AP saying the family has two brothers, brother fat AP (FAT AP) buoyant health, alone, no one can match his, brother thin AP (FIT AP) inherently weak constitution, can not alone support beam. One day my brother said to his brother: "Brother, I really envy you, a person can easily assume the wireless user access, user data encryption and forwarding functions, and one of my own, but can not do anything ah." Speaking of his brother : "brother must not lose heart, saying, I'm born with, although you are not alone my opponent, but my ability is limited to small-scale WLAN networks scenarios for small businesses, shops, SOHO office, home and other kind of for larger WLAN network scenario, but it is beyond its capability. in contrast brother you, if you can find a good teacher (AC), under the leadership of the master, and many fellow (other FIT AP) together deal with all kinds of small medium and large corporate headquarters, branch offices, universities, airports, stadiums, etc. and medium-sized WLAN network scenarios, not Shoudaoqinlai "After hearing the remark, his brother suddenly realized:." rational brother words, which prepare younger brother ready, thanks to lower entry-looking teacher. "
So FIT AP coach began his journey - this is what we share something in this: the AP on-line process .
From the front of the WLAN technology stickers, we learned that the AP points, fat, thin, FAT AP can bear alone wireless user access, user data encryption and forwarding functions, and FIT AP must rely on the AC joint in order to perform these functions. Prior to co-FIT AP AC joint work, we must first realize in the process of FIT AP on the AC line.
Before apprentice, FIT AP thought, away from home, you must first have a contact (IP address) for the job, or if there are willing to receive the master himself, but did not find their contact details, would not miss the chance. So FIT AP went to the operating room for the DHCP Server IP address of the business.
AP obtain IP address
Entered the operating room, FIT AP shouting loudly (broadcast): "I want to apply for an IP address." Then there are a number of staff DHCP Server enthusiastic reply, "Hello, I look at this IP address whether satisfied. "FIT AP without hesitation, went straight to the staff of the first reply," well, will you give the IP address. "staff packed IP address, the date of the lease, gateway address, DNS Server the IP address information, etc., together to the FIT AP, said: "please take, this is what you want the goods." receive their own IP address, FIT AP satisfaction out of the operating room door.
AP IP address can be statically configured, can also be obtained dynamically through DHCP.
If the configuration is static, IP address of the AP immediately determined, this step will be over.
If dynamic access through DHCP, AP do not know who DHCP Server, will be broadcast discovery packets to discover DHCP Server, all receive the broadcast information unicast DHCP Server will offer a response AP. AP receives only offer the first to arrive, and broadcast request to tell everyone, I have chosen a good a DHCP Server, other people do not need to prepare for the service I provide DHCP Server. IP address of the AP will select the AP DHCP Server, the date of the lease, gateway address, DNS Server IP address of the other feedback information ACK packet to the AP. It is noteworthy that this ACK packet which has a option43 field, which can be used to populate the IP address of the AC. Role is to tell the AP has IP address of the AC is available. In the latter specific AP found AC phase described its role.
Sometimes the AP and the DHCP Server is not in the same VLAN, AP packets can not be directly found by broadcasting DHCP Server discovery, this time, can be found via DHCP Server DHCP Relay. AP process to obtain an IP address becomes the following way:
AP had only communicate directly and DHCP Server, DHCP Relay and has now become a direct communication from the DHCP Relay AP unicast request to the DHCP Server, DHCP Server reply to the message should be conveyed by the AP DHCP Relay.
Ps: Specific DHCP client and server interaction in this post do not do too much introduction, this post only focus on critical processes on the AP wire. DHCP can refer to the characteristics of the principles described in detail to understand the process.
Contact since it has been acquired, the next step is to find a teacher.
AP found that AC
AP suddenly remembered this time, the staff DHCP Server operating room gave yourself a flyer. Letter "Do you want to promotion and pay rise, when the general manager, served as CEO, to win the white Formica, took to the pinnacle of life it! Quickly give us a call, we become big business WLAN is part of it, round your dream. Machine is not available lost, or never, teacher at beckons. " Turned out to be an advertisement, there is a master number above AC (Option43). AP took a deep breath, calm down a little bit nervous mood, called the master telephone on the flyer.
