Data Forwarding Mode

Data on a WLAN involves control packets (management packets) and data packets. Control packets are forwarded through CAPWAP control tunnels. Data packets are forwarded in tunnel forwarding (centralized forwarding), direct forwarding (local forwarding), or soft GRE forwarding mode.

Tunnel Forwarding

In tunnel forwarding mode, APs encapsulate user data packets over a CAPWAP data tunnel and send them to an AC. The AC then forwards these packets to an upper-layer network, as shown in Figure 1.

Figure 1 Tunnel forwarding

Direct Forwarding

In direct forwarding mode, an AP directly forwards user data packets to an upper-layer network without encapsulating them over a CAPWAP tunnel, as shown in Figure 2.

Figure 2 Direct forwarding

Centralized Authentication in Direct Forwarding Mode

If direct forwarding is used, service data does not need to be forwarded by an AC. When user access authentication (for example, 802.1X authentication) is required on a wireless user access network and the access control point is deployed on an AC, user authentication packets cannot be managed by the AC in a centralized manner. This makes controlling users in a uniform manner difficult. In direct forwarding mode, user authentication packets can be forwarded to the AC over the CAPWAP tunnel, as shown in Figure 3.

Figure 3 Centralized authentication in direct forwarding mode

Soft GRE Forwarding

When carriers need to deploy a WLAN using the open security policy on the live network, they require that the legacy BRAS devices implement authentication and accounting for wireless users. The soft GRE forwarding mode allows a BRAS device to perform Portal or MAC address authentication, achieving unified authentication and accounting for wired and wireless users. In such scenarios, the AC is usually connected to the network in bypass mode and is only responsible for AP management and wireless service configuration. The AP forwards data packets from wireless users to BRAS devices over soft GRE tunnels. The BRAS devices then forwards the packets to upstream network devices.

Figure 4 shows how data packets are forwarded in soft GRE forwarding mode.

Figure 4 Soft GRE forwarding

Comparison of Tunnel Forwarding, Direct Forwarding, and Soft GRE Forwarding

**Table 1** Comparison of tunnel forwarding, direct forwarding, and soft GRE forwarding
Data Forwarding Mode	Advantage	Disadvantage
Tunnel forwarding	An AC forwards data packets in a centralized manner, ensuring security and facilitating centralized management and control.	Service data must be forwarded by an AC, reducing packet forwarding efficiency and burdening the AC.
Direct forwarding	Service data packets do not need to be forwarded by an AC, improving packet forwarding efficiency and reducing the burden on the AC.	Service data packets cannot be centrally managed or controlled.
Soft GRE forwarding	In wired and wireless convergence, and centralized user authentication scenarios, data packets are forwarded to a convergence gateway through a soft GRE tunnel, without passing through an AC. This forwarding mode improves packet forwarding efficiency and reducing the burden on the AC.	Service data must be forwarded by a convergence gateway, burdening the gateway. The packet forwarding efficiency is lower than that in direct forwarding mode.