Altai Access Controller Training

Altai Access Controller Training
-Introduction and Configuration
Date: By Technical Support

Dec, 2014
Confidential Information
Not for Distribution
www.altaitechnologies.com
Outline
Product introduction
Application introduction
Configuration
Altai Wireless Access Controller (hereinafter called AC) delivers
powerful WLAN access control and user authentication gateway
capability by virtue of Plug & Play, compact design, high
reliability, multiple services, as well as accurate and flexible billing,
integrate multiple functions into one box, e.g. user control and
management, RF management and security, can be widely used
in the enterprise WLAN access, hotel, operator public hotspot
scenarios.
Product Overview
Integrated chassis
Access controller 200
Chassis with service cards
AC Specifications
AC 200
AC 500
AC 2000
AC 4000
AC 12000
Service slot
12
Switching slot
10GE SFP+ port
12
36
GE port
24
GE SFP port
48
96
288
Power redundancy
No
Yes
Yes
Yes
Yes
AP license
256
512
2,048
4,096
12,288
Appearance
Service Cards and Line Cards for AC 2000/4000/12000
2 x Service card
12 x Service card
4 x Service card
2 x Switching card
(included)
2 x Switching card
(included)
Service Cards and Line Cards for AC 2000/4000/12000
2x10GE Line Card,

Front-mounted
2x10GE + 8xGE Line Card,

Front-mounted
8xGE Line Card,

Front-mounted
Service Card
for AC 2000, 4000 and 12000
(back view)
Service Card
(front view)
16xGE + 1x10GE Line Card,

Back-mounted
16xGE Line Card,

Back-mounted
Altai AC system supports the IETF CAPWAP protocol for AP
connection, can be flexible deployed in existing Layer-2 or Layer3 network without reconfiguration, effectively reducing network
construction cost. Altai AC products is based on a unified
hardware and software platform, highly normalized design, and
effectively reduce for spare parts
Altai low-end AC has five models as follow deliver different
physical port density and AP access capability respectively
provide on-demand flexible selection for the network.
AP Controller
(CAPWAP based AP management(RF, firmware),

CAPWAP based tunnel for user traffic)
User Gateway
(DHCP server, NAT, Radius-client, Portal redirect)

Access Controller
Key features
Flexible forwarding mode
Altai AC provide local forwarding and centralized forwarding
modeuser can flexible setting according to business need and
actual network situation
Abundant Authentication Methods

EAP-TLS/TTLS/SIM/AKA
PEAP
Captive Portal
Key features
Easy maintenance
Support WEB/CLI management, unified configuration profile, fast
provision
Deployment across L3 network, flexible networking
Outline
Configuration
Mechanism overview
The AC can process both control flows and data flows.
Management flow is transmitted over Control And Provisioning of
Wireless Access Points (CAPWAP) protocol. User data flows can
be transmitted over CAPWAP tunnels or not, as required.
The CAPWAP protocol defines how APs communicate with ACs

and provides a general encapsulation and transmission
mechanism for communication between APs and ACs. CAPWAP
defines data tunnel and control traffic.
Reference for CAPWAP: http://tools.ietf.org/html/rfc5415

http://tools.ietf.org/html/rfc5416
AP-AC call flow
This pair of
message may be
transmitted
multiple times
The three
pairs of
messages are
sent
periodically
after reboot.
CAPWAP management traffic
UDP port = 5246

CAPWAP tunnel User traffic
UDP port = 5248

Application scenario
Distributed forwarding (Local breakout) mode
Centralized forwarding mode
Distributed forwarding (Local breakout)

In local forwarding mode, wireless user service data is translated
from 802.3 packets into 802.11 packets, which are then
forwarded by the uplink network device .
The user data traffic is processed as the same as fat-AP in local
forwarding
Distributed forwarding (Local breakout)

AC only manages AP
Wireless user data does not be
processed by AC but forwarded to
BRAS by the Layer 2 network
BRAS perform SSID/VLAN based
authentication
Layer 2 connection between AP
and BRAS
AP connects to AC over layer 2/3
network
Local forwarding/Local Breakout
mode is commonly used for
facilitating the usage of the
existing BRAS.
Internet
BRAS
Main AC
Trunk
VRRP
Aggregation
switch
Standby AC
L2 network
Hotspot 1
STA
AP 1
BRAS(Broadband Remote Access Server): one kind of user gateway

