4
Copyright © 2011, Juniper Networks, Inc.
APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point
Operational Model
The AX411 access points are managed from branch srX series services gateways, allowing for a simpler, centralized
provisioning model. In particular, the following operations can be performed directly from the srX series gateways.
• Configuration management: The entire configuration for all AX411s are performed within JunOs at the branch
gateway and pushed to the access points using a secure connection to the AX411 device. The Junos Os infrastructure
is used to provide configuration backup and restore, auditing, scripting, role-based authentication, etc.
• Monitoring: Access points are monitored from the services gateway, including the ability to obtain device and
wireless network information from the command-line interface (CLI), J-Web software, or sNMP.
• device maintenance: device maintenance support includes firmware upgrades.
When an access point is connected to a branch gateway for the first time, it requests an IP address using the dynamic
host Configuration Protocol (dhCP). After obtaining an IP address, a registration protocol is used to exchange
configuration and status information between the devices.
The srX series gateway uses the media access control (MAC) address received in the registration messages to identify
each access point. The advantage of using this approach is that access points can be connected to any port or given
any IP address while still being correctly identified since MAC addresses are fixed.
Internet Control Message Protocol (ICMP) is used as a “keepalive” protocol between each access point and the srX
series gateway. If an access point detects a failure, it automatically stops broadcasting any service set identifier (ssId)
that it has configured, thus allowing the client stations to associate to a different access point and circumvent the failure.
Access points can be managed in two different modes.
• Layer 2 management mode
• Layer 3 management mode
L2 Management Mode
The default and most common mode is to connect all access points to the same L2 network. A single routed VLAN
interface (rVI) is configured per VLAN, which is used as the default gateway for the VLAN. This rVI is then added to a
security zone. Access point to access point traffic can be forwarded at L2. The gateway can do so at line rate, without
the need to inspect such traffic. Traffic from wireless nodes connected to the access point will be inspected by the
srX security gateway. In this configuration the srX acts as a dhCP server for the VLAN, and both APs and wireless
endpoints obtain their IP address from this dhCP scope.
Figure 1: L2 management mode
OFFICE
Client
INTERNET
vlan.0
192.168.1.1/24
DHCP
Handles out addresses in the 192.168.1.0/24
Ports
All access point facing ports are connected to interfaces
in switching mode and associated to the default vlan
SRX
Series
