+(65) 8344 4290 Ciscodumps.net@gmail.com Room 907, Block B, Baoneng Entrepreneurship Center, Guangrong Road, Hongqiao District, Tianjin

ThinkMo EDU Share – network 43.Fundamentals of WLAN

蒂娜 No Comments 11/09/2022

ThinkMo EDU Share – network 43.Fundamentals of WLAN

Introduction to WLAN

Wireless local area network – WLAN, refers to a local area network that replaces wired media with wireless signals such as lasers, electromagnetic waves, and infrared rays. Compared with the traditional wired network, the deployment of the wireless network is relatively flexible, and does not accept the limitations of the wired network caused by factors such as network ports. However, the wireless signal is easily affected by various factors, and the stability is slightly worse than that of the wired network.

The protocol currently used by WLAN is the IEEE802.11ax protocol, commonly known as wifi6. IEEE802.11ax is a member of the 802.11 protocol family, and there are 802.11, 802.11b, 802.11g, 802.11n and other protocols in between.

AP classification

There are two types of APs (wireless access points), one is fat AP, also called fat AP, and the other is FIT AP, also called thin AP. The two main differences are whether an AC (wireless controller) is required for onboarding.

A fat AP can be managed autonomously and does not require an AC for management. A home wireless router is a typical example of a fat AP. Thin APs need an AC to manage them and deliver configuration and upgrade information.

There is a wired connection between the AP and the AC, and a wireless connection between the AP and the terminal. There are two ways to access the AC. It can be directly connected to the AP, or it can be connected to the network. The direct connection to the AP causes the data traffic to be forwarded through the AC, which is a great challenge to the performance of the AC. Business traffic separation.

WLAN related terms

BSS: Basic Service Set, which consists of one AP and multiple terminals.

BSSID: Basic service set identifier, used by the device to identify the AP, usually the AP’s MAC address.

SSID: Service set identifier, used for people to identify the AP, usually the wireless name.

ESS: When the SSIDs of multiple APs are the same but the BSSIDs are different, it becomes an extended service set.

VAP: Virtual wireless access point, which can virtualize an AP into multiple APs to achieve different wireless network isolation.

CAPWAP: A wireless access management and configuration protocol, a protocol for establishing communication tunnels and keep-alives between APs and ACs.

WLAN basic configuration

1.AP Online

The AP address can be acquired through static configuration or dynamic DHCP. Generally, the dynamic acquisition method is adopted. Manually configuring the AP address is too cumbersome and difficult to construct.

After the AP dynamically obtains the address, it needs to establish a capwap tunnel with the AC, which is divided into two types: control tunnel and data tunnel. The control tunnel is the exchange of management packets between the AP and the AC, and the data tunnel is the path selection for traffic forwarding. Generally, you can manually specify the address of the AC on the AP, or you can automatically discover the AC, search for the AC through the AP discover request message, and the AC replies with the discover response to confirm.

After the communication tunnel is established, the AP needs to join the AC control node and interact through the join request and join response. After the AC receives the join request, it needs to check whether the AP is allowed to access. There are three authentication methods: MAC address-based authentication, serial number-based authentication, and no authentication.

The AC does not necessarily support access to all AP versions. When the AP version is too low, the version needs to be upgraded, which can be achieved by using image data request and image data response packets.

The AP and AC maintain the connectivity of the data tunnel through the keepalive mechanism, and maintain the connectivity of the control tunnel through the echo request and echo response packets.

In order to allow the AP to join the management of the AC, the AC also needs to specify the source interface of the CAPWAP, add the AP to the AP group, and other information.

2.Service distribution

The AP requests the AC for configuration information by actively sending a configuration status request message. After the AP passes the access check of the AC, the AP sends the configuration information to the A through the configuration status response message.

Configuration profiles mainly include domain management profiles, security profiles, SSID profiles, radio profiles, and VAP profiles.

Different countries use different national management codes. The main information of the security template includes the wireless password, encryption method and encryption algorithm. The main information of the SSID template is the name of the wireless network. The RF template can specify the RF port to be used. The SSID profile, forwarding mode, and service vlan number are referenced in the VAP profile, and then referenced and managed in the AP group, as well as the radio profile and VAP profile.

3.Terminal access

Terminal access needs to go through several stages of scanning, authentication, association, address acquisition and user authentication.

In the scanning phase, that is, the terminal needs to find the wireless name of the AP. This can be scanned by specifying the name, or it can be automatically scanned for no AP.

The authentication phase needs to be the negotiation of the encryption method. At present, the most commonly used authentication method is wap-wap2-psk.

In the association phase, the terminal needs to negotiate information such as rate with the AP and AC.

STAs generally obtain addresses through DHCP.

For user authentication, the entered password must be the same as the password of the corresponding SSID issued by the AC to the AP.

4.Forwarding of services

There are generally two service forwarding modes: forwarding through a tunnel and forwarding directly. Tunnel forwarding means that data traffic must pass through the AC and then forwarded to the outside. Direct forwarding means that data traffic can be forwarded directly without going through the AC. In the tunnel, only control traffic is used. When the AC is bypassed, the direct forwarding mode can be used to reduce the AC. resource consumption.

WLAN basic experiment


Requirement description: management and service are separated, data forwarding does not pass through AC, static route is configured on R1 to point to SW1, management belongs to vlan10, address segment, gateway is on AC, AC configures interface DHCP pool, service belongs to vlan20, address Segment, the gateway is on SW1, and SW1 configures the interface DHCP pool so that STA can ping R1. Between R1 and SW1 belongs to vlan100.

SW1 configuration:


vlan batch 10 20 100


dhcp enable


interface Vlanif20

ip address

dhcp select interface


interface Vlanif100

ip address


interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 10


interface GigabitEthernet0/0/2

port link-type trunk

port trunk pvid vlan 10

port trunk allow-pass vlan 10 20


interface GigabitEthernet0/0/3

port link-type access

port default vlan 100

AC configuration:


vlan batch 10


dhcp enable


interface Vlanif10

ip address

dhcp select interface


interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 10



security-profile name sec

security wpa-wpa2 psk pass-phrase 12345678 aes

ssid-profile name guo

ssid guo

vap-profile name vap

service-vlan vlan-id 20

ssid-profile guo

security-profile sec

regulatory-domain-profile name en

ap auth-mode no-auth

ap-group name aps

regulatory-domain-profile en

radio 0

vap-profile vap wlan 1t

ap-id 0 type-id 56 ap-mac 00e0-fcc4-3400 ap-sn 210235448310E643CE08

ap-name ap1

ap-group aps

R1 configuration:


interface GigabitEthernet0/0/0

ip address


ip route-static

ping test:

There is no ping packet when capturing packets on AC and SW1:

ThinkMo CCNA Dump exam information exchange group:

CCNA/CCNP/CCIE telegram study group:https://t.me/ccie_ei_lab
WAHTAPP:+65 83444290
WAHTAPP:+63 9750724648

ThinkMo CCNA 200-301 Tutorial VIP Exclusive:

The complete EVE_NG file, free learning PDF and PPT that can be used directly, as well as video explaining the technical points are all here!

Post Tags :

Leave a Reply