Imagine the scene does not appear, but the other phone has been no answer, AP felt disappointed, but not discouraged. Now that being the case, had to find another way to go. With, AP mind a flash, promptly sat down at the computer, open the web master AC recruit apprentices, registered an account, fill out a resume and then mass out. AP soon received a reply from more than AC, the AP based on the characteristics of each AC master, careful comparison, select the one that best suits your AC, ready to coach.
Statically
The AP is configured to support a static IP address of the AC, if statically configured IP address of the AC, AP will be unicast to all configurations of the AC sends a discovery request message, according to AC and then reply, priority, according to choose an AC in preparation for the next phase of the establishment of the CAPWAP tunnel.
Dynamically
If the IP address of the AC is not configured on the AP, AP will be determined according to the current situation is to use unicast or broadcast to discover AC.
First, AP looks AP obtain IP address option43 field phase DHCP Server reply ACK packet exists IP address of the AC, this field is optional configuration, if the IP address of the AC, AP will be to address this unicast sends a discovery request. In the AC and the network are normal, AC will respond to AP's request, so far, AP completes the AC discovery process. We can find this kind of approach is called AC DHCP mode .
And DHCP mode There are similar DNS manner , and DHCP mode is different, DNS way in, DHCP Server reply ACK packet stored in the IP address is not AC, but the IP address of the AC domain names and DNS servers, and packet carries the option15 field used to store the AC domain, AP through the first domain name and DNS server to obtain the domain name resolution to get AC IP address, and then sends a unicast discovery request to the AC. After the process is consistent with the manner and DHCP.
Whether it is a DNS or DHCP way, belong to unicast, unicast AP is sending text to AC.
If no static AC the IP address AP, DHCP Server reply information ACK packet is not AC or AP unicasts the discovery request packets are not responding, AP will be found at this time by broadcasting packets AC . AC and AP are all in the same segment in response to the request of the AP, AP will choose the AC with the highest priority to be associated with an AC, the same priority, then the comparison continues AC load, to be associated with a lightly loaded AC , if the load is the same, as selected IP address to be associated with a small AC. Then ready for the next phase of CAPWAP tunnel establishment.
Ps: Option 43 network between the AC and the AP is the second floor of the scene, there is not obvious, because it can not find AC by unicast, can be found again through the radio, but if the network between the AC and the AP are three the broadcast message can not be delivered directly to the AC, it must be told AP by Option43 looking for AC is which.
CAPWAP tunnel construction chain
Although a little difficult, but eventually found a teacher, after seeing AC master AP, bluntly said: "In today's society, we are all very pay attention to information security, the conversation between you and me and issued job postings, I do not want to be listened to other off, so the future of communication between us to add an insurance policy "AP Lueyisisuo, think it makes sense, he asked:."? What safety measures can serve as an effective guarantee it. " Master stroked his long beard, proudly said: "CAPWAP tunnel."
Full name is CAPWAP Control And Provisioning of Wireless Access Points, the Chinese name of the wireless access point control specification, CAPWAP is generic encapsulation and transport mechanisms to achieve interoperability between the AP protocol defined by RFC5415 and AC. CAPWAP tunnel subdivided into control tunnel and data tunnel. AC control tunnel is used to transfer management control packets AP, the service configuration and status between the AC and the AP maintenance message; the data forwarding tunnel only in the tunnel (also known as centralized forwarding) was used to transmit traffic data under way.
After the AP found the AC, you can begin to establish a CAPWAP tunnel.
