De Facto WLAN System Architecture
3GPP WLAN interworking architecture design work is focused on the interworking functionality between 3GPP and WLAN systems. To achieve a 3GPP-WLAN interworking architecture that is widely adopted, it is imperative to use the existing de facto WLAN access equipment.
Unlike the 3GPP system architecture, there is no existing formal standard for a WLAN access network architecture or for a typical public access WLAN system. The WLAN system shown in Figure 22.4 enables IP connectivity between the WLAN terminal and IP networks over its WLAN interface.
Figure 22.4 A de facto WLAN system.
A dynamic host configuration protocol (DHCP) server is needed to facilitate configuration of the WLAN terminal's IP stack. A domain name server (DNS) resolves Internet fully qualified domain name (FQDN) addresses into IP addresses. A Gateway (GW)/network address and port translation (NAPT) is a gateway toward external IP networks such as the Internet. The GW usually also performs IP network address and port translations to enable the WLAN access network operator to use private-space IP addresses inside the WLAN system and enable access to services available outside IP networks at the same time.
An hyper text transfer protocol (HTTP) server may offer local application-level service for accessing users. Accounting data is processed in the billing system server. The local services server is a general box covering services at IP level or above, such as mail servers and local web content. Network management takes care of the management of all network elements at all layers. It is instrumental in network configuration and monitoring.
The WLAN terminal is typically a laptop computer or a personal digital assistant (PDA) with a built-in WLAN module or a PCMCIA WLAN card. The WLAN AP is mostly a layer 2 bridge between IEEE 802.11 and the Ethernet. The AP can also support IEEE 802.11i/802.1X functionality, in which case it is also a remote authentication dial-in user service (RADIUS) client toward the fixed network and performs radio link encryption toward the WLAN terminal.
Access points are attached to layer 2 distribution networks such as a switched Ethernet subnet. The layer 2 distribution network may also provide intra-subnet mobility for WLAN terminals. The layer 2 distribution network enables layer 2 connectivity toward the first IP routing device, the access router (AR). The basic function of AR is to route user IP packets.
Authentication and authorization is one basic prerequisite for providing IP connectivity and other services via a WLAN system. To realize these functions, an authentication, authorization, and accounting (AAA) server and user database are required. An AAA server is typically the RADIUS server used for a WLAN system. The subscribers' user identities such as login names, shared secrets like passwords, and user profiles are stored in the database. The database is accessed from the AAA server over the IP backbone network using lightweight directory access protocol (LDAP) as the de facto standard.
Legacy authentication and authorization is performed using Web browsers. When the user initiates Web browser, its first request is redirected into a WLAN system HTTP server and a landing Web page is displayed. The user is prompted to enter a login name and password. The password can be static, limited time, or even generated ad hoc (using, e.g., Security ID technology). Similarly, users can be prompted to enter their credit card number and pay for the connection without establishing a more lasting relationship with the WLAN system operator.
It is also possible to establish a roaming relationship between WLAN systems. Roaming enables a user of a WLAN system to connect to another WLAN system. In this case, the AAA functions are still provided by the user's own WLAN system, while actual WLAN access is provided by other WLAN systems.