1 / 30

Module 6

Module 6. Traffic forwarding and VLAN Bridging in WiNG5. Objectives. Distinguish between a local VLAN and an extended VLAN Distinguish between adaptive, centralized, and distributed forwarding Review VLAN bridging polices. VLAN Bridging. Introduction - VLAN Bridging .

blake
Download Presentation

Module 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 6 Traffic forwarding and VLAN Bridging in WiNG5

  2. Objectives • Distinguish between a local VLAN and an extended VLAN • Distinguish between adaptive, centralized, and distributed forwarding • Review VLAN bridging polices

  3. VLAN Bridging

  4. Introduction - VLAN Bridging • At the end of the day, wireless traffic has to get into the wired network • Each WLAN is assigned to one or more VLANs • The process or transforming wireless (802.11) traffic into wired (802.3) traffic is called simply “bridging” in the WLAN world. • WiNG5 AP supports two modes of bridging WLAN traffic to VLANs: • “Local” • WLAN traffic is bridged locally at the AP • Target VLAN must be configured on AP • Similar to traditional “Fat AP” • “Tunnel” • WLAN traffic is encapsulated in MiNT tunnel and forwarded to either Controller or AP • Target VLAN may not be present at AP at all! • Similar to AP300 behavior, but now APs can talk directly w/o Controller • Bridging is controlled on a per-WLAN basis (in WLAN settings). • WiNG 5.0 used separate Bridging Policy instead, deprecated since 5.1

  5. Virtual LANs

  6. Introduction - Virtual LANs • These bridging modes enable three VLAN forwarding models that replace the legacy Independent and Extended WLAN models: • Distributed Forwarding – Wireless user traffic is bridged locally by the Access Points • Centralized Forwarding – Using Tunneled VLANs wireless user traffic is tunneled to a Wireless Controller • Adaptive Forwarding – Using Tunneled VLANs wireless and wired user traffic is tunneled to a Wireless Controller or Access Point based on the location of the destination host • WiNG5 allows you to choose these models on a per-WLAN basis! • Motorola Advantage • Allows staged migration from Centralized to Distributed Architecture • Combine, Mix and Match, and you also have the overrides!

  7. Distributed Forwarding

  8. Distributed Forwarding – Introduction • Distributed forwarding for WLAN is enabled by • Setting this WLAN bridging mode to Local • Assigning one or more VLAN IDs to GE ports on AP • Identical to the forwarding model used by Autonomous Access Points • The Wireless Controller is completely removed from the data-path • The Ge1 and Ge2 ports on an AP-7131 can be bridged if required • Supports dual homing or link aggregation • Can be used to connect to workstations, servers, other Access Points or Ethernet Switches Mgmt Mgmt VLAN VLAN Bridge Bridge

  9. Distributed Forwarding – Wireless Client 1  Wireless Client 2 ! Bridging Policy bridging-policy default access-point local-bridging VLAN 10 VLAN 11 VLAN 12 Server MAC: 2222.2222.2222 IP: 192.168.10.5/24 DFG: 192.168.10.1 Wireless Controller MAC: 3333.3333.3333 IP: 192.168.10.10/24 DFG: 192.168.10.1 VLAN 10 VLAN 10 Ge0/1 Ge0/2 Ge0/1 Ge0/48 Ge0/47 Ge0/48 Ge0/48 Ge0/1 VLAN 11 VLANs 10-12 VLANs 10-12 VLAN 12 Ge0/2 Ge0/2 Station 1 MAC: 4444.4444.4444 IP: 192.168.11.100/24 DFG: 192.168.11.1 MAC: 1111.1111.aaaa IP: 192.168.10.1/24 MAC: 1111.1111.bbbb IP: 192.168.11.1/24 MAC: 1111.1111.cccc IP: 192.168.12.1/24 Station 2 MAC: 5555.5555.5555 IP: 192.168.12.101/24 DFG: 192.168.12.1 VLANs 11-12 VLANs 11-12 Ge1 Ge1 AP1 AP2 VLAN 11 VLAN 11 VLAN 12 VLAN 11 Wireless Client 1 MAC: 6666.6666.6666 IP: 192.168.11.101/24 DFG: 192.168.11.1 Wireless Client 2 MAC: 7777.7777.7777 IP: 192.168.11.102/24 DFG: 192.168.11.1 Wireless Client 3 MAC: 8888.8888.8888 IP: 192.168.12.100/24 DFG: 192.168.12.1 Wireless Client 4 MAC: 9999.9999.9999 IP: 192.168.11.103/24 DFG: 192.168.11.1

