WLAN Data Forwarding Modes

Issue 02
Date 2020-08-25

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China

Website: https://e.huawei.com

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. i

WLAN Data Forwarding Modes Contents

Contents

1 Introduction.............................................................................................................................. 1
2 Description of Tunnel Forwarding and Direct Forwarding............................................2
3 Changing the Forwarding Mode from Direct to Tunnel................................................ 4
4 Data Forwarding Mode on AP's Wired Interfaces........................................................... 9
5 Continue Reading About WLAN Data Forwarding........................................................11

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. ii

WLAN Data Forwarding Modes 1 Introduction

1 Introduction

Packets transmitted on a WLAN include management packets (control packets)

and data packets (service packets). Management packets are forwarded through
Control And Provisioning of Wireless Access Points (CAPWAP) control tunnels.
Data packets can be forwarded in tunnel, direct, or soft Generic Routing
Encapsulation (GRE) mode, depending on whether they are forwarded through
CAPWAP data tunnels. Tunnel mode is also called centralized mode, and direct
mode is also called local mode.
In actual networking, the direct and tunnel forwarding modes are widely used.
This document describes the differences between the two modes (for other
forwarding modes, see 5 Continue Reading About WLAN Data Forwarding) and
provides instructions for changing the data forwarding mode from direct to tunnel
based on configuration requirements.

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. 1

 2 Description of Tunnel Forwarding and Direct
WLAN Data Forwarding Modes Forwarding

2 Description of Tunnel Forwarding and

Direct Forwarding

In tunnel forwarding mode, APs encapsulate user data packets over a CAPWAP
data tunnel and send them to an AC. The AC then forwards these packets to an
upper-layer network, as shown in Figure 2-1.

Figure 2-1 Tunnel forwarding

In direct forwarding mode, APs forward user data packets to an upper-layer

network without encapsulating them over a CAPWAP data tunnel, as shown in
Figure 2-2.

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. 2

 2 Description of Tunnel Forwarding and Direct
WLAN Data Forwarding Modes Forwarding

Figure 2-2 Direct forwarding

The tunnel or direct forwarding mode can be selected based on networking

requirements. Table 2-1 compares the two forwarding modes.

Table 2-1 Comparing tunnel and direct forwarding modes

Data Advantage Disadvantage
Forwarding
Mode

Tunnel An AC centrally forwards Service data must be forwarded

forwarding data packets, which is by an AC, which is inefficient and
secure and facilitates increases the load on the AC.
centralized management
and control. New devices
can be easily deployed and
configured, with small
changes to the network.

Direct Service data does not need Service data cannot be centrally
forwarding to be forwarded by an AC, managed or controlled. New
which is efficient and device deployment causes great
reduces the load on the AC. changes to the network.

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. 3

 3 Changing the Forwarding Mode from Direct to
WLAN Data Forwarding Modes Tunnel

3 Changing the Forwarding Mode from

Direct to Tunnel

The following describes how to change the forwarding mode from direct to tunnel
to adapt to user requirement changes.
The configurations for the two forwarding modes are provided in this section,
allowing you to change the forwarding mode as required.

Reconfiguration Rules
To change the forwarding mode, adjust the management VLAN and service VLAN
on each interface in addition to changing the forwarding mode on a VAP. The
VLAN configurations in different forwarding modes are described as follows:
● In direct forwarding mode, it is recommended that different VLANs be used as
the management VLAN and service VLAN. Otherwise, service interruption
may occur. If a VLAN is configured as both the management VLAN and
service VLAN, and the port connecting a switch to an AP has the
management VLAN ID as the PVID, downstream packets in the service VLAN
are terminated when going out from the switch. In this case, services are
interrupted.
● In tunnel forwarding mode, the management VLAN and service VLAN must
be different. Otherwise, MAC address flapping will occur, leading to a packet
forwarding error. The network between the AC and APs needs to permit only
packets carrying the management VLAN tag and deny packets carrying the
service VLAN tag.

