FAQ-What Are WLAN Reliability Features

Publication Date:  2015-06-16 Views:  173 Downloads:  0
Issue Description
What Are WLAN Reliability Features?
Solution
AC+FIT AP

Dual link mechanism

To improve AC reliability, two ACs can be deployed to implemented dual-link backup. When the active AC fails or the CAPWAP tunnel between an AP and the active AC fails, service traffic of the AP can be switched to the standby AC to ensure uninterrupted service transmission for wireless users. Attack defense measures that are used on wired networks can also be used on WLANs to improve reliability of WLAN service servers and clients.

Hot Standby Backup (HSB) mechanism

HSB supports batch backup and real-time synchronization between active and standby ACs. When the active AC fails, service traffic is immediately switched to the standby AC without interrupting services. This improves connection availability. HSB can fast detect whether the active AC is faulty so that the standby AC can become the new active AC in a timely manner. This function ensures user service continuity.

WLAN service protection mechanisms: IP source guard (IPSG), DHCP snooping, statically configured MAC-IP table, and dynamic ARP inspection (DAI)

IPSG: This function defends against IP packet attacks by filtering out packets with forged IP addresses.

DHCP snooping: MAC-IP entries are dynamically generated and MAC-IP entries are reported to the AC. DHCP snooping protects WLAN servers and clients against attacks from ARP, IP, or
DHCP packets with forged IP and MAC addresses.

Statically configured MAC-IP table: Only administrators can configure static IP addresses. Users using static IP addresses can connect to the network only after their MAC addresses are bound to the static IP addresses by administrators. Packets whose MAC addresses and IP addresses do not match are considered as invalid packets and are discarded.

DAI: It is an ARP security technology that intercepts ARP packets, discards ARP packets that do not match the DHCP snooping binding table, and records ARP attack logs. DAI can also limit the rate of ARP packets. DAI protects a device from ARP snooping attacks and prevents errors in the ARP cache table.

FAT AP

WLAN service protection mechanisms: IP source guard (IPSG), DHCP snooping, statically configured MAC-IP table, and dynamic ARP inspection (DAI)

IPSG: This function defends against IP packet attacks by filtering out packets with forged IP addresses.

DHCP snooping: MAC-IP entries are dynamically generated and MAC-IP entries are reported to the AC. DHCP snooping protects WLAN servers and clients against attacks from ARP, IP, or DHCP packets with forged IP and MAC addresses.

Statically configured MAC-IP table: Only administrators can configure static IP addresses. Users using static IP addresses can connect to the network only after their MAC addresses are bound to the static IP addresses by administrators. Packets whose MAC addresses and IP addresses do not match are considered as invalid packets and are discarded.

DAI: It is an ARP security technology that intercepts ARP packets, discards ARP packets that do not match the DHCP snooping binding table, and records ARP attack logs. DAI can also limit the rate of ARP packets. DAI protects a device from ARP snooping attacks and prevents errors in the ARP cache table.

END