  10. Distributed Forwarding – Example Use Case

  11. Example Use Case 1 (Large Campus) Services, Configuration & Management VLAN 10 VLAN 20 VLAN 10 VLANs 10,20,30 VLAN 20 VLAN 30 VLAN 30 VLAN 30 VLAN 30 Distribution VLAN 30 VLAN 30 VLAN 30 VLAN 30 VLAN 30 VLAN 30 Local VLAN 30 Local VLAN 30 Local VLAN 30 Local VLAN 30 Local VLAN 30 Local VLAN 30 Building 2 Building 1 VLAN 30 is defined on all Access Points and Switches in the Campus to provide seamless Mobility ! Floor 1 Floor 2 Floor 3 Floor 1 Floor 2 Floor 3

  12. Distributed Forwarding – Considerations 1 Distributed forwarding mirror the forwarding behavior of Autonomous Access Points or Adaptive Access Points supporting Independent WLANs Distributed forwarding requires Local-Bridging 2 For seamless mobility VLANs must be assigned to each Access Point where the WLAN assigning users to the VLAN is deployed 3 VLANs can be assigned to Ge1 or Ge2 ports using Profiles or to individual devices as overrides 4 When multiple VLANs are assigned to an Access Point, 802.1Q trunking must be enabled on the Ge1 – Ge2 ports on the Access Points as well as the wired switch ports The VLAN port configuration on the Access Points must match the VLAN port configuration on the wired switch port or traffic will be dropped Each VLAN requires DHCP services as well as a default gateway 5 5 5

  13. Tunneled VLANs

  14. Tunneled VLANs – Introduction Distributed Broadcast Domain • VLANs Tunneling is new for WiNG5 and allows VLANs to be distributed between Access Points and Wireless Controllers without having to extend the VLAN over the physical network: • Supported on both Wireless Controllers and Access Points (Layer 2 or Layer 3 adopted) • Supports Centralized forwarding where AP  Wired traffic is forwarded to the Wireless Controller • Supports Adaptive forwarding where traffic can be bridged locally or tunneled to a Wireless Controller or Access Point with the Tunneled VLAN closest to the destination host • Permits tunneling of both wired and wireless client traffic • Provides seamless L3 mobility for Wireless Clients! Tunneled VLAN 20 VLAN 20 VLAN 21 VLAN 20 VLAN 21 Distributed FDB VLAN 11 VLAN 11 VLAN 10 VLAN 20 VLAN 11 VLAN 21 Tunneled VLAN 21 VLAN 20 VLAN 21 Tunneled VLANs

  15. Tunneled VLANs – Protocols • Controllers and APs use the MiNT protocol to forward Tunnelled VLAN traffic between devices • Tunnelled VLAN traffic can forwarded over L2 or IP networks: • Ethertype 0x8783 (Point to Multipoint) over L2 • UDP port 24577 (Point to Point) over L3 • Permits Tunnelled VLAN traffic to be Tunnelled between devices irrespective of how those devices are connected to the physical network UDP 24576 UDP 24577 0x8783 Layer 2 Layer 3 WiNG5 Network

  16. Tunneled VLANs – Forwarding Modes • Tunneled VLANs supports two forwarding modes: • Centralized Forwarding – Access Point to Wired Traffic can be tunneled to the Wireless Controller • Adaptive Forwarding – Traffic can be tunneled directly between Access Points based on the location of the destination host if a MiNT path is available between Access Points Ext. VLAN Ext. VLAN Ext. VLAN Ext. VLAN Ext. VLAN Tunneled VLANs – Centralized Forwarding Tunneled VLANs – Adaptive Forwarding

  17. Tunneled VLANs – Centralized Forwarding • By default all Wireless  Wired traffic is transparently forwarded to the Wireless Controller using Tunneled VLANs • Identical to the forwarding model used by Thin Access Points • Wireless  Wired traffic is forwarded to the Wireless Controller even if the VLAN is assigned to the Access Points Ge port • Permits centralized forwarding of Wireless user traffic for single VLAN deployments using VLAN 1 VLAN Bridge VLAN Ext. VLAN Ext. VLAN Mgmt Mgmt

  18. Tunneled VLANs – Adaptive Forwarding • Access Point  Access Point traffic will be tunneled directly between Access Points if a MiNT VLAN or IP MiNT link exists between the Access Points • Layer 2 Adopted Access Points • Layer 3 Adopted Access Points deployed on the same subnet with a MiNT VLAN defined • Layer 3 Adopted Access Points with static IP MiNT Links defined VLAN Bridge VLAN Ext. VLAN Ext. VLAN Mgmt Mgmt Bridge Ext. VLAN Bridge