AP Access Control
Next, the time to test the entry qualifications of the AP, each AP is not in line with the requirements of entry-AP. After the AP raised the idea want to coach, in order to ensure the legality of the entry of AP to prevent outsiders or spies (illegal AP) mixed, AC master set a series of assessment requirements inspection, AP must be over five hurdles to finally passed the test, thanks to the AC sects. Given the AP is with Art Toushi, AC also verify the AP's internal strength (AP version) if this door is a large ones, and whether this door martial arts clash.
AP After finding AC, AC sends join request (if the DTLS encryption CAPWAP tunnel configuration, will first establish a DTLS link, then CAPWAP control packets must be DTLS encryption and decryption.) Will be included in the requested content fat or thin AP mode and version information. After receipt of a request to join AC AP, the AP may determine whether to allow access, and then AC response. If there is a corresponding upgrade configuration on the AC, the AC will carry the message in response to the AP's version upgrade information (upgrade version, upgrade, etc.).
AC is determined whether the AP is able to access the process:
First off, first check whether the AP has been blacklisted if they can match the AP in the blacklist, the AP is not allowed access, then there is no then the. If you are lucky, there is no match on the blacklist, it will enter the second hurdle.
A second pass, the AP determines the authentication mode, if the AP on the AC line is not strictly required, authentication is not authenticated, the AP will this off into being allowed access. Actual usage scenarios recommend using MAC or authentication SN, strict control of access to the AP. If a MAC or SN authentication, we also need to continue to break through the barrier.
Third off, this shut authentication MAC or SN or respectively to SN verify whether the corresponding AP MAC Offline, if added, is allowed access to AP, otherwise go to the next level.
Fourth pass, the AP MAC address or SN see whether matches in the whitelist, if the match, the access is allowed, otherwise the AP is put into the list of unauthenticated.
Fifth off, unauthenticated AP list can be configured manually, it is allowed to access, if not subjected to manual confirmation, can not access the AP.
AP version upgrade
After the AP AC accept as a disciple, gave AP a door of books miscellaneous internal strength requirements, AP opened it, found himself learned internal organs Heart (AP version) even with the required master clash, AP a bite, Locked in, decided to disperse learned internal strength, rebuilt this door of the Heart.
After the AP receives the previous phase AC response packet, if we find there are specified version of the AP, and the specified version with the current version of the AP inconsistent, will conduct AP version upgrade. After the upgrade is complete, the AP automatically restart, all on-line and repeats previous process. If the AP found that AC consistent response to packets specified AP version and its version, or did not specify a version of AP, the AP does not need to be upgrade. Direct access to the next stage.
CAPWAP tunnel to maintain
"In order to facilitate the work of state concern you, for you to manage and distribute tasks, you want to come and maintain contact through the CAPWAP tunnel between the division for the peacetime control tunnel will be confirmed by the timing of send and receive echo packets, keepalive message to confirm the data connectivity of the tunnel, you have to remember, do not be lazy usually forget the send and receive these messages. "" disciples remember. "
The CAPWAP protocol requirements, inter-AP and AC need to interact with other packets, then the inter-AP and AC is started by echo and keepalive packet to the tunnel communication data detection and control of the tunnel. Keepalive packets appear, marking the data tunnel has been established, echo the message appears, it marks the control of the tunnel has been established.
Configuration issued
"Master, everything is ready, issued tasks to me", AP eager Road. "Well, I'll issued. You and other fellow together from now on, I share the task of distribution, together ensure the normal operation of the WLAN service it."
After the CAPWAP tunnel establishment completion, AC can be sent to the AP Configuration. After the AP receives the configuration information of AC, AC will be able to configure the WLAN business to expand the business.
postscript
FIT AP apprentice Getting some time has passed, this day, FIT AP met brother FAT AP, brother and said: "How now too thanks to teacher, to show its mettle it." Brother smile: "Thanks brother was pointing, former these days I've been successful thanks to the name of the master, learned profound internal strength, is now entrusted with the task master, together with you fellow, propped up *** WLAN network scene. "" well, you have my brother short long, in the future we can go hand in hand, easy to deal with all kinds of wireless networking scene. break their own space WLAN in the arena. "