Hotspot n
switch
AP n
AP 1
AP n
User data traffic

AP Management traffic
Centralized forwarding
In centralized forwarding mode, wireless user service data is
transmitted between APs and ACs over CAPWAP tunnels.
Centralized forwarding is usually used to control wireless user
traffic in a centralized manner(AC). This forwarding mode
facilitates device deployment and controls all wireless user data
flows by aggregating traffic of all wireless users connected to APs
to an AC through CAPWAP data tunnels.
Centralized forwarding
AC manages AP and user
Control wireless user traffic in a
centralized manner.
User data is transmitted between
AP and AC over CAPWAP tunnel
and forwarded to Internet after
decapsulated by AC.
AP connects to AC over layer 2/3
network
Concentrated forwarding mode is
commonly used for overlay
network deployment and used in
scenario that needs AC also to be
a user gateway.
RADIUS
server
Internet
Portal
server
Main AC
Aggregation
switch
VRRP
Standby AC
CAPWAP Tunnel
L2/L3 network
Hotspot n
Hotspot 1
STA
User data traffic
AP Management traffic
AP 1
AP n
AP 1
AP n
Outline
Configuration
How to add AP into AC

Configure AP Version
Tunnel Configuration
Configure WLAN security policy (Optional)
AP Configuration
WLAN Groups
AP Group and WLAN Group mapping
WLAN-VLAN Association
Monitoring the AP status
AP version
Models for Altai AP:

A8n: WA8011N-X, A8-Ein: WA8011N, A8in: WA8011N-HE, A2: AP5822, C1n: WA1011N-G, C1an: WA1011N-A
Tunnel Configuration
WLAN security policy (Optional)
AP Configuration
- Create new AP group.
AP Configuration
- Add AP into group
Add AP to the specific AP group, here the MAC address is the Ethernet MAC of AP.
AP Configuration
- Configure the wireless setting
AP Configuration
- Import AP list via file
Sample:
WLAN Groups
- Create new WLAN group
WLAN Groups
- Edit the WLAN group
Add new WLAN(wireless configuration) in the WLAN group.
WLAN Groups
- WLAN configuration sample (open SSID, concentrated forwarding)
Continued
AP Group and WLAN Group mapping
WLAN-VLAN Association
Set the Inner VALN as the WLAN VLAN(in the previous sample, it is 2000), set the Outer VLAN as 0.
Monitoring the AP status
-End

Altai Access Controller Training - 20141210 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Altai Access Controller Training - 20141210 PDF

Uploaded by

Copyright:

Available Formats

-Introduction and Configuration

Date: By Technical Support

Access controller 200

Access controller 500

Chassis with service cards

Access controller 2000

Access controller 4000

Access controller 12000

10GE SFP+ port

Service Cards and Line Cards for AC 2000/4000/12000

Access controller 2000

Access controller 4000

Access controller 12000

Service Cards and Line Cards for AC 2000/4000/12000

2x10GE Line Card,

2x10GE + 8xGE Line Card,

8xGE Line Card,

16xGE + 1x10GE Line Card,

16xGE Line Card,

(CAPWAP based AP management(RF, firmware),

(DHCP server, NAT, Radius-client, Portal redirect)

Abundant Authentication Methods

The CAPWAP protocol defines how APs communicate with ACs

Reference for CAPWAP: http://tools.ietf.org/html/rfc5415

AP-AC call flow

CAPWAP management traffic

UDP port = 5246

CAPWAP tunnel User traffic

UDP port = 5248

Distributed forwarding (Local breakout)

Distributed forwarding (Local breakout)

BRAS(Broadband Remote Access Server): one kind of user gateway

User data traffic

How to add AP into AC

Models for Altai AP:

WLAN security policy (Optional)

Add new WLAN(wireless configuration) in the WLAN group.

AP Group and WLAN Group mapping

Monitoring the AP status

You might also like