04-16-2008 09:46 AM - edited 07-03-2021 03:44 PM
Hi All,
In the WLC deployment guide
http://www.cisco.com/en/US/docs/wireless/technology/controller/deployment/guide/dep.html
It has a very nice and easy way to understand how traffic is passed from the wifi device to the LAN device as listed below.
Now, what happens when there is a controller in the DMZ and the WLC on the campus passes this traffic to that controller via ethernet over IP.
Is the 802.11 header preseved or is it stripped off at the campus WLC? One would assume it is preserved as the WLC in the DMZ may need to act on information in the 802.11 header?
Can anyone help me on this please?
Is there a similar example to the one listed below, but for the full flow from end-user wifi device to the guest controller in the DMZ?
Many thx
Ken
In Figure 3, Host A is a wireless LAN client communicating with the wired device, Host B. When Host A sends a data packet to Host B, the following sequence occurs:
⢠The packet is transmitted by Host A over the 802.11 RF interface. This packet is encapsulated in an 802.11 frame with Host A's MAC address as the source address and the access point's radio interface MAC address as the destination address.
⢠At the access point, the access point adds an LWAPP Header to the frame with the C-Bit set to zero and then encapsulates the LWAPP Header and 802.11 frame into a UDP packet that is transmitted over IP. The source IP address is the access point's IP address and the destination IP address is the WLC's AP Manager Address. The source UDP port is the ephemeral port based on a hash of the access point MAC address. The destination UDP port is 12222.
⢠The IP packet is encapsulated in Ethernet as it leaves the access point and transported by the switching and routed network to the WLC.
⢠At the WLC, the Ethernet, IP, UDP, and LWAPP headers are removed from the original 802.11 frame.
⢠After processing the 802.11 MAC header, the WLC extracts the payload (the IP packet from Host A), encapsulates it into an Ethernet frame, and then forwards the frame onto the appropriate wired network, typically adding an 802.1Q VLAN tag.
⢠The packet is then transmitted by the wired switching and routing infrastructure to Host B.
----------------------------------------------------------------------------------------------------------------------------
When Host B sends an IP packet to Host A, the process is essentially reversed:
⢠The packet is delivered by the wired switching and routing network to the WLC, where an Ethernet frame arrives with Host A's MAC address as the destination MAC address.
⢠The Ethernet header is removed by the WLC and the payload (the IP packet destined for Host A) extracted.
⢠The original IP packet from Host A is encapsulated with an LWAPP Header, with the C-bit set to zero, and then transported in a UDP packet to the access point over the IP network. The packet uses the WLC AP Manager IP address as the source IP address and the access point IP address as the destination address. The source UDP port is 12222 and the destination UDP port is the ephemeral port derived from the access point MAC address hash.
⢠This packet is carried over the switching and routing network to the access point.
⢠The access point removes the Ethernet, IP, UDP and LWAPP headers, and extracts the payload, which is then encapsulated in an 802.11 frame and delivered to Host A over the RF network.
04-17-2008 08:08 AM
Ken,
Are you are refering to a Wireless Mobility Anchor for Guest Tunneling?
04-17-2008 08:16 AM
Hi Mate,
Yes I am indeed :)
Thx
Ken
04-17-2008 11:23 AM
Ken,
I have had a look for a more in-depth technical explaination of an anchor point, but can find nothing, sorry.
04-17-2008 11:48 PM
Hi There, no worries. Would be good if there was a doco on it.
From packet captures (see attached) it looks like when the campus WLC gets the original 802.11 packet (which is encap'd in LWAPP), the campus WLC strips off the LWAPP stuff and removes the 802.11 packet header, and just rebuilds original packet with an 802.3 packet header,
THEN
The WLC encaps the packet with a new ethernet/IP header and sends it off to the DMZ WLC.
I hope this is the way it works, and if anyone does have documentation to confirm it, that would be fantastic.
Many thx and kind regards,
Ken
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide