Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Bridge Forwarding Mode
When bridge traffic forwarding is configured in a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. or downlink-wired port profile, the client traffic is directly forwarded out of the APs uplink ports. From the AP uplink ports, the traffic is directed onto the access switching layer with an appropriate 802.1Q 802.1Q is an IEEE standard that enables the use of VLANs on an Ethernet network. 802.1Q supports VLAN tagging. VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. tag. To support bridge forwarding, the APs management and bridged user VLANs are extended from the access switching layer to the APs uplink ports. Each bridged client is assigned a VLAN that is 802.1Q tagged out of the APs uplink port. As a recommended security best practice, no bridged clients should be assigned to the AP management VLAN.
For example, in the bridge forwarding deployment below, the AP management VLAN (not shown) and bridged user VLANs 76 and 79 are extended from the access switching layer to the hospitality AP, which services wired and wireless clients. The WLAN client is assigned VLAN 76, while the wired client is assigned VLAN 79. The core or aggregation switch has IP interfaces and IP helper addresses defined for each VLAN and is the default gateway for each VLAN.
Figure 1 Bridge Forwarding Deployment
Scaling
The total number of APs and bridged clients that can be supported across shared management and user VLANs will also influence your VLAN and IP network design. Broadcast or multicast frames and packets are normal in IP networks and are used by both APs and clients to function. The higher the number of active hosts connected to a given VLAN, the higher the quantity and frequency of broadcast or multicast frames and packets flooded over the VLAN. As broadcast or multicast frames are flooded, they must be received and processed by all active hosts in the VLAN.
When bridge forwarding mode is deployed, HPE Aruba Networking validated that we can support a maximum of 500 APs and 5,000 bridged clients across all shared management and user VLANs. The total number of APs in a shared management VLAN cannot exceed 500, and the total number of clients across all bridged user VLANs cannot exceed 5,000.
When scaling beyond 500 APs and 5,000 clients is required for a deployment within a building or campus, two design options are available:
-
A cluster of gateways can be deployed with centralized user VLANs that offer higher scaling and seamless mobility.
-
Multiple instances of 500 APs and 5,000 clients can be strategically deployed where the AP management and user VLANs for each instance are layer 3 separated. That is, implement separate broadcast domains.
If gateways are not an option, with careful planning and design, multiple instances of APs can be deployed where the AP management and user VLANs for each instance of APs connect to separate IP networks, providing scaling. Each instance of APs and clients are limited to a floor, building, or colocated buildings, as needed. No limit is present on how many instances of 500 APs and 5,000 clients you can deploy, as long as each instance of APs and clients are layer 3 separated from other instances. The VLAN IDs used by each instance of APs and clients can be common to simplify configuration and operations, but the IP networks for each instance must be unique.
Types of Roaming
The following are the types of roaming present in the bridge forwarding mode.
Seamless Roaming
To provide the best possible experience for bridged clients and their applications, the AP management and user VLANs are extended between APs that establish common RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. coverage areas within a building or floor. The AP management and bridged user VLANs are shared between the APs and allocated a specific IP network based on the number of hosts each VLAN needs to support.
Clients roaming between APs sharing VLANs are able to maintain their VLAN assignment, IP addresses, and default gateway after a roam. This phenomenon is often referred to as seamless roam, as it is the least disruptive to applications. The roam can be a fast roam or a slow roam, depending on the WLAN profile configuration and capabilities of the client.
Hard Roaming
A bridged forwarding implementation is still possible, but at the expense of application and user experience when scaling without gateways is necessary or the LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. design prevents VLANs and IP networks from being extended across APs across buildings or floors.
In a few situations, extending VLANs and their IP networks between APs in larger deployments is not possible, such as within a building or between buildings. The LAN design may include intentional layer 3 boundaries within the distribution switching layer that prevent VLANs and their associated IP networks from extending between access layer switches servicing buildings or floors. Access layer switches configured for routed access will also prevent VLANs and IP networks extending between wiring closets within a building or floor.
When a client device roams between APs separated by a layer 3 device, a hard roam is performed as the client’s broadcast domain membership changes. While the APs in each building or floor may implement the same management and user VLAN IDs, the associated IP networks will be unique for each. Clients roaming between APs separated across a layer 3 device will require a new IP address and a default gateway to be assigned after the roam. While modern clients are able to obtain new IP addresses to accommodate the IP network change, the transition between IP networks will impact active applications as the source IP addresses of the clients will change after a hard roam.
MAC Address Learning
When bridge forwarding is enabled, client traffic is forwarded out of the AP uplink ports on the assigned VLAN to the access switching layer. Using normal layer 2 learning, all the layer 2 devices that participate in the VLAN will learn each bridged client MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address. Each bridged client’s MAC address is initially learned from DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. and ARP Address Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. broadcast messages transmitted by each client during association, authentication, and roaming. Each switch that participates in the VLAN will either learn a bridged client’s MAC address from a switch port that is connected to the AP where the client is attached or from its uplink or downlink port connecting to a peer switch.