  19. Tunneled VLANs – Adaptive Forwarding • Local-Bridging may also be enabled to permit local bridging of wired traffic • Traffic is transparently forwarded to the destination host over Tunneled VLANs based on the location of the destination host • Wireless traffic can be forwarded to the wired network directly by the Access Point • Wireless traffic can be forwarded to a Wireless Controller • Wireless traffic can be tunneled directly between the Access Points if a MiNT link exists between the Access Points VLAN Bridge VLAN Ext. VLAN Ext. VLAN Mgmt Mgmt VLAN VLAN Bridge Ext. VLAN Bridge

  20. Centralized Forwarding

  21. Wireless Client 1  Wireless Client 2 Ext. VLAN ! Bridging Policy bridging-policy default VLAN 10 VLAN 20 VLAN 21 Server MAC: 2222.2222.2222 IP: 192.168.10.5/24 DFG: 192.168.10.1 Wireless Controller MAC: 3333.3333.3333 IP: 192.168.10.10/24 DFG: 192.168.10.1 VLAN 10 VLANs 10,20-21 Ge0/1 Ge0/2 Ge0/1 Ge0/48 Ge0/47 Ge0/48 Ge0/48 Ge0/1 VLAN 11 VLAN 11 VLAN 12 VLAN 12 Ge0/2 Ge0/2 Station 1 MAC: 4444.4444.4444 IP: 192.168.11.100/24 DFG: 192.168.11.1 MAC: 1111.1111.aaaa IP: 192.168.10.1/24 MAC: 1111.1111.bbbb IP: 192.168.11.1/24 MAC: 1111.1111.cccc IP: 192.168.12.1/24 MAC: 1111.1111.dddd IP: 192.168.20.1/24 MAC: 1111.1111.eeee IP: 192.168.21.1/24 Station 2 MAC: 5555.5555.5555 IP: 192.168.12.101/24 DFG: 192.168.12.1 VLAN 11 VLAN 12 Ge1 Ge1 AP1 AP2 VLAN 20 VLAN 20 VLAN 21 VLAN 20 Wireless Client 1 MAC: 6666.6666.6666 IP: 192.168.20.100/24 DFG: 192.168.20.1 Wireless Client 2 MAC: 7777.7777.7777 IP: 192.168.20.101/24 DFG: 192.168.20.1 Wireless Client 3 MAC: 8888.8888.8888 IP: 192.168.21.100/24 DFG: 192.168.21.1 Wireless Client 4 MAC: 9999.9999.9999 IP: 192.168.20.102/24 DFG: 192.168.20.1

  22. Tunneled VLANs

  23. Wireless Client 1  Wireless Client 2 Ext. VLAN ! Bridging Policy bridging-policy default VLAN 10 VLAN 20 VLAN 21 Server MAC: 2222.2222.2222 IP: 192.168.10.5/24 DFG: 192.168.10.1 Wireless Controller MAC: 3333.3333.3333 IP: 192.168.10.10/24 DFG: 192.168.10.1 VLAN 10 VLANs 10,20-21 Ge0/1 Ge0/2 Ge0/1 Ge0/48 Ge0/47 Ge0/48 Ge0/48 Ge0/1 VLAN 11 VLAN 11 VLAN 11 VLAN 11 Ge0/2 Ge0/2 Station 1 MAC: 4444.4444.4444 IP: 192.168.11.100/24 DFG: 192.168.11.1 MAC: 1111.1111.aaaa IP: 192.168.10.1/24 MAC: 1111.1111.bbbb IP: 192.168.11.1/24 MAC: 1111.1111.cccc IP: 192.168.20.1/24 MAC: 1111.1111.dddd IP: 192.168.21.1/24 Station 2 MAC: 5555.5555.5555 IP: 192.168.11.101/24 DFG: 192.168.11.1 VLAN 11 VLAN 11 Ge1 Ge1 AP1 AP2 MiNT VLAN 11 VLAN 20 VLAN 20 VLAN 21 VLAN 20 Wireless Client 1 MAC: 6666.6666.6666 IP: 192.168.20.100/24 DFG: 192.168.20.1 Wireless Client 2 MAC: 7777.7777.7777 IP: 192.168.20.101/24 DFG: 192.168.20.1 Wireless Client 3 MAC: 8888.8888.8888 IP: 192.168.21.100/24 DFG: 192.168.21.1 Wireless Client 4 MAC: 9999.9999.9999 IP: 192.168.20.102/24 DFG: 192.168.20.1

