What UDP ports and IP protocols is not used by CAPWAP?
AP ArchitecturesAPs can be networked together in a variety of architectures. The size and scalability of the network determine which architecture is most suited for a given implementation. Show
Nội dung chính
Autonomous AP ArchitectureAn autonomous AP is a self-contained device with both wired and wireless hardware so that it can bridge to the wired VLAN infrastructure wireless clients that belong to SSIDs, as shown in Figure 22-7. Each autonomous AP must be configured with a management IP address so that it can be remotely accessed using Telnet, SSH, or a web interface. Each AP must be individually managed and maintained unless you use a management platform such as Cisco DNA Center. Cloud-Based AP ArchitectureCloud-based AP management is an alternative to purchasing a management platform. The AP management function is pushed into the Internet cloud. For example, Cisco Meraki is a cloud-based AP management service that allows you to automatically deploy Cisco Meraki APs. These APs can then be managed from the Meraki cloud web interface (dashboard). In Figure 22-8, the same APs shown in Figure 22-7 are now managed in the cloud. Notice that there are two distinct paths for data traffic and for management traffic, corresponding to the following two functions:
Lightweight AP ArchitecturesWireless LAN controllers (WLCs) use Lightweight Access Point Protocol (LWAPP) to communicate with lightweight APs (LAPs), as shown in Figure 22-9. LAPs are useful in situations where many APs are required in the network. They are “lightweight” because they only perform the 802.11 wireless operation for wireless clients. Each LAP is automatically configured and managed by the WLC. Notice in Figure 22-9 that the WLC has four ports connected to the switching infrastructure. These four ports are configured as a link aggregation group (LAG) so they can be bundled together. Much like EtherChannel, LAG provides redundancy and load balancing. CAPWAP OperationThe division of labor between the WLC and LAPs is known as split-MAC architecture. The LAP must interact with wireless clients on some low level, known as the Media Access Control (MAC) layer. These functions must stay with the LAP hardware, closest to the clients. The management functions are not integral to handling frames but are things that should be centrally administered. Therefore, those functions can be moved to a centrally located platform away from the AP. Table 22-2 summarizes MAC functions of the LAP and WLC. Table 22-2 Split-MAC Functions of the AP and WLC
LWAPP has been replaced with the Control and Provisioning of Wireless Access Points (CAPWAP) tunneling protocol to implement these split-MAC functions. CAPWAP uses two tunnels—one for control and one for data—as shown in Figure 22-10 and described in the list that follows:
There are different Cisco wireless architectures that we can use in our networks. The most common architectures are Autonomous AP, Cloud-based, and Split-MAC architectures. Autonomous AP ArchitectureFrom the name itself, Autonomous Architecture means ‘in charge of everything.’ It is a standalone management Cisco Wireless Access Point architecture. All of these listed roles below are handled by the Autonomous AP for this kind of wireless architecture.
You can see in the image below that there is a different VLAN running on the connections. Let us say VLAN A is for the office employees’ VLAN to connect to their company software. VLAN B is for the guests that will have limited access. The Autonomous AP could broadcast two different SSIDs. Having this kind of setup, since the APs have all the tasks, you may need to log in to every AP to configure it, both on the initial design and every time you need to update the configuration, such as adding VLAN to support wireless clients.  Because of the tedious task of logging in individually on every AP, AP management is complex in this case. To make it easier, Cisco introduced centralized management software solutions, such as:
The tasks are still heavy on the Access Points. The only difference is that they will be easier to configure as the software is installed on one of the computers, ideally the server. You will have a dashboard for easier visibility of the current configuration of the APs. Cloud-Based AP ArchitectureNetwork scalability is one of the biggest concerns for wireless architecture when a company is growing. As for the Autonomous AP architecture, scaling is possible. However, it is more complicated. Cisco saw this issue and introduced a cloud-based wireless architecture called the Cisco Meraki, a Cisco unified wireless network solution. Here are the key characteristics of a Cloud-based AP architecture:
Split-MAC ArchitectureBoth Cloud-based wireless architecture and centralized management solutions are good improvements of Cisco wireless network architectures. However, the Access Points remain Autonomous. This means that the portability of your wireless clients still cannot transfer from one Access Point to another seamlessly. They have an independent network and SSID. The goal is to make the wireless network have flexible client roaming. Wireless LAN Controller (WLC)With Split-MAC architecture, we will need a Wireless LAN Controller (WLC). This will enable users to roam freely from one access point to another without disconnecting. This architecture offers an Extended Service Set (ESS). By using Wireless LAN Controllers, all of the management functions of the APs will be moved and be centralized on the WLC. How is this different from cloud-based? In cloud-based, the APs are still autonomous. Although you can configure the APs easier, it does not include the management processing of the APs, and it simply collates the settings, making a good dashboard for a more straightforward configuration. The Access Points will be on Lightweight Access Point (LAP) mode. Lightweight Access Points are APs that depend on a WLC for the processing of the management tasks. A Lightweight Access Point Protocol (LAPP) is used for management. CAPWAP TunnelsCAPWAP stands for Control and Provisioning of Wireless Access Points. In every wireless network of WLC going to and LAP, there will be two CAPWAP Tunnels. The minimum requirement to build this tunnel is for the wireless LAN controllers to ping the management IP address of the Lightweight AP. The CAPWAP Control Tunnel is responsible for CAPWAP Control messages which are data packets used to configure and manage its operation. Has data encryption so that the corresponding LAP will be the only one that can connect to its respective WLC. This uses UDP port 5246. Data traffic is traveling to and from the wireless clients are transported to the CAPWAP Data Tunnel. The packets here are not encrypted but are still protected with Datagram Transport Layer Security (DLTS) to secure wireless connectivity for wireless users. UDP 5427 is the port that this tunnel use. Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book. We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest-rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: What UDP ports and IP protocols are used by CAPWAP for IPv6 choose three?IPv4 and IPv6 can use UDP ports 5246 and 5247. However, CAPWAP tunnels use different IP protocols in the frame header. IPv4 uses IP protocol 17 and IPv6 uses IP protocol 136. Which of the following methods can you use to connect to an autonomous AP for management purposes?An autonomous AP has a serial console port and a wired Ethernet port. Once the AP has been configured with an IP address and has network connectivity, you can connect to it via Telnet, SSH, or HTTP/HTTPS. What is the term for an AP that does not send a beacon but waits for clients to send probes?What is the term for an AP that does not send a beacon, but waits for clients to send probes? Active. What UDP ports and IP protocols are used by CAPWAP for ipv4?CAPWAP uses UDP ports 5246 (control channel) and 5247 (data channel).
Which of the following is responsible for authentication in CAPWAP protocol?Explanation: The WLC is responsible for the following in the split MAC architecture for CAPWAP: Authentication.
What kind of traffic between the AP and WLC is encrypted by default?All CAPWAP management and control traffic exchanged between an AP and WLC is encrypted and secured by default to provide control plane privacy and prevent Man-In-the-Middle (MITM) attacks.
What is the term for an AP that does not send a beacon but waits for clients to send probes?What is the term for an AP that does not send a beacon, but waits for clients to send probes? Active.
|
