Uninterrupted AP Operation After CAPWAP Link Disconnection
In a scenario that uses direct forwarding and AC+Fit AP architecture, the AP and AC must establish a CAWAP tunnel for control packet forwarding before a STA connects to the Internet through WLAN. When the CAPWAP tunnel is faulty, the AP cannot forward data packets, online users on the AP are forcibly disconnected from the AP, and new users cannot connect to the AP. These problems negatively affect user experience. To solve these problems, enable the AP to hold services and grant new users access permission after the CAPWAP link is disconnected.
Service holding upon CAPWAP link disconnection
After the service holding function is enabled, the AP can still forward data packets when the CAPWAP tunnel is faulty. This function ensures uninterrupted data service transmission in direct forwarding mode, reducing loss for users and improving service reliability.
User access permission after CAPWAP link disconnection
The service holding function takes effect only for online users but not for offline users. Under normal circumstances, offline users are not allowed to go online when the CAPWAP link is broken.
When the function that allows user access after CAPWAP link disconnection is enabled, the AP allows offline users to go online and access the network. After the broken CAPWAP link is restored, the AP forces all the STAs that have gone online during CAPWAP link disconnection to go offline. The AP then automatically reassociates with the STAs and reports information about the STAs through logs.
This function takes effect only when the WLAN uses open system authentication, pre-shared key authentication, or WPA/WPA2–PSK authentication.
This function allows all the users that enter the correct key to go online. The STA whitelist and blacklist configured on the AC do not take effect after the CAPWAP link is broken.
When the function that allows user access after CAPWAP link disconnection is disabled, STA association and key negotiation are performed between the AC and STA. After this function is enabled, STA authentication, association, and key negotiation are performed between the AP and STA. The different processes for association and authentication are shown in Figure 4-20.