Changing the Forwarding Mode from Direct to Tunnel (AC Bypass Mode)
On a network shown in Figure 3-1, the AC is attached to Switch2 in bypass mode.
In direct forwarding mode, data packets pass through the AP, Switch1, and
Switch2 to reach the upper-layer network, without passing through the AC over
the CAPWAP tunnel. In contrast, management packets are forwarded through the
AC over the CAPWAP tunnel.
After the forwarding mode is changed to tunnel forwarding, the data packets are
forwarded to the AC over the CAPWAP tunnel, passing through the AP, Switch1,
and Switch2. During this process, the data packets are tagged with VLAN 100 (the

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. 4

 3 Changing the Forwarding Mode from Direct to
WLAN Data Forwarding Modes Tunnel

management VLAN). When receiving the data packets, the AC decapsulates them,
removes the VLAN tag, and forwards the packets to the upper-layer network
through Switch2. In tunnel forwarding mode, management packets are still
transmitted over the CAPWAP tunnel.

Figure 3-1 AC bypass mode

On this network, Switch2 is configured as a DHCP server for APs and STAs. Table
3-1 lists configuration differences between tunnel forwarding and direct
forwarding.

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. 5

 3 Changing the Forwarding Mode from Direct to
WLAN Data Forwarding Modes Tunnel

Table 3-1 Configuration differences between tunnel forwarding and direct

forwarding (AC bypass mode)
Net Direct Forwarding Tunnel Forwarding
wo
rk
De
vic
e

AC Configuration before the change Configuration after the change

# #
interface GigabitEthernet0/0/1 interface GigabitEthernet0/0/1
port link-type trunk port link-type trunk
port trunk pvid vlan 100 port trunk pvid vlan 100
port trunk allow-pass vlan 100 port trunk allow-pass vlan 100 101 //Add
# GE0/0/1 to the service VLAN 101.
wlan #
vap-profile name wlan-net wlan
forward-mode direct-forward //This is the vap-profile name wlan-net
default configuration and is not contained in forward-mode tunnel //Change the
the configuration file. forwarding mode on the VAP from direct to
tunnel.

Swi Configuration before the change Configuration after the change

tch # #
interface GigabitEthernet0/0/1 interface GigabitEthernet0/0/1
2 port link-type trunk port link-type trunk
port trunk allow-pass vlan 100 port trunk allow-pass vlan 100 to 101 //Add
# GE0/0/1 to the service VLAN 101.
interface GigabitEthernet0/0/2 #
port link-type trunk interface GigabitEthernet0/0/2
port trunk allow-pass vlan 100 to 101 port link-type trunk
port trunk allow-pass vlan 100 //Delete
GE0/0/2 from the service VLAN 101.

Swi Configuration before the change Configuration after the change

tch # #
interface GigabitEthernet0/0/1 interface GigabitEthernet0/0/1
1 port link-type trunk port link-type trunk
port trunk pvid vlan 100 port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101 port trunk allow-pass vlan 100 //Delete
# GE0/0/1 from the service VLAN 101.
interface GigabitEthernet0/0/2 #
port link-type trunk interface GigabitEthernet0/0/2
port trunk allow-pass vlan 100 to 101 port link-type trunk
port trunk allow-pass vlan 100 //Delete
GE0/0/2 from the service VLAN 101.

NOTE

This example uses Switch2 as a DHCP server for APs and STAs. If another network device is
deployed as the DHCP server, modify the VLAN or route configuration to ensure that APs
and STAs communicate with the DHCP server properly.

Changing the Forwarding Mode from Direct to Tunnel (AC Inline Mode)
On a network shown in Figure 3-2, the AC is deployed in inline mode. In direct
forwarding mode, data packets pass through the AP, Switch1, and Switch2 to
reach the upper-layer network, without passing through the AC over the CAPWAP
tunnel. In contrast, management packets are forwarded over the CAPWAP tunnel.

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. 6

 3 Changing the Forwarding Mode from Direct to
WLAN Data Forwarding Modes Tunnel

After the forwarding mode is changed to tunnel forwarding, the data packets are
forwarded to the AC over the CAPWAP tunnel, passing through the AP and
Switch1. During this process, the data packets are tagged with VLAN 100 (the
management VLAN). When receiving the data packets, the AC decapsulates them,
removes the VLAN tag, and forwards the packets to the upper-layer network. In
tunnel forwarding mode, management packets are still transmitted over the
CAPWAP tunnel.

Figure 3-2 AC inline mode

On this network, the AC is configured as a DHCP server for APs and STAs. Table
3-2 lists configuration differences between tunnel forwarding and direct
forwarding.