  24. Tunneled VLANs – Example Use Case

  25. Example Use Case 1 (Campus / Building) Services, Configuration & Management VLAN 10 VLAN 20 VLAN 10,100 VLANs10-80 VLAN 20,110 Distribution VLANs 30-50 VLANs 30-50 VLANs 60-80 VLANs 60-80 VLAN 30 VLAN 40 VLAN 50 VLAN 60 VLAN 70 VLAN 80 Tunneled VLAN 110 Tagged Default Gateway for Tunneled VLAN 110 Default Gateway for Tunneled VLAN 100 Tunneled VLAN 100 Tagged Extended VLAN 100 Extended VLAN 100 Extended VLAN 100 Extended VLAN 110 Extended VLAN 110 Extended VLAN 110 VLAN 30 VLAN 40 VLAN 50 VLAN 60 VLAN 70 VLAN 80 Building 1 Floor 1 Building 1 Floor 2 Building 1 Floor 3 Building 2 Floor 1 Building 2 Floor 2 Building 2 Floor 3 Tunneled VLANs are only defined on the Access Points, Wireless Controllers and Core Layer 3 Switches (default gateways) !

  26. Example Use Case 5 (Guest Traffic) Corporate HQ DMZ Public Internet VLAN 10 VLAN 10 VLAN 80 VLAN 80,90 VLAN 100 VLAN 80,90 IP MiNT Link WAN VLAN 10 VLAN 10 VLAN 20 VLAN 30 VLAN 40 VLAN 120 VLAN 130 Default Gateway for Tunneled VLAN 90 Tunneled VLAN 90 Tagged VLAN 20 VLAN 30 VLAN 40 VLAN 120 VLAN 130 Extended VLAN 90 Extended VLAN 90 Extended VLAN 90 Extended VLAN 90 Extended VLAN 90 Floor 1 Floor 2 Floor 3 Branch 1 Branch 2

  27. Tunneled VLANs – Considerations • Tunneled VLANs follow the same rules as regular VLANs: • Each Tunneled VLAN is its own separate broadcast domain • Each Tunneled VLAN requires DHCP for network addressing • DHCP can be provided by a Access Point or Wireless Controller with an IP address on the Tunneled VLAN • DHCP can be provided by a DHCP server connected to the Tunneled VLAN • DHCP can be provided by a DHCP server on a remote VLAN using DHCP forwarding • Each Tunneled VLAN requires an router to route traffic to hosts on other VLANs • One default gateway per Tunneled VLAN (same as standard VLANs) • Traffic can be routed by a Wireless Controller or Access Point with a Virtual IP Interface assigned to the Tunneled VLAN • Traffic can be routed by an external router connected to the Tunneled VLAN • Network loops can be created when multiple wired ports that are a member of an Tunneled VLAN are interconnected!

  28. Summary • Local VLANs: • Provides Local Forwarding by the Access Points removing the Wireless Controller from the data path • Ideal for customers that: • Like the Autonomous Access Point architecture but like the centralized management benefits provided by a Wireless Controller • Have remote WLAN deployments over a WAN with local resources (i.e. Voice Gateways, Servers) that want to bypass and optimize the WAN for local communications • Require WLAN survivability in the event of a WAN failure (AP-7131 only) • When multiple local VLANs are deployed, 802.1Q tagging must be enabled on the Switch and Access Point ports • For seamless Layer 2 mobility, Local VLANs must be defined on all Access Points servicing a WLAN that is assigned to the Local VLAN • Unlike Independent WLAN deployments, all WiNG5 features are supported directly on the Dependent and Adaptive Access Points

  29. Summary Cont. • Tunneled VLANs: • Supports Centralized Forwarding (identical to Extended WLANs) as well as Adaptive Forwarding which uses a distributed bridge to tunnel traffic between devices • Centralized Forwarding is ideal for customers that: • Requires Wireless Client traffic to be tunneled to a Wireless Controller • Wants to tunnel guest user traffic to a Wireless Controller in a DMZ • Requires seamless Layer 3 Mobility • Adaptive Forwarding is ideal for customers that: • Wishes to optimize 802.11n traffic forwarding by eliminating the Wireless Controller as the bottleneck • Are deploying low latency multimedia applications that requires the traffic to be forwarded over the LAN using the shortest path • Requires seamless Layer 3 Mobility • Tunneled VLANs do not require the VLAN to be tagged to the Access Points

  30. Distinguish between a local VLAN and an extended VLAN • Distinguish between adaptive, centralized, and distributed forwarding • Review VLAN bridging polices • Module Summary

More Related