思科无线控制器WLC 8.1版本最新特性04

from hotspots or VoWiFi traffic from mobile nodes
• The idea is to bridge Ethernet traffic coming from end hosts through GRE to a Tunnel Gateway.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
doesn’t match any rule in the profile assigned to that WLAN, then it is not tunneled.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
CUWN Release 8.1 EoGRE on WLC
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
• Overview (13) • System Requirements and feature set (1) • How to Implement (6) • Troubleshooting & Debugging (5)
• Why support different tunneling flavors ?
The quick answer is “ROI”. Service Providers prefer systems that can integrate directly with their existing core network.
EoGRE
TGW2
FlexConnect Local Switching AP
This presentation discusses Design 1, WLC based EoGRE Tunnels
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
• This scheme is intended to work with Proxy Mobile IPv6 (PMIPv6) or also the GPRS
Tunneling Protocol (GTP)
• This is what is referred to as Integrated Mobility Service
• It can also be used to relay traffic from Users connected to Hotspots, which is then
referred to as Simple IP service .
• It provides WiFi Security and Subscriber control, and delivers scalable, manageable and
CAPWAP Data
EoGRE
CAPWAP Control
TGW1
WLC
TGW2
Design 2: Flex AP based EoGRE tunnel
CAPWAP Control
WLC TGW1
• • •
CAPWAP Control (Flex AP-WLC) EoGRE Data (Flex AP-TGW) Once tunnel is established – data flows from AP directly to the TGW
• How does this relate to our WLC and AP operation ? • Clients are aggregated at WLC Level . The idea is to bridge the traffic coming from a
group of wireless clients across a WAN connection to a place inside the SP infrastructure where this traffic can be delivered to various destinations.
• This works only if the client’s identity is known : only 802.1X SSIDs will allow a per client
specification of the tunnel profile . Clients identity is known through a user name of style client1@abc.com which groups them by domains.
• Clients may be directed to different tunnel gateways : based on their identity, rules are
defined on the WLC which match them to a profile which defines the VLAN tag and the Tunnel gateway they should use .
• The Tunnel Gateway (TGW) is generally an ASR1K or ASR9K, but can be any router on
which EoGRE tunnels can be configured. Up to 10 TGW may be defined per WLC.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
• An example of Simple IP service using EoGRE :
EoGRE on WLC
• The EoGRP tunnel, statically configured, carries traffic to the ISR Router, from where it
• WLC supported tunnels :
IP/GRE as defined in PMIPv6 (RFC 5213) – L3 . Supported since WLC 7.3.101.0 Ethernet over GRE – L2 . Supported since 8.1 GTPv2 (Future release) Only one type of tunnel is supported per WLAN
• It can be used to help Service Providers offload their Mobile Telephony networks to a Wifi
based access mechanism, which then relays traffic into the core telephone networks or the internet .
9
WLC
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
10
• Configurable DHCP option-82 on a per profile basis (Hence configurable per WLAN)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
• Filter rules are based on domain names (“Realms”). The maximum is 10 domains per
• References (2)
© 2010 Cisco and/or its affiliates. All rights reserved.
பைடு நூலகம்
Cisco Confidential
2
EoGRE over WLC
The Context
EoGRE over AP
• EoGRE (Ethernet over GRE) is a new solution for Service Providers for aggregating WiFi traffic
secure wireless connectivity.
• This allows to bypass address scaling limitations of the L2 switch connecting to the WLC,
as Client addresses are inside the tunneled traffic, and do not need to be known locally.
is forwarded to Internet. The ISG will be called the Tunnel Gateway (TGW)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
• WLC supported users :
Local users : Traffic is “Locally Switched” by the WLC Remote-Tunneled users : Traffic is directed to a remote TGW based on the rule which fired in the tunnel profile by matching the client’s domain name.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
There are two deployment options for EoGRE tunnels to aggregate Wireless traffic : Design 1: WLC based EoGRE tunnel • • • CAPWAP Control (AP-WLC) CAPWAP Data (AP-WLC) EoGRE Data (WLC-TGW)
WLC.
• They are grouped under an EoGRE Tunnel Profile, which is assigned to one or several
WLANs
• There is a maximum of 16 rules per profile , and a maximum of 10 profiles per WLC. • Open WLANs and 802.1x WLANs are supported. • In Open WLANs, all clients are tunneled. • In 802.1x WLANs, there can be a mix of tunneled and local clients. If a client’s name
• Flexibility in selecting any combination of DHCP option-82 parameters supported
• Maximum of 5 different parameters can be selected for Circuit-Id & Remote-Id • Flexibility to select Binary / Ascii format for the DHCP options-82