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. 7

 3 Changing the Forwarding Mode from Direct to
WLAN Data Forwarding Modes Tunnel

Table 3-2 Configuration differences between tunnel forwarding and direct

forwarding (AC inline mode)
Net Direct Forwarding Tunnel Forwarding
wor
k
Dev
ice

AC Configuration before the change Configuration after the change

# #
interface GigabitEthernet0/0/2 interface GigabitEthernet0/0/2
port link-type trunk port link-type trunk
port trunk allow-pass vlan 100 to 101 port trunk allow-pass vlan 100 //Delete
# GE0/0/2 from the service VLAN 101.
wlan #
vap-profile name wlan-net wlan
forward-mode direct-forward //This is the vap-profile name wlan-net
default configuration and is not contained in forward-mode tunnel //Change the
the configuration file. forwarding mode on the VAP from direct to
tunnel.

Swit Configuration before the change Configuration after the change

ch1 # #
interface GigabitEthernet0/0/1 interface GigabitEthernet0/0/1
port link-type trunk port link-type trunk
port trunk pvid vlan 100 port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101 port trunk allow-pass vlan 100 //Delete
# GE0/0/1 from the service VLAN 101.
interface GigabitEthernet0/0/2 #
port link-type trunk interface GigabitEthernet0/0/2
port trunk allow-pass vlan 100 to 101 port link-type trunk
port trunk allow-pass vlan 100 //Delete
GE0/0/2 from the service VLAN 101.

NOTE

This example uses the AC as a DHCP server for APs and STAs. If another network device is
deployed as the DHCP server, modify the VLAN or route configuration to ensure that APs
and STAs communicate with the DHCP server properly.

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. 8

WLAN Data Forwarding Modes 4 Data Forwarding Mode on AP's Wired Interfaces

4 Data Forwarding Mode on AP's Wired

Interfaces

An AP's wired interface supports tunnel and direct forwarding modes. In tunnel
forwarding mode, after data packets from wired users reach an AP's wired
interface, the AP encapsulates the packets over the CAPWAP tunnel and sends
them to an AC. The AC then forwards these packets to an upper-layer network. In
direct forwarding mode, after data packets from wired users reach an AP's wired
interface, the AP forwards the packets to an upper-layer network without
encapsulating them over a CAPWAP tunnel.

NOTE

AP's wired interfaces support tunnel forwarding since V200R010C00.

In some scenarios, the downlink wired interfaces on an AP connect to wired

terminals, and the AC connected to the AP is configured as the gateway for these
terminals. To forward packets from these terminals to the AC through a CAPWAP
tunnel, configure the tunnel forwarding mode on the AP's wired interfaces.
Pay attention to the following:
● Tunnel forwarding is supported by wired interfaces on only APs working in
endpoint mode.
● Wired interfaces on an AD9431DN-24X do not support tunnel forwarding.
● If user isolation is configured on AP's wired interfaces in tunnel forwarding
mode, unicast packets can be isolated only on APs instead of on the AC.
● In tunnel forwarding mode, configure different VLANs as the management
VLAN and service VLAN on the AP's wired interfaces. Otherwise, a network
loop may occur.
In the following example, the working mode of ETH0 on an AP is set to endpoint
and the data forwarding mode of ETH0 is set to tunnel.
<AC6605> system-view
[AC6605] wlan
[AC6605-wlan-view] ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1] quit
[AC6605-wlan-view] wired-port-profile name wired
[AC6605-wlan-wired-port-wired] mode endpoint
Warning: If the AP goes online through a wired port, the incorrect port mode configuration will cause the
AP to go out of management
. This fault can be recovered only by modifying the configuration on the AP. Continue? [Y/N]:y

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. 9

WLAN Data Forwarding Modes 4 Data Forwarding Mode on AP's Wired Interfaces

[AC6605-wlan-wired-port-wired] forward-mode tunnel

[AC6605-wlan-wired-port-wired] quit
[AC6605-wlan-view] ap-group name ap-group1
[AC6605-wlan-ap-group-ap-group1] wired-port-profile wired ethernet 0

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. 10

WLAN Data Forwarding Modes 5 Continue Reading About WLAN Data Forwarding

5 Continue Reading About WLAN Data

Forwarding

● For implementation of other forwarding modes, see Data Forwarding Mode.

● For VLAN deployment suggestions in different forwarding modes, see VLAN
Deployment Guide for WLAN.

Issue 02 (2020-08-25) Copyright © Huawei Technologies Co., Ltd. 11