resources.
· Separate forwarding—Enables centralized forwarding for traffic to the internal network and local forwarding for traffic to the external network, saving bandwidth at the headquarters and reducing networking cost at branches.
· Tunnel encryption—Encrypts traffic transmitted through the CAPWAP tunnels established between APs and the AC, enhancing traffic transmission security.
A forwarding policy contains one or multiple forwarding rules. Each forwarding rule specifies a traffic match criterion and the forwarding mode for matching traffic.
WLAN policy-based forwarding in headquarters+branches deployment operates as follows:
1. An AP at a branch communicates with the AC, establishes a CAPWAP tunnel, obtains configurations from the AC, and provides wireless access services.
2. Upon receiving upstream traffic, the AP compares the destination address information in the traffic with the configured forwarding policy rules.
¡ If a match is found, the AP forwards the traffic to the AC through the CAPWAP tunnel for centralized forwarding.
¡ If no match is found, the AP acts as a NAT device and performs local forwarding.
Figure 1 Network diagram
As shown in Figure 2, the AP at the branch connects to the Internet through a router and registers on the AC. After the client joins the network, its traffic to the internal network will be forwarded to the AC for centralized forwarding and traffic to the Internet will be directly forwarded by the AP to the Internet.