After having a look at AP onboarding, let’s now take a look at how client are onboarded in Fabric-enabled Wireless infrastructure. In the below Web Diagram Sequence, we consider a SSID configured with 802.1X security mechanism.
Web Sequence Diagram
Detailed Step-by-Step Process
- Not related to SDA directly, but the first step is to perform 802.11 Authentication & Association;
- AP forwards the L2 authentication to WLC to handle it;
- In the example ISE is used as AAA server and will handle the authentication. Not all steps are detailed as we want to focus on SDA;
- Based on policies configured on ISE and assuming the authentication is successful, ISE will send an Access-Accept message. Optionally ISE can send Fabric related attribute such as SGT or L2VNID (Airespace:Airespace Interface Name=<interface-name>)
- WLC update the client context at the AP level;
- And it will pass the VNID and SGT information, which are either statically configured (through DNAC) or overridden by ISE;
- WLC send a L2 Map-Register to CP with Instance ID (L2VNID) and EID (MAC address);
LISP[MS ]-0: Processing WLC Map-Register for Wireless Client.
LISP[MS ]-0: Received Map-Register mapping record for IID 8196 MAC ac7a.5643.5d06/48 LCAF 2, ttl 1440, action none, authoritative, 1 locator.
LISP[MS ]-0: 10.110.112.65 pri/wei/dID/mID/met=0/0/0/0/4294967295 LpR.
LISP[MS ]-0: Session 10.4.0.10 port 4342: Received reliable message 'wlc registration' for IID 8196 EID ac7a.5643.5d06/48.
LISP[MS ]-0 IID 8196 MAC: Registration ac7a.5643.5d06/48: Found existing registration, updating.
LISP[MS ]-0 IID 8196 MAC: Registration ac7a.5643.5d06/48: Processing WLC [de]registration.
LISP[MS ]-0 IID 8196 MAC: MS EID ac7a.5643.5d06/48: Scheduling WLC mapping notifications to old RLOCs.
LISP[MS ]-0 IID 8196 MAC: MS EID ac7a.5643.5d06/48: Scheduling map notifications for prefix ac7a.5643.5d06.
LISP[MS ]-0 IID 8196 MAC: MS EID ac7a.5643.5d06/48: Scheduling WLC mapping notifications to new RLOCs.
LISP[MS ]-0: Building reliable message 'Registration Refresh' for IID 8196 EID ac7a.5643.5d06/48, refresh not rejected, scope 'specific prefix'.
LISP[MS ]-0: Building reliable message 'WLC Map-Notify' for IID 8196 EID ac7a.5643.5d06.
LISP[MS ]-0 IID 8196 MAC: MS EID ac7a.5643.5d06/48: WLC Map-Notify has 1 MAC, 1 host IP and 22 bytes of WLC opaque data and 0 bytes of reg opaque data.
- CP send a Map-Notifiy or Registration Refresh to FE;
LISP[MOBLT]-0 IID 8196 MAC: ETR MS 10.110.127.10: WLC Map-Notify for EID ac7a.5643.5d06 has 1 Host IP records, TTL=1440.
LISP[MOBLT]-0 IID 8196: WLC pfx ac7a.5643.5d06/48 10.110.127.10: Updated.
LISP[MOBLT]-0 IID 8196: WLC notify ac7a.5643.5d06/48: Scheduled consumer update.
LISP[LCLRG]-0 IID 8196 MAC: ETR MS 10.110.127.10: Built Map-Register, 1 records, first ac7a.5643.5d06 last ac7a.5643.5d06.
LISP[LCLRG]-0 IID 8196 MAC: ETR MS 10.110.127.10: Built AR Map-Register, 1 records, first ac7a.5643.5d06 last ac7a.5643.5d06.
- FE add client MAC in L2 forwarding table and fetch the client policy from ISE based on the client SGT. MAC address table display the following information:
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1029 ac7a.5643.5d06 CP_LEARN Ac0
- Client initiates the DORA process. FE append option 82 and forward the DHCP request to configured DHCP Server(s);
- FE send a Map-Register with IP address of the client;
LISP[MS ]-0: Received Map-Register, 1 record, flags: proxy ID-included.
LISP[MS ]-0: This is a Address Resolution message.
LISP[MS ]-0: Received Map-Register mapping record for IID 8196 Eth-ARP 10.110.32.14/32 LCAF 53, ttl 1440, action none, authoritative, 1 locator.
LISP[MS ]-0: ac7a.5643.5d06 pri/wei/dID/mID/met=1/100/0/0/4294967295 LpR.
LISP[MS ]-0 IID 8196 Eth-ARP: Processing AR registration 10.110.32.14 (4101)-->ac7a.5643.5d06.