Table of Contents
Advertisement
Overview of the Controller, Access Points, and WM software solution
In the Controller, Access Points, and WM software system, network access policy is carried out by
means of packet filtering within a WM-AD.
In the Summit WM Controller user interface, you set up a packet filtering policy by defining a set of
hierarchical rules that allow or deny traffic to specific IP addresses, IP address ranges, or service ports.
The sequence and hierarchy of these filtering rules must be carefully designed based on your enterprise
user access plan.
The authentication technique selected determines how filtering is carried out:
If authentication is by SSID and Captive Portal, a non-authenticated filter allows all users to get as
far as the Captive Portal Web page, where logon authentication occurs. When authentication is
returned, then filters are applied, based on user ID and permissions.
If authentication is by AAA (802.1X), users have logged on and have been authenticated before being
assigned an IP address. When authentication is completed, the authenticated filter is assigned by
default unless a more user-specific filter is returned or indicated by the authentication mechanism.
The characteristics and level of access for a filter are controlled and defined by the system
administrator.
Mobility and roaming
In typical configurations that are not Summit WM, APs are setup as bridges that bridge wireless traffic
to the local subnet. In bridging configurations, the user obtains an IP address from the same subnet as
the AP. If the user roams within APs on the same subnet, it is able to keep using the same IP address.
However, if the user roams to another AP outside of that subnet, its IP address is no longer valid. The
user's client device must recognize that the IP address it has is no longer valid and re-negotiate a new
one on the new subnet. The protocol does not mandate any action on the user. The recovery procedure
is entirely client dependent. Some clients automatically attempt to obtain a new address on roam (which
affects roaming latency), while others will hold on to their IP address. This loss of IP address continuity
seriously affects the client's experience in the network, because in some cases it can take minutes for a
new address to be negotiated.
The Controller, Access Points, and WM software solution centralizes the user's network point of
presence, therefore abstracting and decoupling the user's IP address assignment from that of the APs
location subnet. That means that the user is able to roam across any AP without loosing its own IP
address, regardless of the subnet on which the serving APs are deployed.
In addition, a Summit WM Controller can learn about other Summit WM Controllers on the network
and then exchange client session information. This enables a wireless device user to roam seamlessly
between different Wireless APs on different Summit WM Controllers.
Network availability
The Controller, Access Points, and WM software provides availability against Altitude AP outages,
Summit WM Controller outages, and even network outages. The Summit WM Controller (WM20/
WM200/2000 platforms) in a VLAN bridged WM-AD can potentially allow the user to retain the IP
address in a failover scenario, if the WM-AD/VLAN is common to both controllers. For example,
availability is provided by defining a paired controller configuration by which each peer can act as the
backup controller for the other's APs. APs in one controller are allowed to failover and register with the
alternate controller.
If a Summit WM Controller fails, all of its associated Wireless APs can automatically switch over to
another Summit WM Controller that has been defined as the secondary or backup Summit WM
24
Summit WM User Guide, Software Version 5.3
Advertisement
Table of Contents
