Sie sind auf Seite 1von 2

A P P L I C A T I o n

n o T E

Business Class Hotspots with L2TP

While users enjoy the proliferation of Wi-Fi in hotspots, the distributed nature of these locations can cause problems for broadband providers. First, providers must deliver consistent access policies and user experience across all locations. This may include various authentication schemes, a selection of free services, and a user interface that protects the providers brand name while allowing for delivery of dynamic content. The management overhead of updating policies across distributed access points can be costly and is often error prone. Second, service providers are obligated to monitor and restrict user activity in order to prevent malicious use of the network. This includes restrictions on outgoing and incoming traffic to prevent attackers from using the network. With major concerns around terrorists and criminals using the Internet, service providers may be subpoenaed to monitor and report specific user activities, according to CALEA requirements. Ruckus Wireless has solved these problems by implementing transparent bridging through the use of L2TP tunnelling. By tunnelling traffic from a Ruckus AP to a centralized data center, access controllers with policy enforcement software apply rules and services in a cost-effective manner. In a typical hotspot implementation these rules include a captive portal to authenticate users credentials.

L2TP tunnel bridges Wi-Fi clients onto carrier network Ethernet packets tunneled using BCP/PPP/L2TP MAC addresses visible to broadband provider allowing

device authentication
Consistent access policies and user experience

Monitor and restrict user activity to prevent malicious

use of network
IP addresses can be allocated by centralized DHCP

Ability to transport VLAn tags allows different policies

to be applied to each SSID

Single L2TP tunnel simplifies operation and manage-

ment overhead
QoS policies enforced at the edge to maximize perfor-

mance and enable multimedia services

RFC 1661 PPP RFC 2661 L2TP RFC 3518 PPP/BCP

Typical network architecture utilizing L2TP for centralized service enforcement

ZoneFlex AP


L2TP Internet or L3 IP Network

AAA Server

Access Controller

L2TP Network Server (LNS)


Provider NOC / Data Center

ZoneFlex AP


Business Class Hotspots with L2TP

This same architecture is extensively used at the edge of wired networks by providers offering Internet connections to subscribers using broadband access technology. Commercially proven L2TP network Servers (LnS), devices that aggregate and terminate tunnels at the core of the network, are widely available to address the need of small networks with only few hundred tunnels and very large networks with hundreds of thousands of tunnels. In some cases, vendors have integrated the LnS functionality within access controllers, particularly for large scale networks. The L2TP tunnel also provides great flexibility in terms of network topology as the tunnel may traverse any Layer-3 network, including the Internet. The Ruckus AP uniquely functions as a remote bridge. As such, it forwards traffic into PPP sessions over the L2TP (Layer 2 Tunnelling Protocol) tunnel, using the Bridge Control Protocol (RC-3518).

Application Note

Unlike other tunnel solutions, this implementation ensures that the operator has complete visibility into MAC addresses of users, as individual Wi-Fi clients are essentially placed (bridged) onto the ISPs core network. This visibility is crucial, as MAC addresses are frequently used to grant access to the network. Bridging using BCP also allows the operator to control IP address allocation from a central DHCP server. The tunnelling feature augments the traffic handling features already available in the Ruckus access points. To maximize performance and enable multimedia services, QoS policies can be enforced as close to the edge as possible, even when using L2TP to tunnel traffic. Using Ruckus SmartCast QoS technology, Ruckus APs automatically classify and prioritize voice and video traffic without any central configuration. now hotspot operators can offer voice-over-Wi-Fi (Vo-Fi) services alongside streaming video and general purpose Internet access, delivering the best user experience possible.

VLAN tags and MAC addresses across an L2TP tunnel acting as a transparent bridge

08:00:69:02:01:FC 00:13:02:9A:9C:CF 08:00:69:02:01:FC 00:60:97:48:12:F9 00:13:02:9A:9C:CF








Ruckus Wireless, Inc. 880 West Maude Avenue, Suite 101, Sunnyvale, CA 94085 USA

(650) 265-4200 Ph \ (408) 738-2065 Fx

Copyright 2008, Ruckus Wireless, Inc. All rights reserved. Ruckus Wireless and Ruckus Wireless design are registered in the U.S. Patent and Trademark office. Ruckus Wireless, the Ruckus Wireless logo, BeamFlex, ZoneFlex, MediaFlex, MetroFlex, FlexMaster, ZoneDirector, SpeedFlex, SmartCast, and Ruckus Wireless Site Survey in the SpeedFlex Dynamic PSK are trademarks of Ruckus Wireless, Inc.with United States and other countries. All other trademarks mentioned in this document or website are the property of their respective owners. 805-71750-001 rev 01

w w w . r u c k u s w i r e l e s s Pagem .co 2