altai access controller training _ 20141210.pdf

8/20/2019 Altai Access Controller Training _ 20141210.pdf

1/37

www.altaitechnologies.com


Date: By Technical Support

Dec, 2014

Confidential Information

Not for Distribution

Alta i Access Cont ro l le r T ra in ing- I n t rodu ct ion an d C on f ig u ra t ion


2/37


Outline

Product introduction

Application introduction

Configuration


3/37



Altai Wireless Access Controller (hereinafter called AC) deliverspowerful WLAN access control and user authentication gatewaycapability by virtue of Plug & Play, compact design, highreliability, multiple services, as well as accurate and flexible billing,integrate multiple functions into one box, e.g. user control andmanagement, RF management and security, can be widely usedin the enterprise WLAN access, hotel, operator public hotspotscenarios.


4/37


Product Overview

Access controller 200



Access controller 4000 Access controller 12000

Integrated chassis

Chassis with service cards


5/37



AC Specifications

AC 200 AC 500 AC 2000 AC 4000 AC 12000

Appearance

Service slot - - 2 4 12

Switching slot - - - 2 2

10GE SFP+ port - - 6 12 36

GE port 2 2 4 8 24

GE SFP port 4 6 48 96 288

Power redundancy No Yes Yes Yes Yes

AP license 256 512 2,048 4,096 12,288


6/37



Service Cards and Line Cards for AC 2000/4000/12000




2 x Service card

4 x Service card

12 x Service card

2 x Switching card(included)

2 x Switching card(included)


7/37www.altaitechnologies.comwww.altaitechnologies.com

Service Cards and Line Cards for AC 2000/4000/12000

Service Cardfor AC 2000, 4000 and 12000

(back view)

2x10GE + 8xGE Line Card,Front-mounted

8xGE Line Card,Front-mounted

2x10GE Line Card,Front-mounted

16xGE Line Card,

Back-mounted

16xGE + 1x10GE Line Card,

Back-mounted

Service Card(front view)


8/37www.altaitechnologies.com


Altai AC system supports the IETF CAPWAP protocol for APconnection, can be flexible deployed in existing Layer-2 or Layer-3 network without reconfiguration, effectively reducing networkconstruction cost. Altai AC products is based on a unifiedhardware and software platform, highly normalized design, andeffectively reduce for spare parts

Altai low-end AC has five models as follow deliver differentphysical port density and AP access capability respectivelyprovide on-demand flexible selection for the network.

AP Controller(CAPWAP based AP management(RF, firmware),

CAPWAP based tunnel for user traffic…)

User Gateway(DHCP server, NAT, Radius-client, Portal redirect…)

+ Access Controller



Key features

Flexible forwarding mode

Altai AC provide local forwarding and centralized forwarding

mode，user can flexible setting according to business need andactual network situation

Abundant Authentication Methods

EAP-TLS/TTLS/SIM/AKA

PEAP

Captive Portal



Key features

Easy maintenance

Support WEB/CLI management, unified configuration profile, fastprovision

Deployment across L3 network, flexible networking



Outline



Configuration



Mechanism overview

The AC can process both control flows and data flows.Management flow is transmitted over Control And Provisioning ofWireless Access Points (CAPWAP) protocol. User data flows canbe transmitted over CAPWAP tunnels or not, as required.

The CAPWAP protocol defines how APs communicate with ACsand provides a general encapsulation and transmissionmechanism for communication between APs and ACs. CAPWAPdefines data tunnel and control traffic.

Reference for CAPWAP: http://tools.ietf.org/html/rfc5415

http://tools.ietf.org/html/rfc5416

http://tools.ietf.org/html/rfc5415http://tools.ietf.org/html/rfc5416http://tools.ietf.org/html/rfc5416http://tools.ietf.org/html/rfc5415



AP-AC call flow

This pair of

message may be

transmitted

multiple times

The three

pairs of

messages are

sent

periodically

after reboot.



CAPWAP management traffic

UDP port = 5246



CAPWAP tunnel – User traffic

UDP port = 5248



Application scenario

Distributed forwarding (Local breakout) mode

Centralized forwarding mode



Distributed forwarding (Local breakout)

In local forwarding mode, wireless user service data is translatedfrom 802.3 packets into 802.11 packets, which are thenforwarded by the uplink network device .

The user data traffic is processed as the same as fat-AP in local

forwarding



Distributed forwarding (Local breakout)

AC only manages AP

Wireless user data does not beprocessed by AC but forwarded toBRAS by the Layer 2 network

BRAS perform SSID/VLAN based

authentication Layer 2 connection between AP

and BRAS

AP connects to AC over layer 2/3network

Local forwarding/Local Breakoutmode is commonly used forfacilitating the usage of theexisting BRAS.

Aggregation

switch

VRRP

Main AC

Standby AC

Trunk

AP 1 AP n AP 1 AP n

Hotspot 1 Hotspot n

STA

L2 network

User data traffic

AP Management traffic

Internet

switch

BRAS

BRAS(Broadband Remote Access Server): one kind of user gateway



Centralized forwarding

In centralized forwarding mode, wireless user service data istransmitted between APs and ACs over CAPWAP tunnels.

Centralized forwarding is usually used to control wireless usertraffic in a centralized manner(AC). This forwarding mode

facilitates device deployment and controls all wireless user dataflows by aggregating traffic of all wireless users connected to APsto an AC through CAPWAP data tunnels.



Centralized forwarding

VRRP

Main AC

Portal server

AP 1 AP n AP 1 AP n

Hotspot 1 Hotspot n

Aggregation switch

STA

L2/L3 network

Internet

Standby AC

RADIUS server

CAPWAP Tunnel

User data traffic

AP Management traffic

AC manages AP and user Control wireless user traffic in a

centralized manner.

User data is transmitted betweenAP and AC over CAPWAP tunneland forwarded to Internet afterdecapsulated by AC.

AP connects to AC over layer 2/3network

Concentrated forwarding mode iscommonly used for overlay

network deployment and used inscenario that needs AC also to bea user gateway.



Outline



Configuration



How to add AP into AC

Configure “AP Version”

Tunnel Configuration

Configure WLAN security policy (Optional)

AP Configuration

WLAN Groups

AP Group and WLAN Group mapping

WLAN-VLAN Association

Monitoring the AP status


23/37


AP version

Models for Altai AP:

A8n: WA8011N-X, A8-Ein: WA8011N, A8in: WA8011N-HE, A2: AP5822, C1n: WA1011N-G, C1an: WA1011N-A


24/37


Tunnel Configuration


25/37


WLAN security policy (Optional)


26/37


AP Configuration

- Create new AP group.


27/37


AP Configuration

- Add AP into group

Add AP to the specific AP group, here the MAC address is the Ethernet MAC of AP.


28/37


AP Configuration

- Configure the wireless setting


29/37


AP Configuration

- Import AP list via file

Sample:


30/37


WLAN Groups

- Create new WLAN group


31/37


WLAN Groups

- Edit the WLAN group

Add new WLAN(wireless configuration) in the WLAN group.


32/37


WLAN Groups

- WLAN configuration sample (open SSID, concentrated forwarding)


33/37


Continued …


34/37


AP Group and WLAN Group mapping


35/37


WLAN-VLAN Association

Set the “Inner VALN” as the WLAN VLAN(in the previous sample, it is 2000), set the “Outer VLAN” as “0”.


36/37


Monitoring the AP status


37/37

-End

altai access controller training _ 20141210.pdf

Documents