The typical network of the S9300 AC is as followed:
Generally, the advantage and disadvantage are as followed:
(1) Direct forwarding:
Advantage: the switch forwards the data directly, it doesn’t have the tunnel cost, the forwarding speed is fast.
Disadvantage: the switches between the AC and AP need to plan service VLAN; the security of the data service is a bit bad.
Restriction: the Layer 2 switch needs to transparently transmit all the VLAN.
(2) Tunnel forwarding:
Advantage: the switches between the AC and AP needn’t to plan service VLAN, the network just includes the management VLAN; all the datagram pass the AC, so that the users can implement to control and filter.
Disadvantage: the data is forwarded by the CAPWAP tunnel, it needs to process the encapsulation and decapsulation progresses, its forwarding speed is slower than the direct forwarding.
Once the data is forwarded after the CAPWAP encapsulation, the security is rather higher.
In addition, in the Layer 3 network, there are some restrictions as followed:
(1) The switch or router where the management IP of the AP is in must support the DHCP Relay, so that the AP can obtain the AC’s address.
(2). The DHCP server which distributing the management IP to the AP needs to support the particular Option segment, such as reporting the IP-list of the AC to the AP through the Option43, or reporting the domain name of the AC to the AP in the DNS mode through the Option15. In the DNS mode, because of the AP’s specification restriction, it supports maximum of 3 DNS servers, so we suggest configuring the DNS list not exceed 3.
Furthermore, we can reduce the occupancy of the VLAN via using the QinQ mode, it’s mostly effective in the condition that the VLAN is used frequently.
When the DHCP of the STA is in the AC, the differences of the configurations are as followed:
(1) whether the service VLAN between the AP and the AC needs to open:
In the direct forwarding mode, the service VLAN between the AP and the AC needs to open, while in the tunnel forwarding mode, the service VLAN between the AP and the AC must not to open (they are connected through the CAPWAP tunnel), or it will lead to the STA CAN’T go online successfully because of the drift problem.
(2). The configuration of the WLAN-ESS virtual interface:
If the service VLAN is the VLAN 100, in the direct forwarding mode, the configuration of the virtual interface is:
port hybrid untagged vlan 100 (obligatory configuration)
While in the tunnel forwarding mode, the configuration of the virtual interface is:
port hybrid pvid vlan 100 (obligatory configuration, while in the direct forwarding mode, it’s optional configuration.)
port hybrid untagged vlan 100 ( obligatory configuration)
dhcp enable (obligatory configuration, however it’s invalid in the direct forwarding mode.)
(3) The differences of the forward-mode in the service-set:
In the direct forwarding mode: direct-forward
In the tunnel forwarding mode: tunnel