SD-Access Wireless Traffic Flow

SD-Access Wireless Traffic Flow

SD-Access Wireless basic Operation

In this section we will learn the basic operation of SD-Access Wireless infrastructure, while we configure the infrastructure via DNAC. What happens behind the scene of DNAC.

Adding WLC to fabric:

In DNAC, we do first Provisioning and then try to add WLC to fabric domain.

Fabric Configuration is now pushed to WLC, here WLC will know that Fabric infrastructure is available , here in this step ,WLC will also configured with credential to establish a secure connection to fabric control plane.

Now WLC is ready to participate in SD-Access Wireless.

AP Join traffic Flow:

• Admin will configure AP subnet in DNAC in the INFRA-VN, Doing so DNAC will pre-provision AP VLAN and will also pre-provision related port macros on Fabric Edge switch.
• Once AP will be powered UP and is connected, FE will soon discovers via CDP that it is AP and applies that configuration macros to that port and assign that switch port to right VLAN.
• Now AP will get the address via DHCP and AP will act as Special Wired host to Fabric.

Note:  In DNAC 1.1 version, CDP macro is pushed only when “No Authentication “switchport template is selected during Host onboarding and configuration.

Client On-boarding Flow:

Here we will see how Clients are on-boarded on SD-Access fabric.

• Once Client select the desired SSID, Clients authenticates to fabric enabled WLAN, WLC gets client SGT from ISE, assuming that WLAN is configured with 802.1X authentication. Here WLC will now updates the AP about client L2VNID and SGT. Now WLC knows RLOC of AP from its internal database, and this is recorder when AP joins to WLC.
• WLC will proxy register Client L2 Information in to CP like SGT etc via LISP modified message to pass additional information.
• CP will notify the FE and adds the Client MAC in L2 forwarding table and fetches policy from ISE based on Client SGT.
• Client will initiates the DHCP request from here
• AP encapsulates this DHCP request in VXLAN with L2 VNI information
• Once packet reaches to FE, FE will map L2 VNI to its associated VLAN and VLAN interface and forwards tis DHCP in overlay using Anycast IP as DHCP relay.
• After this stage, Client will receive the IP address from DHCP
• With DHCP snooping or Client static ARP, Client Information is registered to the HTDB.
• With this Client onboarding process completes.

Client Roaming Traffic Flow:

• Let see Client A is connected to AP1 and now roams to AP2 and this AP2 is connected on FE2. WLC will get notified by AP2 about this movement.
• WLC will now updates the Forwarding table on AP2 with Client Info like SGT , RLOC IP address
• WLC will now updates the L2 MAC entry in CP with new RLOC FE2
• Now CP will now Notifies the FE2 to add Client MAC to forwarding table pointing to VXLAN tunnel
• CP will now notifies to FE1 to clean information about Client A
• CP will also notify fabric Border router to update internal RLOC for this client.
• FE will update L3 entry (IP) in CP upon receiving traffic

CUWN Wireless Over the TOP (OTT)

In this case, Traditional wireless is used on top of SD-Access fabric network. This step is mostly used when customer decides to implement SD first and don’t want to disturb its traditionally Wireless network or want to migrate Wireless network later.

In above,

• Traditional CUWN architecture is used and CAPWAP tunnel for Control plane and data plane which is terminating at WLC
• SDA fabric will be used as transport for communication between AP and WLC

 Wireless LAN controller Interfaces

For both SDA wireless integration modes, below are the WLC interfaces that is used in SD-Access Wireless and OTT

CUWN Wireless OTT Network Design:

Let’s understand what is CUWN OTT mode, in this mode CAPWAP tunnel is created between AP and WLC as a overlay means Fabric transport is used for CAPWAP tunnel.