WLAN Policy-Based Forwarding in Headquarters+Branches Deployment-6W100

HomeSupportResource CenterTechnology White PapersWLAN Policy-Based Forwarding in Headquarters+Branches Deployment-6W100

 

WLAN Policy-Based Forwarding in Headquarters+Branches Deployment

Technology White Paper

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Copyright © 2020 New H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

The information in this document is subject to change without notice.



Overview

Technical background

For enterprises with a large number of small-sized branches, it is unnecessary and not cost-effective for them to construct and maintain a whole set of wireless access system. These enterprises can configure WLAN policy-based forwarding to provide wireless coverage and save bandwidth for the headquarters.

With policy-based forwarding configured, APs at branches communicate with the AC at the headquarters through the Internet and perform local or centralized forwarding based on packets' destination IP address.

Benefits

WLAN policy-based forwarding provides the following benefits in headquarters+branches deployment:

·     Unified resource allocationEnables APs to register on the AC through the Internet and allows the headquarters to allocate all network resources.

·     Separate forwardingEnables centralized forwarding for traffic to the internal network and local forwarding for traffic to the external network, saving bandwidth at the headquarters and reducing networking cost at branches.

·     Tunnel encryptionEncrypts traffic transmitted through the CAPWAP tunnels established between APs and the AC, enhancing traffic transmission security.

WLAN telecommuting forwarding policy implementation

Concepts

Forwarding policy

A forwarding policy contains one or multiple forwarding rules. Each forwarding rule specifies a traffic match criterion and the forwarding mode for matching traffic.

Mechanism

WLAN policy-based forwarding in headquarters+branches deployment operates as follows:

1.     An AP at a branch communicates with the AC, establishes a CAPWAP tunnel, obtains configurations from the AC, and provides wireless access services.

2.     Upon receiving upstream traffic, the AP compares the destination address information in the traffic with the configured forwarding policy rules.

¡     If a match is found, the AP forwards the traffic to the AC through the CAPWAP tunnel for centralized forwarding.

¡     If no match is found, the AP acts as a NAT device and performs local forwarding.

Figure 1 Network diagram

 

Application scenarios

WLAN policy-based forwarding in headquarters+branches deployment

As shown in Figure 2, the AP at the branch connects to the Internet through a router and registers on the AC. After the client joins the network, its traffic to the internal network will be forwarded to the AC for centralized forwarding and traffic to the Internet will be directly forwarded by the AP to the Internet.

Figure 2 WLAN telecommuting forwarding policy