Unified Wired & Wireless Access System
Deployment Guide
Product Model: DWS-3000 Series, DWLVersion 1.0
3500AP/8500AP
Introduction
This document is to provide an overview of the variety of ways in which D-Link’s wireless
solution can be deployed by customers. It would also point out a few pointers to be kept
in mind either as limitations or cautions to be taken while deploying the solution in a
customer environment.
There are 3 unique features that D-Link’s solution has which can be taken advantage of
while proposing our solution in competition to other vendors based on the unique needs
a customer’s network may have.
1. Our solution can be deployed either as an Overlay Device (also called a Wireless
Controller) or as an Edge Device that can leverage all the traditional wired
functionality built into our switch.
2. Support for Peer Switches – Up to 4 Peer Switches can be supported in the
same Wireless Domain with each of the Switches capable of managing 48
Access Points effectively enabling the network scale to a maximum of 192 APs.
This Unified Access System can manage up to 2000 wireless clients
simultaneously making it suitable for large-scale deployments.
3. When the Access Points are in different IP subnets, the clients can still roam
seamlessly across the access points with a feature called L3 Fast Roaming. This
feature is mainly intended for Wireless VoIP communication using wi-fi phones
and other such devices which require the clients to maintain their IP addresses
even as they roam within the wireless domain. This is accomplished by the
Tunneled Data Forwarding mode that is supported by the solution.
Deployment Scenarios
Given below are some of the typical deployments Deployment Scenario 1 – WS and AP are in the same subnet:
This deployment may consist of a single or multiple WLAN Switches at the edge
connected together in the same VLAN (subnet), and the APs are either directly
connected or connected over a unmanaged switch. In other words, there are no subnet
boundaries to cross between the APs and between the APs and WSs.
This
configuration does not require L3 tunneling to accomplish seamless roaming. Each
“service” (or VAP) is separated by VLANs and can have different security
configurations. In this configuration, the “network” management interface address can
be used as the only IP address on the switch and is used as the WLAN component IP
address. Therefore static address can be used on the APs on the same subnet as the
“network” IP. If DHCP is used, ensure that the APs have a route to the network IP
address of the WLAN Switch.
Scenario 1
Diagram
WS1
10.90.90.90/8
SSID:
Guest Network
AP1 10.90.90.91/8
Seamless Roaming
CL1
SSID:
Guest Network
AP2 10.90.90.92/8
Deployment Scenario 2 - WS and AP are in different subnets (port-based routing):
This deployment consists of a single WLAN switch connected to a L3 device
(router). APs are connected to the core with port-based routing. This configuration does
require L3 tunneling to accomplish seamless roaming across APs connected to different
L3 only ports on the core. Consider the MTU issue, services that require fast L3
roaming will need to be configured as L3 Tunneled VAPs to allow subnet roaming –
these services will be affected by the MTU issue in that either the MTU configuration of
the physical interfaces between the APs and the WLAN Switch must be increased by 20
bytes (or the client MTU decreased by 20 bytes), or the service must be expected to
transmit “smaller” sized packets. Services that do not require fast roaming across L3
boundaries can be configured to non-Tunneling in which case the MTU issue is not
observed for those services. If all devices in the network support increasing the MTU
size, and this are feasible to do, then all of the services can be configured for Tunneling
without any problems and fast roaming will be possible for all services.
Scenario 2
L3 Device
WS1
SSID:
Guest Network: VLAN 100
Employee: VLAN 200
Voice: VLAN 7 (L3 tunneling)
AP1 192.168.20.x
SSID:
Guest Network: VLAN 100
Employee: VLAN 200
Voice: VLAN 7 (L3 tunneling)
AP2 192.168.30.x
Seamless Roaming
Deployment Scenario 3 - WS and AP are in different subnets (vlan-based routing):
This deployment consists of a single WLAN switch connected to a L2/3 device, and APs
are connected to the core with VLAN-based routing (ensure that VLANs are properly
set). This configuration does not require L3 tunneling to accomplish seamless roaming If
the 802.1Q VLAN has been configured in customer’s environment. In other words,
through using VLAN Routing, you can spread VLANs across the network such that each
VLAN has a path between each of the APs in the network.
Scenario 3
L2/3 Device
WS
VLAN 7/20/100/200
VLAN 7/30/100/200
SSID:
Guest Network: VLAN 100
Employee: VLAN 200
Voice: VLAN 7 (L3 tunneling)
AP1 192.168.20.x
SSID:
Guest Network: VLAN 100
Employee: VLAN 200
Voice: VLAN 7 (L3 tunneling)
AP2 192.168.30.x
Seamless Roaming
Deployment Scenario 4 - L3 Edge Peers:
This deployment consists of multiple WLAN switches connected to a L3 core. APs are
either directly connected to the WLAN switch or over a L2 or L3 device. This
configuration does require L3 tunneling to accomplish seamless roaming. When
Tunneling is used, an extra 20 bytes are added in the headers for encapsulation. To
support these larger frames, you can increase the MTU size on all intermediate ports
and WLAN switch ports. However, if you use tunneling only for IP telephony, or if the
MTU size on all wireless clients can be set to 1480, you do not need to increase the
MTU size in the network.
Scenario 4
WS
Across L3 Network
L3 Device
WS
Network IP: 172.17.7.254
Loopback: 192.168.15.254
L3 Tunnel: 192.168.250.253
172.17.6.0/24
Network IP: 10.90.90.90
Loopback: 192.168.10.254
L3 Tunnel: 192.168.250.254
AP2
172.17.7.x
172.17.5.0/24
Radius Server
10.90.90.100
FTP Server
Audio/Video Server
192.168.250.x
AP1
192.168.20.x
Seamless Roaming
SSID:
L3-Tunnel: 192.168.250.x
CL1
Notes:
1. Where to place the WS & AP? The Access Points need not be directly
connected to the Switch to be managed by it; besides, the wireless switches
need not be directly connected to each other to form a peer network. However, it
is necessary that all the Switches and the Access Points are a part of the same
Local Area Network. In other words, the Wireless Switch can not manage APs
located across a Public Wide Area Network (internet), especially across a NAT
device.
2. About
WPA2
Enterprise
Authentication:
The
solution
also
supports
authenticated fast roaming using WPA2 Enterprise authentication in addition to
other mechanisms. But, this is not currently supported by most of the wireless
voice clients which only support WEP. Moreover, the newer versions of Windows
XP Clients do support WPA2 but demonstrating L3 Fast Roaming with Windows
Clients is not recommended to highlight seamless roaming as Windows Clients
are inherently slow in managing hand-offs.
The Configuration Guide indicates demonstrating roaming between the APs by
powering down one of the APs thus forcing the clients to “roam” to the second
AP. However, it must be noted that this is really a “fail-over” and not really
roaming. In particular, when using WPA2 Enterprise for authentication, when an
AP is powered down and brought back again, it loses the dynamic key
information previously received from the switch causing the client who roams to
that switch to re-authenticate itself from the Radius server. Although, none of
these induced delays are more than a few milli-seconds and users would only
see the loss of one ping, it must be pointed out that in real roaming under these
delays would not exist. In the lab testing, we have recorded clients roaming with
a hand-off time of 23 milli-seconds which is too quick to be noticed by a user.